crazylazy.info

txt

Great new features

Microsoft designed a powerful Debugging Engine, however the offical frontend lacks the useability ollydbg or Immunity Debugger have.
There're only a few useful extensions I know of.

Byakugan is an awesome set of extensions for WinDBG. It's is based on MS Detours.
And there's msecdbg aka "!exploitable".
Both are interesting to speed up writing exploits. Combining the power of these Debugging extensions with the insights IDA offers seems to be promising:

I was playing around with the new IDA Pro features lately and I came to use WinDBG on a Windows 7 x64 machine within IDA. It turns out it loads debugging extensions:

- Looks fun! So you get the IDA graph view (if you actually set a breakpoint and run the binary), crash-log analysis, and the awesome power of byakugan ;).

The only real thing that bothers me right now: I don't know why I have to load the x86 versions of the DLLs into the IDA WinDBG session nevertheless I'm on a x64 system.
If somebody knew that... would be very helpful. Currently it seems to work if you use "!load" with the full path. Byakugan's detoured.dll belongs into C:\Windows\. But it's also architecture specific.

Using IDA information within Immunity Debugger

Another very interesting new trick is to export labels and comments into Immunity Debugger. That's possible with a really small IDC script from the Immunity Forums.

Have fun,
wishi

p.s.: something broken with the blog right now... needs some magic. I'll cast that spell soon and repair that stuff.