EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #16  
Old 10-31-2013, 21:20
typedef
 
Posts: n/a
A Python scripting interface would be good, with breakpoints that can trigger scripts at certain points in execution. Good job on the debugger though.
Reply With Quote
  #17  
Old 11-06-2013, 03:03
cyberbob's Avatar
cyberbob cyberbob is offline
VIP
 
Join Date: Aug 2004
Posts: 91
Rept. Given: 23
Rept. Rcvd 118 Times in 28 Posts
Thanks Given: 2
Thanks Rcvd at 20 Times in 6 Posts
cyberbob Reputation: 100-199 cyberbob Reputation: 100-199
v0.4.0 released

+ added File C Produce assembly text file
+ added possibility to create byte array type
+ added new command: dup
+ minor improvements
Reply With Quote
  #18  
Old 12-08-2013, 22:23
cyberbob's Avatar
cyberbob cyberbob is offline
VIP
 
Join Date: Aug 2004
Posts: 91
Rept. Given: 23
Rept. Rcvd 118 Times in 28 Posts
Thanks Given: 2
Thanks Rcvd at 20 Times in 6 Posts
cyberbob Reputation: 100-199 cyberbob Reputation: 100-199
v0.5.0 released

added possibility to create subroutine
added subroutine stack data (arguments, local variables) recognition
added hex view window
minor bugfixes and usability improvements

Here is a screenshot how stack data recognition may look like http://arkdasm.com/stackdata.png

It's possible to rename stack data after pressing n key.
Reply With Quote
  #19  
Old 03-21-2014, 03:08
MarcElBichon MarcElBichon is offline
VIP
 
Join Date: Jan 2002
Posts: 200
Rept. Given: 185
Rept. Rcvd 154 Times in 55 Posts
Thanks Given: 66
Thanks Rcvd at 108 Times in 29 Posts
MarcElBichon Reputation: 100-199 MarcElBichon Reputation: 100-199
v0.6.0 released

What's new:
added structure support for global data
added new commands: del_struct, struct, ls
updated Qt to 5.2.1
minor improvements, bug fixes
Reply With Quote
The Following 3 Users Gave Reputation+1 to MarcElBichon For This Useful Post:
cyberbob (03-21-2014), giv (03-21-2014)
  #20  
Old 04-08-2014, 00:16
MarcElBichon MarcElBichon is offline
VIP
 
Join Date: Jan 2002
Posts: 200
Rept. Given: 185
Rept. Rcvd 154 Times in 55 Posts
Thanks Given: 66
Thanks Rcvd at 108 Times in 29 Posts
MarcElBichon Reputation: 100-199 MarcElBichon Reputation: 100-199
ArkDasm v0.7.0
2014-04-06

Changelog:
Quote:
- added new commands: extnd, lst, fold, unfold
- minor improvements, bug fixes
Download:
Quote:
http://www.arkdasm.com/arkdasm.zip
Reply With Quote
The Following 2 Users Gave Reputation+1 to MarcElBichon For This Useful Post:
chessgod101 (04-08-2014), cyberbob (04-08-2014)
  #21  
Old 08-21-2014, 01:01
jvoisin jvoisin is offline
Friend
 
Join Date: Aug 2014
Location: France
Posts: 8
Rept. Given: 8
Rept. Rcvd 5 Times in 4 Posts
Thanks Given: 1
Thanks Rcvd at 0 Times in 0 Posts
jvoisin Reputation: 5
Are you planning to release the source code one day?
Reply With Quote
  #22  
Old 08-21-2014, 05:27
cyberbob's Avatar
cyberbob cyberbob is offline
VIP
 
Join Date: Aug 2004
Posts: 91
Rept. Given: 23
Rept. Rcvd 118 Times in 28 Posts
Thanks Given: 2
Thanks Rcvd at 20 Times in 6 Posts
cyberbob Reputation: 100-199 cyberbob Reputation: 100-199
Quote:
Originally Posted by jvoisin View Post
Are you planning to release the source code one day?
sorry, at the moment no plans to release the source code
Reply With Quote
  #23  
Old 09-29-2014, 00:32
MarcElBichon MarcElBichon is offline
VIP
 
Join Date: Jan 2002
Posts: 200
Rept. Given: 185
Rept. Rcvd 154 Times in 55 Posts
Thanks Given: 66
Thanks Rcvd at 108 Times in 29 Posts
MarcElBichon Reputation: 100-199 MarcElBichon Reputation: 100-199
ArkDasm v0.8.0
2014-09-28

Main features:
- parsing PE32+ imports, exports, resources
- subroutine stack data (arguments, local variables) recognition
- loading local debug symbols (.pdb file) using IDA
- multiline comments support
- bookmarks support
- python script support
- possibility to save, load database

Changelog:
Quote:
- added python script support
- added command line support
- added new command: py
- minor improvements, bug fixes
Download:
Quote:
http://www.arkdasm.com/arkdasm.zip
Reply With Quote
  #24  
Old 04-16-2015, 22:54
cyberbob's Avatar
cyberbob cyberbob is offline
VIP
 
Join Date: Aug 2004
Posts: 91
Rept. Given: 23
Rept. Rcvd 118 Times in 28 Posts
Thanks Given: 2
Thanks Rcvd at 20 Times in 6 Posts
cyberbob Reputation: 100-199 cyberbob Reputation: 100-199
v.1.0.0 released - www.arkdasm.com

+ added debugger capabilities
+ added new commands: bp, ba
+ switched to the Capstone disasm engine
+ updated Qt to 5.4.0
+ switched to Visual Studio 2013
+ minor improvements, bug fixes

switched to Visual Studio 2013 so run-times (msvcp120.dll, msvcr112.dll) are required http://www.microsoft.com/en-us/download/details.aspx?id=40784
Reply With Quote
The Following 2 Users Gave Reputation+1 to cyberbob For This Useful Post:
MarcElBichon (04-16-2015), Storm Shadow (04-19-2015)
The Following User Says Thank You to cyberbob For This Useful Post:
Insid3Code (04-18-2015)
  #25  
Old 04-17-2015, 03:56
mr.exodia's Avatar
mr.exodia mr.exodia is offline
Super Moderator
 
Join Date: Nov 2011
Posts: 845
Rept. Given: 496
Rept. Rcvd 1,154 Times in 308 Posts
Thanks Given: 91
Thanks Rcvd at 526 Times in 201 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
Hey,

Nice seeing you added debugger capabilities! I have a few questions if you don't mind

What is this 'DIA' thing you are talking about to load symbols? Is it open source? I could not find it anywhere (though maybe my search terms were off).

And could you maybe give me some pointers as to how you recognize functions and local variables? Do you scan all instructions and populate a nice graph or do you do a linear scan with some algorithms to detect functions or maybe a combination? I am interested in this because I want to implement some of this in x64dbg

Another small thing, is the arrow location just 'wrong' or is is placed between instructions for a reason? See this screenshot: http://prntscr.com/6ukf81

On and before I forget it, could you share some insight on how you implemented these python functions? I saw the python libs, but do you have some trick to auto generate the required function definitions or is it all manual work?

Greetings
__________________
x64dbg: http://x64dbg.com
My Blog: http://mrexodia.cf
Reply With Quote
  #26  
Old 04-17-2015, 05:51
cyberbob's Avatar
cyberbob cyberbob is offline
VIP
 
Join Date: Aug 2004
Posts: 91
Rept. Given: 23
Rept. Rcvd 118 Times in 28 Posts
Thanks Given: 2
Thanks Rcvd at 20 Times in 6 Posts
cyberbob Reputation: 100-199 cyberbob Reputation: 100-199
Quote:
Originally Posted by mr.exodia View Post
What is this 'DIA' thing you are talking about to load symbols? Is it open source?
it's open source, comes with Visual Studio you should have it in VS path e.g. "c:\Program Files (x86)\Microsoft Visual Studio 12.0\DIA SDK\Samples"

Quote:
Originally Posted by mr.exodia View Post
And could you maybe give me some pointers as to how you recognize functions and local variables?
first I scan to find begin and the end of the function (it's not always an easy task) and then just 'walk' the function marking, recording instructions related to stack pointer.

Quote:
Originally Posted by mr.exodia View Post
Another small thing, is the arrow location just 'wrong' or is is placed between instructions for a reason?
there is no reason, it's calculated based on QFontMetrics lineSpacing. Please change font to get hopefully more accurate position but personally it did not bother me that its a millimeter off.

Quote:
Originally Posted by mr.exodia View Post
On and before I forget it, could you share some insight on how you implemented these python functions? I saw the python libs, but do you have some trick to auto generate the required function definitions or is it all manual work?
it's manual work but you could use SWIG if you have a lot of functions.

Cheers
Reply With Quote
  #27  
Old 04-17-2015, 21:01
maktm maktm is offline
Friend
 
Join Date: Apr 2015
Posts: 23
Rept. Given: 0
Rept. Rcvd 4 Times in 2 Posts
Thanks Given: 8
Thanks Rcvd at 15 Times in 7 Posts
maktm Reputation: 4
I forgot what it's called or where I read this but there are 2 methods in which you can analyse the binary to find all the functions. The first method is to scan each and every function then link them together, but the other method is to analyse the instruction line by line and when you identify a function you check for calls inside of it and then go into that new function (inside of the main function) and then repeat the process. This means that if you had something like :

;function prologue
call xxx
;function epilogue

it would follow the call, identify the function and if it had another function the keep repeating it. In the end it would return back to the main function then continue line by line analysis.

What method do you use for this?

Sorry if this sounds vague or confusing.

Btw I saw this project on /r/reverseengineering first so it's getting around a lot. good job
Reply With Quote
  #28  
Old 04-17-2015, 21:49
cyberbob's Avatar
cyberbob cyberbob is offline
VIP
 
Join Date: Aug 2004
Posts: 91
Rept. Given: 23
Rept. Rcvd 118 Times in 28 Posts
Thanks Given: 2
Thanks Rcvd at 20 Times in 6 Posts
cyberbob Reputation: 100-199 cyberbob Reputation: 100-199
Quote:
Originally Posted by maktm View Post
What method do you use for this?
I use the second method (if I understood you correctly). I follow call instructions.
Reply With Quote
The Following User Says Thank You to cyberbob For This Useful Post:
maktm (04-17-2015)
  #29  
Old 04-18-2015, 06:37
mr.exodia's Avatar
mr.exodia mr.exodia is offline
Super Moderator
 
Join Date: Nov 2011
Posts: 845
Rept. Given: 496
Rept. Rcvd 1,154 Times in 308 Posts
Thanks Given: 91
Thanks Rcvd at 526 Times in 201 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
I plan on combining both linear search and a recursive search to also detect unused functions (and maybe evade some techniques like below). The problem I'm having is how to represent the instructions as a data structure...
__________________
x64dbg: http://x64dbg.com
My Blog: http://mrexodia.cf
Reply With Quote
  #30  
Old 04-27-2015, 19:17
redbull redbull is offline
Friend
 
Join Date: Mar 2004
Posts: 160
Rept. Given: 17
Rept. Rcvd 5 Times in 4 Posts
Thanks Given: 3
Thanks Rcvd at 0 Times in 0 Posts
redbull Reputation: 5
Good to see this project is still going! Good work cyberbob.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 01:34.


ICP05004977
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX