|
if you are C programmer, I suggest try Boomerang and Hex-Rays Decompiler.
both give you C like text. |
An odd one which is sometimes forgotten but which isnt at all bad is to use the open watcom compiler with its debugger. It is totally free and it used to be a payware thing... Just check the open watcom site for it..
|
Debugger choice depends on complexity and particular context, basically OllyDbg2 cover a wide range of situations.
But for complex environment debugging WinDbg + scripting is "the best", both on ring3 and ring0 situations. It's a bit unfriendly for a beginner, but I strongly suggest to learn also this debugger ;) Easy drivers, can be debugged with Syser. |
Also ImmunityDebugger is pretty good: basically is OllyDbg with some tweak such as a built-in pythonAPI, a function graphing tool and a heap analysis tool.
Ida pro is really powerfull, but not as immediate and easy to use as OllyDbg; moreover, OllyDbg's plugins are actually useful. Is now really outdated, but also W32DASM used to be good. Finally, as stated above, if you want to get a bit more "in" the OS, there's Syser for your comfort. Syser is SoftIce's little up-to-date brother (as they say "Softice is left. Syser will continue."). |
I am untreatable fan of Softice :). It is possible to run Softice under Vista also (it's better - after little exports modification in Vista kernel files), although it has only basic functionality and is not as stable as under systems it was designated for. But you can easy Ctrl-D at any time to view the ring0 code and you can trace through the code. The processes list, changing contextes - don't work :( So it's necessary to make old simple tricks as inserting INT3 in the start of the debugged file - to get into proper context to set breakpoints in debugged process. All it is reasonable only if you are interested in ring0 code tracing. For ring3 tracing you have a lot of other debuggers as listed above
|
windbg is powerful on kernel debugging, ollydbg is powerful on application debugging and reverse engineering.
|
one vote for Olly
|
OllyDbg 1.1 is the best for RING-3 debugging
IDA is a good assistant... |
The microsoft kernel debugger makes OD look like a toy.
Git |
I second OllyDbg for every day use.
WinDbg for r0 work. |
OllyDbg & Scripts & ImmunityDebugger
|
Quote:
OD can run .net app (x32), although you wont see anything similar to ildasm or any other .net disassembler/debugger . I was even able to fish a serial on some stupid app (forgot name). |
WinDbg is the most powerful debugger by far imo, however it's nowhere near as user-friendly as some of the alternatives.
It depends what you're trying to do tbh. If you're debugging your own code which you wrote using VS, then I'd use the builtin VS debugger for that. If you're debugging regular non-packed/obfuscated applications and you don't mind a bit of a learning curve, then I'd use WinDbg. If you're debugging x64 native applications then I'd use WinDbg. If you're debugging heavily packed and/or obfuscated targets (x86 native) then OllyDbg is probably the way to go (due to the large amount of helpful plugins to remove some of the more tedious work). If you're doing kernel debugging then I'd use WinDbg. etc Others obviously have other preferences. I'd suggest just giving the most popular tools a try and finding what you're most comfortable with. It's all about finding and using the best tool for the job. |
i like od,but is there a update version for win7?
|
Quote:
http://www.ollydbg.de/version2.html |
| All times are GMT +8. The time now is 06:16. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX