debugging of complex 64b targets and proper tools

[cyberbob]

Quote:

Originally Posted by Shub-Nigurrath

For my target for example I needed to break on a specific dll when it was being loaded by the program, but the command supposed to to that simply doesn't work.

strange, I have tested bpdll command under win7 & win8 and it works fine, maybe try using a wildcard e.g. bpdll *your.dll
If that doesn't help I'd be happy to investigate it, just send me PM with target app or link.

Quote:

Originally Posted by Shub-Nigurrath

It's as well impossible to enter into a specific module (like Olly does) to add breakpoints or any other stuff in a specifi portion of code.

you can see loaded dll's in command window then press g in dissasembly window to jump into that module or you can use x (eXamine symbol) command e.g. x user32_* to list exported function to get function addr then set bp on it or disassemble it.

As for Visual DuxDebugger, I'm a bit bias but I think is a hideous piece of software. Current version is 3.9 but it feels like pre-alfa e.g. instead jumps to imports:

JMP [ntdll!RtlExitUserProcess]
JMP [user32!MessageBoxA]

you like see something like this

JMP [RIP+0xf8c]
JMP [RIP+0xf96]

[arlequim]

Ok, i admit you will never like the WinDBG because of its interface and the vast array of commands , but it's surely the most powerful debugger out there for ring0/ring3 debugging. Moreover it can handle tons of stuff that no other debugger can do for you right now, at least under x64 platform until "SoftIce64" will be available Think about this, i am sure it is the best choice, thats why i am spending a bit of time every day to learn it in depth. As for direct patching, Hiew, no doubt

WinDBG is definitely the best option in my experience. You should be able to use the WinDbg engine in IDA now I think as well. WinDbg isn't too bad to get use to, and its powerful and scriptable. Debugging services is simple too, you can set your target to execute in WinDbg when the service starts: http://support.microsoft.com/kb/824344