Exetools  

Go Back   Exetools > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #31  
Old 05-27-2015, 22:55
cyberbob's Avatar
cyberbob cyberbob is offline
VIP
 
Join Date: Aug 2004
Posts: 93
Rept. Given: 23
Rept. Rcvd 118 Times in 28 Posts
Thanks Given: 6
Thanks Rcvd at 30 Times in 14 Posts
cyberbob Reputation: 100-199 cyberbob Reputation: 100-199
v.1.1.0 released - www.arkdasm.com

+ added debugger memory snapshot feature
+ added debugger exception handling settings
+ added new command: bpdll
+ improvements, bug fixes
Reply With Quote
The Following 3 Users Gave Reputation+1 to cyberbob For This Useful Post:
chessgod101 (05-28-2015), dj-siba (06-01-2015), mr.exodia (05-29-2015)
The Following 3 Users Say Thank You to cyberbob For This Useful Post:
giv (10-11-2015), sh3dow (10-11-2015), Storm Shadow (10-11-2015)
  #32  
Old 10-11-2015, 00:33
giv's Avatar
giv giv is offline
VIP
 
Join Date: Jan 2011
Location: Romania
Posts: 1,657
Rept. Given: 801
Rept. Rcvd 1,283 Times in 561 Posts
Thanks Given: 226
Thanks Rcvd at 562 Times in 240 Posts
giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299
Hi.
I see that the debugger do a analysis like IDA do before starting to debug itself the target.
That analysis is done each time the executable is loaded even is the same and not modified. Can you do a file that keep the analysis and if the CRC change analyse again else is a waste of time to wait each time for the analysis to complete.
Or i am wrong?
Reply With Quote
  #33  
Old 10-11-2015, 17:04
cyberbob's Avatar
cyberbob cyberbob is offline
VIP
 
Join Date: Aug 2004
Posts: 93
Rept. Given: 23
Rept. Rcvd 118 Times in 28 Posts
Thanks Given: 6
Thanks Rcvd at 30 Times in 14 Posts
cyberbob Reputation: 100-199 cyberbob Reputation: 100-199
Hi giv, you're wrong cause its not analysis its mostly rebasing hash maps (comments, labels, xref, etc.) to new imagebase, creating a new debugger database and stashing the current one cause it will be restored when debugger exits (assuming you don't use memory snapshot feature). Full analysis is done only at the beginning that is when you load a new file into disassembly.
Reply With Quote
  #34  
Old 10-11-2015, 19:15
giv's Avatar
giv giv is offline
VIP
 
Join Date: Jan 2011
Location: Romania
Posts: 1,657
Rept. Given: 801
Rept. Rcvd 1,283 Times in 561 Posts
Thanks Given: 226
Thanks Rcvd at 562 Times in 240 Posts
giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299
Oh i see.
I have made a quick test.
Load a file twice.
But it seems that ASLR is the fault witch make the program rebase all times the hash maps.
The hash maps are stored relative to VA or RVA of the file or is another pointer?
Reply With Quote
  #35  
Old 10-11-2015, 20:50
cyberbob's Avatar
cyberbob cyberbob is offline
VIP
 
Join Date: Aug 2004
Posts: 93
Rept. Given: 23
Rept. Rcvd 118 Times in 28 Posts
Thanks Given: 6
Thanks Rcvd at 30 Times in 14 Posts
cyberbob Reputation: 100-199 cyberbob Reputation: 100-199
Quote:
Originally Posted by giv View Post
The hash maps are stored relative to VA or RVA of the file or is another pointer?
VA but if your file is big and it takes too much time to rebase I'd suggest to use another debugger
Reply With Quote
  #36  
Old 10-12-2015, 00:37
giv's Avatar
giv giv is offline
VIP
 
Join Date: Jan 2011
Location: Romania
Posts: 1,657
Rept. Given: 801
Rept. Rcvd 1,283 Times in 561 Posts
Thanks Given: 226
Thanks Rcvd at 562 Times in 240 Posts
giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299
VA is a bad option concerning ASLR.
I have made a simple test.
Load Total Commander 64 bit executable.
It have few MB as you may know.
The process take about one minute one a Core 2 Quad Q6666 at 2.4x4Mhz and 6 Gb RAM under Win 8.1.
The rebasing is done every time i load the file even is small.
The referencing to the RVA as pointer will avoid this issue IMHO.
Reply With Quote
  #37  
Old 10-12-2015, 01:06
cyberbob's Avatar
cyberbob cyberbob is offline
VIP
 
Join Date: Aug 2004
Posts: 93
Rept. Given: 23
Rept. Rcvd 118 Times in 28 Posts
Thanks Given: 6
Thanks Rcvd at 30 Times in 14 Posts
cyberbob Reputation: 100-199 cyberbob Reputation: 100-199
well, it all depends on your hardware I just check totalcmd64.exe on my 4 year old laptop i7-2620M @ 2.70 Ghz, 8 GB RAM Win7 it takes about 3-4 seconds.
Reply With Quote
  #38  
Old 10-12-2015, 17:58
giv's Avatar
giv giv is offline
VIP
 
Join Date: Jan 2011
Location: Romania
Posts: 1,657
Rept. Given: 801
Rept. Rcvd 1,283 Times in 561 Posts
Thanks Given: 226
Thanks Rcvd at 562 Times in 240 Posts
giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299
Ah.
I have a i7 3.3Ghz quad laptop with Win 8.1 X64, 12 GB DDR3 and 256GB SSD but i did not tested because is only for Tom&Jerry kids games.
I thougth is not suitable to reverse on a laptop.
And my 2.4 Ghz Q6660 Quad is suitable for reverse a 3 MB program....
I will test on the laptop when is free and i will tell you the result.
Reply With Quote
  #39  
Old 08-15-2018, 19:11
MarcElBichon MarcElBichon is offline
VIP
 
Join Date: Jan 2002
Posts: 267
Rept. Given: 355
Rept. Rcvd 151 Times in 57 Posts
Thanks Given: 244
Thanks Rcvd at 264 Times in 86 Posts
MarcElBichon Reputation: 100-199 MarcElBichon Reputation: 100-199
Even if nothing changed, re-uploaded on 2018-08-04.
Never forget this tool!
Reply With Quote
  #40  
Old 10-02-2018, 05:09
blue_devil's Avatar
blue_devil blue_devil is offline
Family
 
Join Date: Dec 2011
Location: Observable Universe
Posts: 246
Rept. Given: 42
Rept. Rcvd 45 Times in 19 Posts
Thanks Given: 197
Thanks Rcvd at 333 Times in 116 Posts
blue_devil Reputation: 45
@cyberbob
Did you stop developing ArkDasm. It was a nice project. Why no updates?
Reply With Quote
  #41  
Old 10-08-2018, 04:50
cyberbob's Avatar
cyberbob cyberbob is offline
VIP
 
Join Date: Aug 2004
Posts: 93
Rept. Given: 23
Rept. Rcvd 118 Times in 28 Posts
Thanks Given: 6
Thanks Rcvd at 30 Times in 14 Posts
cyberbob Reputation: 100-199 cyberbob Reputation: 100-199
Quote:
Originally Posted by blue_devil View Post
@cyberbob
Did you stop developing ArkDasm. It was a nice project. Why no updates?
Yeah, its stopped I'm working on version2 (actually it's new project but some code is shared with ArkDasm). Advantages over ArkDasm:
  • cross platform (Win/Linux/Mac)
  • multi-arch (x86, x64, Arm32, Arm64, MIPS 32)
  • supported file types: ELF32, ELF64, PE64, raw binary.
  • RetDec decompiler support (press F5 on a function to get C code just like in IDA)

No release date but I'm leaning toward releasing Pre-Alpha sooner than later (depends on my free time)
Reply With Quote
The Following 2 Users Gave Reputation+1 to cyberbob For This Useful Post:
MarcElBichon (10-08-2018), mr.exodia (10-11-2018)
The Following 11 Users Say Thank You to cyberbob For This Useful Post:
darkBLACK (10-20-2018), elephant (10-12-2018), Hypnz (10-08-2018), kienmanowar (10-08-2018), Loki (10-09-2018), mrfearless (10-09-2018), niculaita (10-10-2018), nimaarek (10-13-2018), SinaDiR (10-11-2018), tonyweb (10-13-2018), zeuscane (10-08-2018)
Reply

Tags
disassembler

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 19:29.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )