#1
|
|||
|
|||
"Syser The Debugger, reversecode ed."
Hi reversers!
as per my friend's ping I"m posting here some great news. A R.E. edition of the well-known tool "Syser Win32 debugger" This is a long fun over happy weekends/nights of the reverser aka reversecode He's very skilled and mature and releasing some great stuff from time to time (eg: skype/hidden IDA features/etc) This time it's up to Syser back from hell (joke) Some details if you are curious Some words from himself: ------------------ This work is not for getting *thanks*, I guess it still has tons of bugs, be it either mine or from the R.E process itself. Lots of TODOs are waiting for a better time As for today, you already could run/trace/breakpoing/add watches/even plugins are there! I've kept the original look & feel as much as possible. I'm very interested in comments/remarks/bugreports, especially on debugger crashes/etc To get it: https://www.sendspace.com/file/wc2cfs history track record: === 1607 210517 add handle int 3 fix mouse scroll fix memory leak PEFile read import 0413 230517 fix crash on delete watch item improve terminate debug add FlushInstructionCache on WriteMemory start debug from cmdline 2046 230517 improve reset(reload the input file) (WO hotkey) API & plugin sample https://pastebin.com/3cnTASFy https://pastebin.com/b2GeZfa8 Note: menu handling routines are still under work, rest should be just fine. Enjoy! ------------------ |
The Following 13 Users Say Thank You to sendersu For This Useful Post: | ||
alekine322 (06-03-2017), an0rma1 (10-06-2017), chessgod101 (05-24-2017), computerline (05-24-2017), Hypnz (05-25-2017), Indigo (07-19-2019), ngoksun (05-24-2017), niculaita (05-24-2017), NoneForce (06-08-2017), RAMPage (10-22-2023), TechLord (05-24-2017), tonyweb (05-26-2017), VodoleY (05-26-2017) |
#2
|
|||
|
|||
Maybe it's just my ignorance but i don't really understand the point of this effort. And don't get me wrong, i respect the time and skill invested in this project. I used the original Syser sometimes in the past, and its main advantage was the kernel mode debugging (at least for me). For usermode, syser is not competitive against olly/x64dbg in my opinion. And as far as i remember Syser died with XP. So my question is: can you use this new reversecode version on new OSes for kernelmode debugging? Is it for 32bit as the original was, or can it handle 64 bit code as well?
|
#3
|
|||
|
|||
It is ring3 x32, but ring3 x64 support planned.
ring0 will be most probable as commercial version (if any). |
The Following User Says Thank You to Syoma For This Useful Post: | ||
Indigo (07-19-2019) |
#5
|
||||
|
||||
I am actually rather excited about this project. Syser, like softice before it, is an amazing ring 0 debugger. I've honestly missed not having an alternative on windows 7 and above that didn't require remote debugging. If this project continues fruitfully, and x64 support is implemented seamlessly, it will be an asset to the development and reverse engineering community.
__________________
"As the island of our knowledge grows, so does the shore of our ignorance." John Wheeler |
The Following User Says Thank You to chessgod101 For This Useful Post: | ||
Indigo (07-19-2019) |
#6
|
|||
|
|||
Breaking update - reverscode added/implemented x64 support http://polariton.ad-l.ink/7qpvNZqYX/image.png
stay tuned ======================= x32 https://www.sendspace.com/file/bzx86g x64 https://www.sendspace.com/file/umua9d 1607 210517 add handle int 3 fix mouse scroll fix memory leak PEFile read import 0413 230517 fix crash on delete watch item improve terminate debug add FlushInstructionCache on WriteMemory start debug from cmdline 2046 230517 improve reset(reload the input file) (WO hotkey) 1528 240517 hide BP(CCh) bytes from HexView, show original value colored BP(code,data) in HexView done re PopupMenu on HexView (hotkey not tested), operation toolbar in TODO done re command(edit,move,compare) memory 0203 250517 done re ModuleList window done re ascii/unicode string context ref fix env path by add manifest 2224 250517 fix crash without dbg plugin first build x64 |
The Following User Gave Reputation+1 to sendersu For This Useful Post: | ||
Shub-Nigurrath (06-29-2017) |
The Following 12 Users Say Thank You to sendersu For This Useful Post: | ||
abhi93696 (05-27-2017), alekine322 (06-03-2017), besoeso (05-26-2017), chessgod101 (05-27-2017), deepzero (05-26-2017), Hypnz (05-26-2017), Indigo (07-19-2019), niculaita (05-26-2017), TechLord (05-26-2017), tonyweb (05-26-2017), WRP (05-27-2017), zeuscane (05-26-2017) |
#7
|
|||
|
|||
I can donate for ring0 version.
|
#8
|
|||
|
|||
What about making this open source? It might be an interesting read for the future.
|
#9
|
|||
|
|||
Hello people!
how do you do! more updates from reversecode: 1813 280517 fix mouse wheel scroll on x64 fix scroll by UPbtn bar add ALT+ hotkey fix fit hexview on x64 fix hexview change addr on edit addr area fix align stackview on x64 fix str sym ref on \t add resolve ctx ref on r8-r15 CPU reg x64 improve PE loader for x64, for resolve import/export sym fix select bytes on hexview for x64 add show EB line jmp ref chg addr/offs represent on codeview and even more fixes - 0731 290517 fix PE Loader for x64, to read import/export for hibase > 32bit, as example kernelbase.dll done re sym command, allow show/add symbol/use it for set breakpoint fix readpe onload file, for correct read sizeof file for x64 fix search module range and module info status for x64 |
The Following User Says Thank You to sendersu For This Useful Post: | ||
Indigo (07-19-2019) |
#10
|
||||
|
||||
SyserHide_25.05.17.zip (22.68kb, 47 de descărcări)
29.05.2017_x86-x64.rar WISP (1.92MB, 3 descărcări) please give us other free links for them
__________________
Decode and Conquer |
The Following User Says Thank You to niculaita For This Useful Post: | ||
Indigo (07-19-2019) |
#11
|
|||
|
|||
@niculaita: x32/x64 https://www.sendspace.com/file/pzl3ni
|
#12
|
||||
|
||||
still remains to upload please SyserHide_25.05.17.zip (22.68kb)
__________________
Decode and Conquer |
The Following User Says Thank You to niculaita For This Useful Post: | ||
Indigo (07-19-2019) |
#13
|
|||
|
|||
Hider plugin for Syser
Get: https://yadi.sk/d/L0UKb6QK3JYPRY https://www.sendspace.com/file/hwp40a Steps: unpack (use same dir levels) syser_hide.dll -> Plugins, hide_generic.dll nearby main .exe Who wants might use hide_generic.dll in their projects. Steps: as easy as LoadLibrary() and we are cool! The dll sets up a hook over ZwWaitForDebugEvent() in debugger process and installs the rest of hooks and patches memory in a process under debug. The config is embedded inside the file itself in the following way: [\x00] - OFF any other char - ON Code:ZwQueryInformationProcess[x] ZwSetInformationThread[x] ZwClose[x] NtGlobalFlag[x] ProcessHeapFlag[x] IsDebuggerPresent[x] enjoy (c) by Veliant from exelab.ru resource You could reach him here https://exelab.ru/f/index.php?action=userinfo&user=3136 |
#14
|
|||
|
|||
Hot updates and fresh meat from reversecode!
------------------------------------- 1258 040617 fix disable load x86 on syser x64 fix fmt fit addr exception violation on syser x64 fix PID/TID status and expr var fix fit addr tab in code/data view for x64 fix 'p ret' cmd, run to return implement SDK menu api done re process list window (attach work, detach from target at todo) starting re peexplorer window 1559 040617 fix load SyserColor.cfg from old SyserOption.exe util https://www.sendspace.com/file/l7r3pw 2058 040617 improve highlight keyword combined URL for both 32/64: https://www.sendspace.com/file/t4lpr5 |
The Following 3 Users Say Thank You to sendersu For This Useful Post: | ||
#15
|
|||
|
|||
Due to some issues author shut down the project
PS. He left a chance to recover it - initial bid is $ 10к details in the link in 1st post. |
The Following User Says Thank You to sendersu For This Useful Post: | ||
Indigo (07-19-2019) |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
When use "vendor defined encryption routines", how to set daemon related part? | bridgeic | General Discussion | 6 | 01-22-2015 11:35 |
"Error while unpacking program, code LP5. Please report to author." | gokilaravee | General Discussion | 2 | 06-01-2011 14:34 |
Wlscgen: Are "Vendor Id" and "Developer Id" different ? | Numega Softice | General Discussion | 6 | 02-12-2007 18:12 |