#1
|
||||
|
||||
[Nanomite] x64/x86 debugger - GUI and Class
Hey all,
Nanomite is a graphical debugger I wrote in Cpp and supports x64, x86 and WOW64 debugging and also offers different features ( shown in Pictures below). It uses the windows debugging api, beaengine and dbghelp. No GUI framework has been used! The x64 version of the debugger can debug x64 and WOW64 and the x86 only x86. If you are debugging multiple processes ( child processes of the main application) you can select the process for each action over a drop down menu which appears when you click a button in the main gui. In the most windows the data is sorted by the Process ID. Currently no data modification is possible (like memory, opcodes, regs or something else) but its something that will come! Of course there is a lot of work to be done and the GUI is just ugly but maybe some of you want to help and commit code and YES its fully open source for all . Issues ( I already have a lot known ones) will be fixed as soon as I have time. Also I will write a manual for the GUI and the class ( see below ) to cover "how to use, how does it work and is it able to" questions. You can download the binarys from the git repro (Nanomite.exe, dbghelp.dll and NanomiteConfig.ini are needed if you want to test the Debugger): Quote:
also I want to offer you a class I wrote in Cpp. This class offers different features for debugging and supports x64, x86 and WOW64 debugging and is the core of Nanomite. If you want me to add some features or find bugs than reply here or write me an email / pm. If you need a sample how to use it than you can take a look at : Quote:
Greetz Zer0Flag The Author will be with us soon .
__________________
Ur Best Friend Ahmadmansoor Always My Best Friend: Aaron & JMI & ZeNiX |
The Following User Says Thank You to ahmadmansoor For This Useful Post: | ||
Indigo (07-19-2019) |
#2
|
|||
|
|||
Code:
beta 7 + fixed some small handling bugs + fixed a bug in disassembler which did not replace old protection on memory after disassembling + fixed a bug which did not show terminated processes in DetailView + fixed a bug which did not show terminated threads in DetailView + fixed a bug which did not clean up memory on manual debugge stop + improved DB handler + added resolve of jump conditions to improve StepOver + added "Return" and "Backspace" Hotkey to navigate in Disassembler + added "Clear Log" context menu in LogBox + added "Show Source" context menu in Disassembler + added "Goto Function" context menu in Callstack + added a crash handler + added Source Viewer + added memory pool for performance improvement and memory leak reduction + added mouse scrolling in disassembler and stack + added direct run of target after using menu to select a file ####Notes: - CrashHandler - if Nanomite crashs a dumpfile will be written to the application folder. Please send me this file via zer0fl4g[at]gmail[dot]com - Hotkey "Return" - when you selected a jump / call / ... you can follow this instruction using the "Return" key - Hotkey "Backspace" - steps back when you used "Return" to follow a call - Source Viewer - double click on source line in Callstack view. A new Window will open and show the source code (if found) - right click in disassembler context menu opens source view also - Memory Pool - redericted malloc / new / delete / free to the memory pool - heap fragmentation reduction - increasing performance Greetz Zer0Flag |
The Following 5 Users Gave Reputation+1 to Zer0Flag For This Useful Post: | ||
ahmadmansoor (02-26-2013), chessgod101 (02-27-2013), MarcElBichon (02-26-2013), uranus64 (03-14-2013), ZeNiX (02-26-2013) |
The Following User Says Thank You to Zer0Flag For This Useful Post: | ||
Indigo (07-19-2019) |
#3
|
||||
|
||||
Hi Zer0Flag :
Did u try notepad !!! . it crash . check the dumped files Thanks for ur nice work .
__________________
Ur Best Friend Ahmadmansoor Always My Best Friend: Aaron & JMI & ZeNiX |
The Following User Says Thank You to ahmadmansoor For This Useful Post: | ||
Indigo (07-19-2019) |
#4
|
|||
|
|||
Thanks, it was a bug in the import parser. Is fixed and will be pushed with beta8
~Zer0Flag |
The Following User Gave Reputation+1 to Zer0Flag For This Useful Post: | ||
ahmadmansoor (03-03-2013) |
The Following User Says Thank You to Zer0Flag For This Useful Post: | ||
Indigo (07-19-2019) |
#5
|
|||
|
|||
Code:
beta 8 + fixed a crash in attaching to a process where we don´t have a file path + fixed a bug which ignored DbgBreakPoint on attaching + fixed a bug which caused double breaking in case we set a breakpoint while beeing on the entrypoint + fixed a crash in pe import reader + fixed a crash (see github issue #1) + fixed a bug in HexView which didn´t display data on x64 processes + fixed a possible crash when opening invalid non pe files + fixed a small bug in "Restart" + added display of current function in windowtitle + added support for drag and drop of files + added possibility to remove breakpoints with "F2" (needs to be a selected row in disassembler) + added "Step back to user code" Notes: - "Step back to user code" - If you use this the debugger will continue the execution until you get to the first function which is located in the main module |
The Following 3 Users Gave Reputation+1 to Zer0Flag For This Useful Post: | ||
The Following User Says Thank You to Zer0Flag For This Useful Post: | ||
Indigo (07-19-2019) |
#6
|
||||
|
||||
pls check it
__________________
Ur Best Friend Ahmadmansoor Always My Best Friend: Aaron & JMI & ZeNiX |
The Following 2 Users Gave Reputation+1 to ahmadmansoor For This Useful Post: | ||
chessgod101 (03-19-2013), Zer0Flag (03-19-2013) |
The Following User Says Thank You to ahmadmansoor For This Useful Post: | ||
Indigo (07-19-2019) |
#7
|
||||
|
||||
Hi Zer0Flag
see the attachment in this page http://forum.exetools.com/showpost.php?p=83583&postcount=53 pls check F7 + F8 ,it not work in some steps thanks
__________________
Ur Best Friend Ahmadmansoor Always My Best Friend: Aaron & JMI & ZeNiX |
The Following User Gave Reputation+1 to ahmadmansoor For This Useful Post: | ||
Zer0Flag (03-26-2013) |
The Following User Says Thank You to ahmadmansoor For This Useful Post: | ||
Indigo (07-19-2019) |
#8
|
|||
|
|||
Thanks for your effort! I will take a look at it and try to fix it in the next beta
~0 |
The Following User Says Thank You to Zer0Flag For This Useful Post: | ||
Indigo (07-19-2019) |
#9
|
|||
|
|||
Code:
Version 0.1 beta 9 fixed a bug in disassembler fixed a bug in wow64 StepIn fixed a crash when suspending a process and then StepIn fixed a bug which didn´t display all modules in callstack fixed a crash in loading imports of files without IAT fixed a crash in "Goto Offset" context menu small gui improvements added Single Step Tracer added memory dumper removed error message if you cancel the file selection Notes: - Single Step Tracer - only a part is displayed in the window. Use mouse scroll to navigate (will be improved) - MemoryDumper - RightClick in MemoryView or HeapView shows you the option to dump the selected segment. |
The Following 5 Users Gave Reputation+1 to Zer0Flag For This Useful Post: | ||
The Following User Says Thank You to Zer0Flag For This Useful Post: | ||
Indigo (07-19-2019) |
#11
|
|||
|
|||
Code:
Version 0.1 beta 10 fixed a bug which displayed a wrong function offset in callstack fixed a bug which didn´t break on module ep if "break on system ep" was selected fixed a bug which lead to a crash if a wow64 file has ordinal imports fixed a bug in the disassembly view which caused ungentle down scrolling fixed a bug in PEManager which double loaded debugged files fixed a bug which may lead to an error in disassembler fixed a crash on context menus if not debugging something improved HeapView added Message in DebugLog if breaking on MemoryBP added PEViewer added native check for Admin rights added warnings if API import fails added display of current PID/TID in mainwindow title added function view added and cleaned context menus Notes: - I´m happy to announce "En0mis" as a new Developer in this project! :) - function view - scans the memory of the loaded targets and scanns for functions. |
The Following 3 Users Gave Reputation+1 to Zer0Flag For This Useful Post: | ||
The Following User Says Thank You to Zer0Flag For This Useful Post: | ||
Indigo (07-19-2019) |
#12
|
|||
|
|||
Code:
beta 11 fixed a bug in options which didn´t save the correct settings fixed display of exceptions if no symbols have been found fixed a bug which made register editor not working in x64 fixed a bug which displayed wrong modules in window view fixed a bug which didn´t display exceptions if a breakpoint was set on this offset fixed a bug in disassembler which may caused application crashes due to wrong memory protection fixed a possible crash in context menus fixed display of the offset in string view fixed unvalid breakpoint offsets caused by alsr improvements on AttachDlg added cleanup on debugge termination added process patching added more context menus to DetailView added display of mainthread in DetailView added F5 Hotkey to reload some views added possibility to save debug log to file added possibility to copy data to clipboard added possibility to break on new Processes, Threads or DLL loads added dockable widgets to the mainview added save of window sizes and positions on close Notes: - You have now the possibility to patch the memory of a process. Currently it is not possible to save the changes to disk but this will be integrated also. - Some context menus offer the possibility to copy the data from the table to the clipboard |
The Following User Says Thank You to Zer0Flag For This Useful Post: | ||
Indigo (07-19-2019) |
#13
|
|||
|
|||
disassemble shows blank at all the time, rest thing are fine. string search shows useless string, ie. "This program must be run under Win32", also can't detect unicode strings, most pity is when double click on any srings can't follow in disassemble immediately.
|
#14
|
|||
|
|||
What Version did you try - debug,release,win32,x64? Which target did you try to debug when the disassemble window stays empty?
~Zer0Flag |
The Following User Says Thank You to Zer0Flag For This Useful Post: | ||
Indigo (07-19-2019) |
#15
|
|||
|
|||
debug english software are OK ,only debug Chinese software shows blank, assume language not compatible, how to reproduce this behaviour?
|
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Where are the Class methods? | 5Alive | General Discussion | 0 | 07-28-2005 03:22 |
Calling function from a class | AdamD | General Discussion | 0 | 02-17-2005 22:59 |