Exetools  

Go Back   Exetools > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #31  
Old 09-16-2013, 03:29
Zer0Flag Zer0Flag is offline
Friend
 
Join Date: Oct 2010
Posts: 22
Rept. Given: 3
Rept. Rcvd 31 Times in 13 Posts
Thanks Given: 0
Thanks Rcvd at 8 Times in 8 Posts
Zer0Flag Reputation: 31
Code:
###Version 0.1 beta 15
+ fixed a bug which lead to a memory leak when a invalid file was loaded
+ fixed a bug which caused a break when continue was used after a trace
+ fixed a bug which caused problems when scrolling up in disassembler view
+ fixed a bug which returned wrong offset when adding a breakpoint to a wow64 process
+ fixed a bug which did not clean up properly if using the "recent file" menu to debug new process
+ fixed a bug which did not clean up properly if a process terminates in a multiprocess session
+ fixed a bug which did not replace memory breakpoints correctly
+ fixed a bug which did not display the correct source code under certain conditions
+ fixed a bug which did not reload the gui when deleting a patch from patchmanager using hotkey
+ fixed a bug which did not disable trace_stop button when the debuggee terminates while tracing
+ fixed a bug which did not allow breakpoints on int3 instructions
+ fixed a bug which may corrupted the memory breakpoints when a new thread starts
+ fixed a bug which may calculated wrong tls callback offsets
+ added save file dialog to memory dump and patch manager
+ added the correct offsets for loaded module imports in the peeditor
+ added double click handler in trace view, bp manager and patch manager to send a offset to disassembler window
+ added possibility to set nanomite also as wow64 jit debugger
+ added possibility to use Up/Down arrows and PageUp/Down to navigate in disassembler
+ added possibility to create a full process dump
+ added possibility to open function view for selected modules
+ added possibility to restart debugger with admin rights
+ added support for saving patches in dlls
+ added support of multiple tls callbacks
+ added "on execution" and "on write" memory breakpoint types
+ updated function view algorithm
+ updated winapi messagebox to qt

####Notes:
	- The full process dump can be done in detail view -> process tab -> context menu
	- The function view can now be showed also in detail view -> modules tab -> context menu
~Zer0Flag
Reply With Quote
The Following User Gave Reputation+1 to Zer0Flag For This Useful Post:
|roe (09-20-2013)
  #32  
Old 09-18-2013, 00:29
cxj98
 
Posts: n/a
some useful suggestion for next version.

1. Current icons group is too ugly, maybe ture color icon is better for consider.

2. Can you add support font, size can change in each window, after change can save the changing, current size is too smaller, not good for viewing.

3. In disassemble window and in stack view window, when you use mouse to click and drag the scroll bar start scrolling, the scroll bar is not really at scrolling, only code are scrolling there, maybe is a bug?

4. Can you consider add support edit disassemble code immediately with keyboard shortcut key spacebar button or double click in that disassemble code, not use mouse right click and select edit instruction, after edit and can have undo feature with multi-times. also, when right click and select "edit instruction" can you consider quotes origianl byte or disassemble code, not blank input there.

5. When will you support jump line with red arrow in disassemble code like jnz, jle, jge, jnc, jmp and so on, gray color for not inactive jump, red color for active jump. If you use OllyDBG, you will know what I mean.

6. in disassemble window, when you use F8 start step over, you will see only offset are pink hyperlight colour there, but include OpCodes, Mnemonics, comments are not hyperlight lolour, may full line of pink colour is preferred, like when you click in disassemble code that line, full and long blue colour in that line are seleted, maybe you understand what is my meaning?

7. in CPU Registers window, OF,DF, TF,SF, ZF, AF, PF, ZF can¡¯t change the 0 or 1 value for active jump or inactive jump immediately when use mouse double click in that value, consider for improvement for next version?

8. Can you consider add Information view window under disassemble window, and Data view window (hex dump), the same as OllyDBG, total five windows are list:
(1) Disassemble window
(2) CPU Register Window
(3) Information Window
(4) Data view window
(5) Stack view window

9. Can you consider add search all strings for Ansi code and Unicode, and double click in that string can send to disassemble code immediately.

10. Something like
push dword ptr fs:[00000000h],
cmp eax, FFFFFFFEh
test byte ptr [eax+04h], 66h
I don¡¯t know [00000000h] or FFFFFFFEh or eax+04h or 66h is IDA engine or OllyDBG engine or Bean Engine, can you consider use OllyDBG only?

11. load a exe most time are blank disassemble code there, but lillte time is fine, will you improve it for next version?

12. Can you consier add plugins API Socket? Maybe in the future, someone will develop some plugins to extend it feature more powerfully.

13. Can you consider add support theme, disassemble window background colour can edit and change, some like call, mov, test, xor, add and so on is already hyperlight colour, this is good, but support more will be better, or have a option to extend that people can add more by themselves.

14. breakpoint if possible can support like bp MessageBoxA/W in commandline box will be better.

15. Can you consider add bookmark feature, and consider add bookmark Window also, that user can save theirs¡¯ booked mark there.

16. After more test, if I thought more furture need to be added, then I will suggest you again.

17. Thanks for develop this good and nice tool, hope it will become popular for Win x86 and Win x64 debugging and disassembler tool in the future and instead of OllyDBG.
Reply With Quote
  #33  
Old 09-18-2013, 00:57
cxj98
 
Posts: n/a
some useful suggestion for next version.

1. Current icons group is too ugly, maybe ture color icon is better for consider.

2. Can you add support font, size can change in each window, after change can save the changing, current size is too smaller, not good for viewing.

3. In disassemble window and in stack view window, when you use mouse to click and drag the scroll bar start scrolling, the scroll bar is not really at scrolling, only code are scrolling there, maybe is a bug?

4. Can you consider add support edit disassemble code immediately with keyboard shortcut key spacebar button or double click in that disassemble code, not use mouse right click and select edit instruction, after edit and can have undo feature with multi-times. also, when right click and select "edit instruction" can you consider quotes origianl byte or disassemble code, not blank input there.

5. When will you support jump line with red arrow in disassemble code like jnz, jle, jge, jnc, jmp and so on, gray color for not inactive jump, red color for active jump. If you use OllyDBG, you will know what I mean.

6. in disassemble window, when you use F8 start step over, you will see only offset are pink hyperlight colour there, but include OpCodes, Mnemonics, comments are not hyperlight lolour, may full line of pink colour is preferred, like when you click in disassemble code that line, full and long blue colour in that line are seleted, maybe you understand what is my meaning?

7. in CPU Registers window, OF,DF, TF,SF, ZF, AF, PF, ZF can¡¯t change the 0 or 1 value for active jump or inactive jump immediately when use mouse double click in that value, consider for improvement for next version?

8. Can you consider add Information view window under disassemble window, and Data view window (hex dump), the same as OllyDBG, total five windows are list:
(1) Disassemble window
(2) CPU Register Window
(3) Information Window
(4) Data view window
(5) Stack view window

9. Can you consider add search all strings for Ansi code and Unicode, and double click in that string can send to disassemble code immediately.

10. Something like
push dword ptr fs:[00000000h],
cmp eax, FFFFFFFEh
test byte ptr [eax+04h], 66h
I don¡¯t know [00000000h] or FFFFFFFEh or eax+04h or 66h is IDA engine or OllyDBG engine or Bean Engine, can you consider use OllyDBG only?

11. load a exe most time are blank disassemble code there, but lillte time is fine, will you improve it for next version?

12. Can you consier add plugins API Socket? Maybe in the future, someone will develop some plugins to extend it feature more powerfully.

13. Can you consider add support theme, disassemble window background colour can edit and change, some like call, mov, test, xor, add and so on is already hyperlight colour, this is good, but support more will be better, or have a option to extend that people can add more by themselves.

14. breakpoint if possible can support like bp MessageBoxA/W in commandline box will be better.

15. Can you consider add bookmark feature, and consider add bookmark Window also, that user can save theirs¡¯ booked mark there.

16. When you selete multi-line of MneMonics and copy it in disassemble window, it actually copied first line, not multi-line are copied, maybe a bug?

17. can you add support hex code search? Like shortcut key ¡°Ctrl + B¡± in OllyDBG, If I want to search blank place to add some disassemble code and jump back, good for inline patching.

18. After more test, if I thought more furture need to be added, then I will suggest you again.

19. Thanks for develop this good and nice tool, hope it will become popular for Win x86 and Win x64 debugging and disassembler tool in the future and instead of OllyDBG.
Reply With Quote
The Following User Gave Reputation+1 to For This Useful Post:
Zer0Flag (09-18-2013)
  #34  
Old 09-18-2013, 07:01
cxj98
 
Posts: n/a
Hello, ZeroFlag. I just thought more, but due to can't edit old post, so I create with new suggestion here.

some useful suggestion for next version.

1. Current icons group is too ugly, maybe ture color icon is better for consider.

2. Can you add support font, size can change in each window, after change can save the changing, current size is too smaller, not good for viewing.

3. In disassemble window and in stack view window, when you use mouse to click and drag the scroll bar start scrolling, the scroll bar is not really at scrolling, only code are scrolling there, maybe is a bug?

4. Can you consider add support edit disassemble code immediately with keyboard shortcut key spacebar button or double click in that disassemble code, not use mouse right click and select edit instruction, after edit and can have undo feature with multi-times. also, when right click and select "edit instruction" can you consider quotes origianl byte or disassemble code, not blank input there.

5. When will you support jump line with red arrow in disassemble code like jnz, jle, jge, jnc, jmp and so on, gray color for not inactive jump, red color for active jump. If you use OllyDBG, you will know what I mean.

6. in disassemble window, when you use F8 start step over, you will see only offset are pink hyperlight colour there, but include OpCodes, Mnemonics, comments are not hyperlight lolour, may full line of pink colour is preferred, like when you click in disassemble code that line, full and long blue colour in that line are seleted, maybe you understand what is my meaning?

7. in CPU Registers window, OF,DF, TF,SF, ZF, AF, PF, ZF can¡¯t change the 0 or 1 value for active jump or inactive jump immediately when use mouse double click in that value, consider for improvement for next version?

8. Can you consider add Information view window under disassemble window, and Data view window (hex dump), the same as OllyDBG, total five windows are list:
(1) Disassemble window
(2) CPU Register Window
(3) Information Window
(4) Data view window
(5) Stack view window

9. Can you consider add search all strings for Ansi code and Unicode, and double click in that string can send to disassemble code immediately.

10. Something like
push dword ptr fs:[00000000h],
cmp eax, FFFFFFFEh
test byte ptr [eax+04h], 66h
I don¡¯t know [00000000h] or FFFFFFFEh or eax+04h or 66h is IDA engine or OllyDBG engine or beaengine, can you consider use OllyDBG engine only?

11. load a exe most time are blank disassemble code there, but lillte time is fine, will you improve it for next version?

12. Can you consier add plugins API Socket? Maybe in the future, someone will develop some plugins to extend it feature more powerfully.

13. Can you consider add support theme, disassemble window background colour can edit and change, some like call, mov, test, xor, add and so on is already hyperlight colour, this is good, but support more will be better, or have a option to extend that people can add more by themselves.

14. breakpoint if possible can support like bp MessageBoxA/W in commandline box will be better.

15. Can you consider add bookmark feature, and consider add bookmark Window also, that user can save theirs¡¯ booked mark there.

16. When you selete multi-line of MneMonics and copy it in disassemble window, it actually copied first line, not multi-line are copied, maybe is a bug?

17. can you add support hex code search? Like shortcut key ¡°Ctrl + B¡± in OllyDBG, If I want to search blank place to add some disassemble code and jump back, good for inline patching.

18. in disassemble window, double click on comment must can edit and hit OK can save, for easy and quick debugging purpose.

19. Current version can¡¯t debugging *.dll file, only *.exe file, will you consider add for support debugging *.dll file in the next version.

20. Recent file will be deleted afer exit Nanomite, I don¡¯t know is a bug or not, maybe cause Win Vista / Win 7 UAC? can you consider add a option for it can save or delete all recent files choice by user?

21. After more test, if I thought more furture need to be added, then I will suggest to you again.

22. Thanks for develop this good and nice tool, hope it will become popular for Win x86 and Win x64 debugging and disassembler tool in the future and instead of OllyDBG.

23. For sometimes debugging some exe file comes blank disassemble code, I don¡¯t know is it possible because Delphi 7 Programs or due to some strong packer like VMProtect, here I just attach some software for you to test it out.

Download it: _http://pan.baidu.com/share/link?shareid=123269319&uk=386178158
Reply With Quote
  #35  
Old 09-28-2013, 13:16
illmaR illmaR is offline
VIP
 
Join Date: Oct 2011
Posts: 16
Rept. Given: 4
Rept. Rcvd 19 Times in 6 Posts
Thanks Given: 0
Thanks Rcvd at 2 Times in 2 Posts
illmaR Reputation: 19
thanks for nice stuff! Lets check if it is worth changing from windbg.
Reply With Quote
  #36  
Old 10-06-2013, 07:27
___da-brain___
 
Posts: n/a
What is the latest version of this?
Reply With Quote
  #37  
Old 10-06-2013, 07:42
chessgod101's Avatar
chessgod101 chessgod101 is offline
Co-Administrator
 
Join Date: Jan 2011
Location: United States
Posts: 535
Rept. Given: 2,218
Rept. Rcvd 691 Times in 219 Posts
Thanks Given: 700
Thanks Rcvd at 939 Times in 186 Posts
chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699
Quote:
Originally Posted by ___da-brain___ View Post
What is the latest version of this?
The latest version(Version 0.1 beta 15) is listed not only above, but clearly on the program's website as well.
__________________
"As the island of our knowledge grows, so does the shore of our ignorance." John Wheeler
Reply With Quote
  #38  
Old 10-06-2013, 07:48
___da-brain___
 
Posts: n/a
Quote:
Originally Posted by chessgod101 View Post
The latest version(Version 0.1 beta 15) is listed not only above, but clearly on the program's website as well.
Debugger keeps crashing so i thought mine is an old version.
Reply With Quote
  #39  
Old 10-07-2013, 01:14
deepzero's Avatar
deepzero deepzero is offline
VIP
 
Join Date: Mar 2010
Location: Germany
Posts: 300
Rept. Given: 111
Rept. Rcvd 64 Times in 42 Posts
Thanks Given: 178
Thanks Rcvd at 215 Times in 92 Posts
deepzero Reputation: 64
Quote:
Debugger keeps crashing
same here, glad i am not the only one.
i'll sens over some crash dumps sometime the next week, i suggest you do the same.
Reply With Quote
  #40  
Old 10-31-2013, 02:00
Zer0Flag Zer0Flag is offline
Friend
 
Join Date: Oct 2010
Posts: 22
Rept. Given: 3
Rept. Rcvd 31 Times in 13 Posts
Thanks Given: 0
Thanks Rcvd at 8 Times in 8 Posts
Zer0Flag Reputation: 31
Code:
beta 16
+ fixed a bug which can lead to a crash of the debugge when using step over while debugge was running
+ fixed a bug which can lead to a crash while using step over
+ fixed a bug which can lead to a crash when using more than one memory breakpoint
+ fixed a bug which can lead to a missing display of disassembly when breaking on a onexecute memory bp
+ fixed a bug which lead to a lost commandline when restarting as admin
+ fixed a bug which did not clean up correctly if restarting the file over the recent debugged file menu
+ added space shortcut in disassembly view to edit instruction
+ added error message if x86 build wants to load x64 binarys
+ added entropy check to display a warning if a (may) packed or crypted file will be started
+ added support for different breakpoint sizes
+ added resolving of drag n dropped .lnk files
+ added bookmarks
+ added comments
+ added HLT and UD2 software breakpoint types
+ added project files
+ added different performance improvements
+ updated dbghelp to version 6.3.9600

####Notes:
	- Supported breakpoint sizes are 1,2 and 4 bytes for software and hardware breakpoints
	- In the breakpoint manager you can now choose between int3, hlt and ud2 software breakpoints
		- int3 = 0xCC
		- hlt  = 0xF4
		- ud2  = 0x0F0B
	- Project files allow to save and load bookmarks, comments, patches and breakpoints of the current project
Reply With Quote
The Following 2 Users Gave Reputation+1 to Zer0Flag For This Useful Post:
anon_c (11-26-2013), chessgod101 (11-01-2013)
  #41  
Old 11-16-2013, 22:53
=GXG=
 
Posts: n/a
Nice project.Update it
Reply With Quote
  #42  
Old 11-24-2013, 14:35
MCKSys Argentina MCKSys Argentina is offline
Friend
 
Join Date: Mar 2012
Location: Argentina
Posts: 7
Rept. Given: 7
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 1
Thanks Rcvd at 5 Times in 4 Posts
MCKSys Argentina Reputation: 0
I have tested Nanomite in his x64 version (qtNanomite.exe) in a VM with Win 7 Pro (x64 of course).
In most of the programs it worked ok, but some programs have blank disasm window when opened using "Open new file" command.
For example, Cheat engine version 6.2 comes with 2 "sample" programs. The x64 version (Tutorial-x86_64.exe) shows a blank disasm window when loaded the previous way.
Then the program runs fine, so the only issue here is the first-load blank disasm window.

Another thing is that when loading some apps (for example Internet Explorer 8 x64), Nanomite shows a MessageBox saying that "It seems that this file is packe or encrypted!", but they aren't. A false positive?
ADDED: Despite the message, the programs work ok.

Anyway, I'll keep using this excellent dbg and reporting anything that comes up.

Thanks Zer0Flag for you effort!

Cheers!
Reply With Quote
  #43  
Old 11-26-2013, 02:07
anon_c anon_c is offline
Friend
 
Join Date: Jan 2011
Posts: 27
Rept. Given: 25
Rept. Rcvd 8 Times in 3 Posts
Thanks Given: 12
Thanks Rcvd at 7 Times in 7 Posts
anon_c Reputation: 8
Thanks for this great tool!

It helped me patch Im@ris, a great software for microscopy, by applying an update to the solution provided by Team Lz0 for a previous version

Here are some suggestions/thoughts:

-How to use the Goto function to go to Offset? It would also be nice to be able to goto RVA.

-Editing a jump with VA or RVA does not work (the function will be edited by jmp to ??? address)

-It would be nice to be able to set flags individually instead of editing the EFlags. Not a big deal, but it would be faster...

-Hotkey " Return = …" does not work with the Return key of a keypad

Keep your good work, it is really appreciated

AC
Reply With Quote
  #44  
Old 11-28-2013, 01:30
Zer0Flag Zer0Flag is offline
Friend
 
Join Date: Oct 2010
Posts: 22
Rept. Given: 3
Rept. Rcvd 31 Times in 13 Posts
Thanks Given: 0
Thanks Rcvd at 8 Times in 8 Posts
Zer0Flag Reputation: 31
Thanks for this valuable feedback!

I will take the suggested issues/features onto my todo list. But currently I lack somehow of time because of RL... but updates will keep comming .

About the black disassembly window I know that this is based on the worse algorithm which the disassembler in nanomite is using currently and often occurs on packed or crypted samples. I´m planing to update this one in the next steps to offer a better analysis of the code and also take the control flow into account.

If you find any bugs or have feature requests you are always welcome!

~Zer0Flag
Reply With Quote
The Following User Gave Reputation+1 to Zer0Flag For This Useful Post:
s0me0n3 (12-10-2013)
  #45  
Old 11-28-2013, 17:47
Dinisoid
 
Posts: n/a
It would be good if you add ability to generate control flow graph for function or module.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Where are the Class methods? 5Alive General Discussion 0 07-28-2005 03:22
Calling function from a class AdamD General Discussion 0 02-17-2005 22:59


All times are GMT +8. The time now is 18:43.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )