[Nanomite] x64/x86 debugger - GUI and Class

[Zer0Flag]

Hmm, could you send me this (chinese) fila via PM so I can take a look at it myself ?

[Zer0Flag]

Code:

Version 0.1 beta 12

    fixed scrollbar in trace view
    fixed a possible crash in disassembler
    fixed a memory leak in the window settings
    fixed a memory leak in dll and process name receiving
    fixed a memory leak in trace view
    fixed display of ascii strings in ascii view
    fixed a bug which could cause wrong run to user code if debugging more than one process
    fixed a bug which lead to incorrect restarts on slow systems
    fixed a bug which caused double calling of some functions in context menus
    fixed a bug in hex view which may showed wrong data
    fixed a bug in heap view which caused a crash when copying the whole line to clipboard
    added PatchManager
    added process privilege view
    added commandline options
    added possibility to set process priorities
    added possibility to set memory protection
    added display of current priority in detail view - context menu
    added display of segment registers in reg view
    added background worker to string view, hex view and functions view
    removed processes we can�t access from the attach dialog

Notes:

- Patches can be saved to file (only on the debugged one)
- In the memory view you can set the protection of a page using the context menu
- Commandline options
    - "-s": specifies a file
    - "-c": specifies the commandline for the target if not given you will be asked later
    - "-p": attachs to the given pid

If you find some bug, have some feature requests or something else please feel free to write me a pm!

Regards Zer0Flag

[Archer]

Some guys from exelab https://ssl.exelab.ru/f/index.php?action=vthread&forum=3&topic=20678#9 suspect EDI register is missing.

[Zer0Flag]

uch, Seems I forgot that one :-/ . Thanks for reporting! Will be fixed in the next version.

Regards
Zer0Flag

[Zer0Flag]

Code:

Version 0.1 beta 13

    fixed some crashs related to the qt /MT build, see note for more details
    fixed some bugs in the patch manager
    fixed the symbol display in the trace view
    fixed a bug which showed wrong trace data
    added Exception Assistant
    added colors to the state bar
    added missing edi/rdi register
    added option to break on tls callback
    added possibility to show registers of a thread in detailview
    added possibility to show TEB/TBI of a thread in detailview
    added possibility to show PEB/PBI of a process in detailview
    added possibility to set Nanomite as default just in time debugger
    added possibility in PEEditor to show exports of a loaded module in disassembler
    added updater (thanks to inisider for this contribution)
    updated beaengine to rev. 174
    updated PE-Editor layout
    updated DetailView layout
    updated Options to include more options, easier config

Notes:

- Needed to compile Qt with /MD because of issues with the cruntime. If you want to use the
  debugger you have to install the visual c++ runtime 2010. 
- You can save an exception to the list in the Options window. The debugger then knows how to handle it.
  Alternatively you can enable the Exception Assistant. This will show a dialog once a exception occures and
  offers different ways to handle it.

very good, now can debug chinese softwares.

[bedrock]

Is there install available or have to download source from git and compile ourself?

[deepzero]

there are binaries available in the debug\ and release\ folder on github.

[Zer0Flag]

You can use the files from "build" or build it yourself if you like.

Regards Zer0Flag

hi Zer0Flag, thanks for great release.
I test it with some binary, however, some of them are ok, and some of them have problem and nanomite window show blank, here is screenshot

http://i.imgur.com/u5t9WHc.png

and here is binary -> http://www.uploadmb.com/dw.php?id=1375836485

virus total -> https://www.virustotal.com/en/file/be051b6498077ee0fbeca54417b41a98493ebde86b4f33754dc1512817025ab3/analysis/1375836673/

this binary is from lina151 rce toturial

and why i can't upload file into attachment ?

[nikkapedd]

Quote:

and why i can't upload file into attachment ?

shahril you are a new member and you can't download/upload anything until you reach 20/25 posts. Read the rules for the new members

[Zer0Flag]

Thanks for the feed back!

@shahril
This is a known issue which is based on the disassembler. Sometimes it starts disassembling on the wrong offset ( neededoffset - 300 ) which is not always right. And then it doesn´t find the needed offset and stay empty.

The disassembler will probably be reworked on the beta15.

~Zer0Flag

[mm10121991]

@sharil
all binairies in lena151 tuts are 32 bits
Work with ollydbg

[Zer0Flag]

I did a little update of the disassembler engine and it fixed the problem which lead to the missing disassembly in this and some other cases.

Will be release with B14 on this Sunday (11.08.2013)

http://i.imagebanana.com/img/nu9h6ohd/08082013193602.png

~Zer0Flag

[Zer0Flag]

Code:

beta 14
+ fixed a bug in the options not showing exception wich have been saved using the exception assistant
+ fixed a bug when stepping over a return
+ fixed a bug in breakpoint manager which deleted the wrong bp when removing a selected bp
+ fixed a bug in breakpoint manager which created unusable breakpoints
+ fixed a bug in breakpoint manager which may resolved ModuleName::APIName to wrong offset
+ fixed a bug in assembler which double loaded the gui
+ fixed a bug in hardware breakpoints which did not activate them in running processes
+ fixed a bug in hardware breakpoints which did not activate them on the current thread
+ fixed a bug where by detaching from a suspended process didn't resume the process
+ fixed a bug which did not handle hardware breakpoints for wow64 targets
+ fixed a bug which showed a wrong menu if child processes where present in the debugging session
+ fixed a bug which reloaded the disassembler to the wrong offset after adding a new patch
+ fixed a bug which caused wrong scrolling of disassembler and stack while the process is running
+ fixed paths in attach dialog with SystemRoot enviroment string
+ fixed handling of "call * ptr []" and "jmp * ptr []"
+ fixed some handle and memory leaks
+ added saving of input in goto dialog
+ added support of functions in goto dialog
+ added different hotkeys see hotkey list for all of them
+ added type column in attach dialog
+ added state update when doing a trace
+ added trace to selected disassembly line
+ added toggle breakpoint on selected disassembly line to context menu
+ added display of FPU, MMX and SSE register
+ updated to qt 4.8.5
+ updated nasm to 2.10.09
+ updated file open dialog to remove annoying messagebox for commandline
+ updated the internal pe handling
+ updated resize event of Disassembler and Stack
+ updated Stack scroll
+ updated PID dropdown to be only displayed if more then 1 process is running
+ updated disassembler logic

####Notes:
    - function in the goto dialog should look like this: "module::function"
      e.g KERNEL32::IsDebuggerPresent

~Zer0Flag