#1
|
||||
|
||||
debugging of complex 64b targets and proper tools
Hi all,
I need to debug a complex program under a win 64 system, for complex I don't mean a protected target, but a target very big with several dlls loaded and released, partially written in .NET and native code. So I investigated a little what 64 bit debuggers were present. Olly has to be excluded unfortunately, but there were two other alternatives I found:
So I'm now stuck with static patching (under IDA64) and offline tests if the patch works. The question is therefore which other tools I have to succesfully debug and patch 64b applications. It seems like several tools still are just not being ported to 64b. And of course which are your experiences! BR, Shub
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪) There are only 10 types of people in the world: Those who understand binary, and those who don't http://www.accessroot.com |
#2
|
|||
|
|||
WinDBG, PEBrowseDbg64 and HIEW for patching
|
#3
|
||||
|
||||
I just preferred something more "visual". What about VisualDuxDbgSetup.zip ? Anyone tried it already? Which limitations has the free version?
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪) There are only 10 types of people in the world: Those who understand binary, and those who don't http://www.accessroot.com |
#4
|
||||
|
||||
Quote:
If that doesn't help I'd be happy to investigate it, just send me PM with target app or link. Quote:
As for Visual DuxDebugger, I'm a bit bias but I think is a hideous piece of software. Current version is 3.9 but it feels like pre-alfa e.g. instead jumps to imports: JMP [ntdll!RtlExitUserProcess] JMP [user32!MessageBoxA] you like see something like this JMP [RIP+0xf8c] JMP [RIP+0xf96] |
#5
|
Ok, i admit you will never like the WinDBG because of its interface and the vast array of commands , but it's surely the most powerful debugger out there for ring0/ring3 debugging. Moreover it can handle tons of stuff that no other debugger can do for you right now, at least under x64 platform until "SoftIce64" will be available Think about this, i am sure it is the best choice, thats why i am spending a bit of time every day to learn it in depth. As for direct patching, Hiew, no doubt
__________________
<<< The L10n won't give up >>> |
#6
|
|||
|
|||
WinDBG is definitely the best option in my experience. You should be able to use the WinDbg engine in IDA now I think as well. WinDbg isn't too bad to get use to, and its powerful and scriptable. Debugging services is simple too, you can set your target to execute in WinDbg when the service starts: http://support.microsoft.com/kb/824344
|
#7
|
I agree with you, even if i can't still figure out why the command pause+call_stack doesn't work properly in my debugging session as though Ollydbg (F12+k) :-/
__________________
<<< The L10n won't give up >>> |
Thread Tools | |
Display Modes | |
|
|