EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #31  
Old 08-29-2009, 11:32
Syoma Syoma is offline
reverse engineer
 
Join Date: May 2009
Posts: 338
Rept. Given: 35
Rept. Rcvd 77 Times in 50 Posts
Thanks Given: 15
Thanks Rcvd at 48 Times in 27 Posts
Syoma Reputation: 77
Visual Studio (+ VisualDDK for kernel mode debugging).
Reply With Quote
  #32  
Old 08-31-2009, 14:50
TechLord TechLord is offline
Banned User
 
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 789
Rept. Given: 389
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 811
Thanks Rcvd at 1,797 Times in 478 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
All this with Remote debugging using VMware virtual machines really helps...
Reply With Quote
  #33  
Old 08-31-2009, 22:22
N0P's Avatar
N0P N0P is offline
Friend
 
Join Date: Aug 2003
Location: Brno[CzechRepublic]
Posts: 82
Rept. Given: 19
Rept. Rcvd 10 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 20 Times in 13 Posts
N0P Reputation: 10
IDA + Olly for analysis malware and RE , windbg+vmware,soft-ice for drivers
Reply With Quote
  #34  
Old 09-01-2009, 10:14
D-Jester's Avatar
D-Jester D-Jester is offline
VIP
 
Join Date: Nov 2003
Location: Ohio, USA
Posts: 269
Rept. Given: 39
Rept. Rcvd 61 Times in 41 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
D-Jester Reputation: 61
Quote:
Originally Posted by Av0id View Post
windbg... that's all folks
Doens't IDA support 64bit debugging?

Quote:
IDA supports debugging of x86 Windows PE files, AMD64 Windows PE files, and x86 Linux ELF files, either locally or remotely.
http://www.hex-rays.com/idapro/debugger/win32_tut.pdf
__________________
Even as darkness envelops and consumes us, wrapping around our personal worlds like the hand that grips around our necks and suffocates us, we must realize that life really is beautiful and the shadows of despair will scurry away like the fleeting roaches before the light.
Reply With Quote
  #35  
Old 09-03-2009, 01:09
boeser.hacker
 
Posts: n/a
Quote:
Originally Posted by SiNTAX View Post
Tiny nitpick.. but DDD ain't a debugger. It's just a frontend to GDB.
Yes, and so is xgdb and kdgb. BUT: Isn't there a real alternative to gdb? AND: What ring is gdb by the way?

boeser.hacker
Reply With Quote
  #36  
Old 09-03-2009, 17:03
Evilcry Evilcry is offline
Friend
 
Join Date: Jan 2009
Posts: 55
Rept. Given: 4
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 1
Thanks Rcvd at 36 Times in 15 Posts
Evilcry Reputation: 15
take a look here, this uses GDB ad r0

Code:
http://hexblog.com/2009/02/advanced_windows_kernel_debugg.html
for kmode debugging I use Syser and Windbg
Reply With Quote
  #37  
Old 09-05-2009, 18:03
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Exetools Team Manager
 
Join Date: Feb 2006
Location: Syria
Posts: 979
Rept. Given: 454
Rept. Rcvd 351 Times in 129 Posts
Thanks Given: 140
Thanks Rcvd at 121 Times in 33 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
anyone have a Good Paper or tut about debugging in X64 ....sure using one of the this debugger IDA or windbg .
I think we will open a new section for x64 I think it need more attention .
I think we have very Good guys here how can be useful in this field .
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
  #38  
Old 09-06-2009, 19:31
Evilcry Evilcry is offline
Friend
 
Join Date: Jan 2009
Posts: 55
Rept. Given: 4
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 1
Thanks Rcvd at 36 Times in 15 Posts
Evilcry Reputation: 15
x64 is a great field of research, I'll collect some paper about this topic and make a post

ps: about the topic, gbd can be used both r3 and r0, knowledge of gdb is a great thing
open doors for various OS debugging.
Reply With Quote
The Following User Gave Reputation+1 to Evilcry For This Useful Post:
ahmadmansoor (09-07-2009)
  #39  
Old 09-07-2009, 03:32
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Exetools Team Manager
 
Join Date: Feb 2006
Location: Syria
Posts: 979
Rept. Given: 454
Rept. Rcvd 351 Times in 129 Posts
Thanks Given: 140
Thanks Rcvd at 121 Times in 33 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
Lightbulb

Quote:
Originally Posted by Evilcry View Post
x64 is a great field of research, I'll collect some paper about this topic and make a post
@ Evilcry : thanks ,we will wait ur Paper or any useful Tut u could find .


Quote:
Originally Posted by Evilcry View Post
ps: about the topic, gbd can be used both r3 and r0, knowledge of gdb is a great thing
open doors for various OS debugging.
Good so the problem how we can be familiar with this debugger .
All of us r familiar with Olly and IDA .
so anyway to make this inf available pls

Thanks for every thing ...Lol Check ur PM ( I will send a massage .
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
The Following User Gave Reputation+1 to ahmadmansoor For This Useful Post:
Evilcry (09-07-2009)
  #40  
Old 09-07-2009, 07:00
mdyaser
 
Posts: n/a
I see there is no problem which debugger we must use
the important thing that you must know how to use the debugger in a correct way
I use OllyDbg
Reply With Quote
  #41  
Old 09-07-2009, 13:17
Evilcry Evilcry is offline
Friend
 
Join Date: Jan 2009
Posts: 55
Rept. Given: 4
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 1
Thanks Rcvd at 36 Times in 15 Posts
Evilcry Reputation: 15
Sure,
just remember that gdb comes out from porting issues and for its particular
structure is slow.

IDA Debugger is great and presents the advantage of plugin integraton,
this thing is really important because allow you to harden debugger from
hostile code

thanks ahmadmansoor !
Reply With Quote
  #42  
Old 09-22-2009, 22:47
bedrock's Avatar
bedrock bedrock is offline
Friend
 
Join Date: May 2002
Posts: 91
Rept. Given: 8
Rept. Rcvd 5 Times in 2 Posts
Thanks Given: 3
Thanks Rcvd at 0 Times in 0 Posts
bedrock Reputation: 5
ollydbg is good, and easier to learn, but will become less useful as more people move to x64, i for one have already installed Windows 7 x64 version on my laptop, it will be my only OS (apart from VM) from now on...
Reply With Quote
  #43  
Old 10-12-2009, 16:13
lordnasty lordnasty is offline
Friend
 
Join Date: Sep 2004
Posts: 29
Rept. Given: 5
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 13
Thanks Rcvd at 0 Times in 0 Posts
lordnasty Reputation: 0
IDA + Ollydbg
Olly for a "fast" debugging
IDA for a deeper work
Using together, however, is the best (example generate file .map with IDA and then pass the .map file to Olly and continue works on the same target).
Reply With Quote
  #44  
Old 10-15-2009, 01:14
rd
 
Posts: n/a
IDA for static analysis

Debuggers
Windows
Olly for Ring 3 Apps
Softice/Windbg for Ring 0 code
Immunity Debugger (olly+python) for quick exploit writing

*nix
gdb + a nice gdbinit script
IDA Debugger (remote ) + gdbserver [ this is quite nice actually]
kgdb for Linux kernel debug
Reply With Quote
  #45  
Old 10-15-2009, 14:51
remal
 
Posts: n/a
Speaking of a GDB init file, mammon's gdbinit is pure jewel.

http://www.802.11mercenary.net/~johnycsh/misc/mammon-gdbinit-fixed.txt
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[Python][Ida Pro]Free the debuggers Storm Shadow Source Code 5 08-25-2014 13:52
question about debuggers Juca General Discussion 1 02-12-2003 22:49


All times are GMT +8. The time now is 17:38.


��ICP��05004977��
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX