Hello, I've been reading the tutorial and having fun. Do you have any good debugger for assembly language programmer? Thanks, Hiusing
Hey Hiusing welcome! The debugger of choice among coders/reversers/crackers/etc is the powerfull SoftIce. Buy it at www.numega.com or check your local warez center :) Ciao Latigo
softice is the best debugger. the only point is that maybe you dont need still so much power. so i recomend turbo debugger.
ive heard from many people that OllyDbg is really good and its free. get it here !
I've never needed a debugger for any ASM work. I just use a few macros to emit info on what the program is doing.
Likewise, its my preferred style of debuggging. I simply 'trap' the bug by getting info back as the program progresses. Ernie didnt offer his debuggin macro's for this purpose, but i recomend them! They are on his web site and are simple to use. Even if your not debugging per-say, they are very handy to have. NaN
and people tells me softice is the best. it's depends on how you look at it (sure i know si is the best). win32dasm <--- is that the best? IDA <--- is that also the best? well, it has feature that win32dasm doesn't... which is vital to C**KER. what about DEBUG.COM (which is right there in front of you)? :) it's hard to decide i know... i myself couldn't decide wheth- er i should use borland c or visual c or even turbo c. Turbo Debugger (commerical) Win32dasm (free) OllyDbg (free) cool! thanx smurf!! Hiew (demo) this is hexeditor my opinions: they all work best together... and if you're the type of person that want thing as ONE. then go for softice, cause softice alone has all the power above. but the problem is that it FREEZE your computer to dealth (just for debugging your little asm file) and it create misunderstood for other application. some app will not run due to SOFTICE that exist in memory..... what do you do? you UNINSTALL IT... or create a program that change the name in memory... (haven't try it, but i think it works...)
:D This message was edited by disease_2000, on 6/3/2001 2:16:23 AM
thanx again smurf! ollydbg is cool and very efficient, more ef- ficient than visual studio debugger (not in term of power, but EFFICIENCY :) for example: it let me copy anything that is there to clipboard. good for teaching reverse engineer. 00438EE7 |. 57 PUSH EDI 00438EE8 |. 6A 00 PUSH 0 ; /lParam = 0 00438EEA |. 74 5B JE SHORT STREAMLI.00438F47 ; | 00438EEC |. 6A 01 PUSH 1 ; |wParam = 1 00438EEE |. A1 30DA4600 MOV EAX,DWORD PTR DS:[46DA30] ; | 00438EF3 |. 6A 0B PUSH B ; |Message = WM_SETREDRAW 00438EF5 |. 8B35 90384700 MOV ESI,DWORD PTR DS:[<&USER32.SendMessa>; | 00438EFB |. 50 PUSH EAX ; |hWnd => NULL 00438EFC |. FFD6 CALL ESI ; \SendMessageA 00438EFE |. 6A 01 PUSH 1 ; /Erase = TRUE 00438F00 |. 8B0D 30DA4600 MOV ECX,DWORD PTR DS:[46DA30] ; | 00438F06 |. 6A 00 PUSH 0 ; |pRect = NULL 00438F08 |. 8B3D A4384700 MOV EDI,DWORD PTR DS:[<&USER32.Invalidat>; | 00438F0E |. 51 PUSH ECX ; |hWnd => NULL 00438F0F |. FFD7 CALL EDI ; \InvalidateRect 00438F11 |. 8B0D 30DA4600 MOV ECX,DWORD PTR DS:[46DA30] 00438F17 |. 8B1D 6C384700 MOV EBX,DWORD PTR DS:[<&USER32.UpdateWin> 00438F1D |. 51 PUSH ECX ; /hWnd => NULL 00438F1E |. FFD3 CALL EBX ; \UpdateWindow 00438F20 |. 6A 00 PUSH 0 ; /lParam = 0 00438F22 |. 8B0D C4D84600 MOV ECX,DWORD PTR DS:[46D8C4] ; | 00438F28 |. 6A 01 PUSH 1 ; |wParam = 1 00438F2A |. 6A 0B PUSH B ; |Message = WM_SETREDRAW 00438F2C |. 51 PUSH ECX ; |hWnd => NULL 00438F2D |. FFD6 CALL ESI ; \SendMessageA 00438F2F |. 6A 01 PUSH 1 ; /Erase = TRUE 00438F31 |. A1 C4D84600 MOV EAX,DWORD PTR DS:[46D8C4] ; | 00438F36 |. 6A 00 PUSH 0 ; |pRect = NULL 00438F38 |. 50 PUSH EAX ; |hWnd => NULL 00438F39 |. FFD7 CALL EDI ; \InvalidateRect 00438F3B |. A1 C4D84600 MOV EAX,DWORD PTR DS:[46D8C4] 00438F40 |. 50 PUSH EAX ; /hWnd => NULL 00438F41 |. FFD3 CALL EBX ; \UpdateWindow 00438F43 |. 5F POP EDI 00438F44 |. 5E POP ESI 00438F45 |. 5B POP EBX 00438F46 |. C3 RETN 00438F47 |> 6A 00 PUSH 0 ; |wParam = 0 00438F49 |. A1 30DA4600 MOV EAX,DWORD PTR DS:[46DA30] ; | 00438F4E |. 6A 0B PUSH B ; |Message = WM_SETREDRAW 00438F50 |. 8B35 90384700 MOV ESI,DWORD PTR DS:[<&USER32.SendMessa>; | 00438F56 |. 50 PUSH EAX ; |hWnd => NULL by looking at that, you know what you want to reverse.... the msg and function call are clear. ;) they even tell you what the PUSH are!!!!