Hello, I've been reading the tutorial and having fun. Do you have any good debugger for assembly language programmer? Thanks, Hiusing
Posted on 2001-06-02 19:41:00 by Hiusing
Hey Hiusing welcome! The debugger of choice among coders/reversers/crackers/etc is the powerfull SoftIce. Buy it at www.numega.com or check your local warez center :) Ciao Latigo
Posted on 2001-06-02 20:21:00 by latigo
softice is the best debugger. the only point is that maybe you dont need still so much power. so i recomend turbo debugger.
Posted on 2001-06-02 20:28:00 by vecna
ive heard from many people that OllyDbg is really good and its free. get it here !
Posted on 2001-06-02 20:50:00 by smurf
I've never needed a debugger for any ASM work. I just use a few macros to emit info on what the program is doing.
Posted on 2001-06-02 23:41:00 by Ernie
Likewise, its my preferred style of debuggging. I simply 'trap' the bug by getting info back as the program progresses. Ernie didnt offer his debuggin macro's for this purpose, but i recomend them! They are on his web site and are simple to use. Even if your not debugging per-say, they are very handy to have. NaN
Posted on 2001-06-03 01:14:00 by NaN

 and people tells me softice is the best. it's depends on how you
 look at it (sure i know si is the best).

 win32dasm <--- is that the best?
 IDA       <--- is that also the best? well, it has feature that
                win32dasm doesn't... which is vital to C**KER.

 what about DEBUG.COM (which is right there in front of you)?

 :) it's hard to decide i know... i myself couldn't decide wheth-
 er i should use borland c or visual c or even turbo c.

 Turbo Debugger (commerical)
 Win32dasm (free)
 OllyDbg (free) cool! thanx smurf!!
 Hiew   (demo) this is hexeditor
 my opinions: they all work best together... and if you're the
 type of person that want thing as ONE. then go for softice, cause
 softice alone has all the power above. but the problem is that
 it FREEZE your computer to dealth (just for debugging your little
 asm file) and it create misunderstood for other application.
 some app will not run due to SOFTICE that exist in memory.....

 what do you do? you UNINSTALL IT... or create a program that change
 the name in memory... (haven't try it, but i think it works...)

Posted on 2001-06-03 02:02:00 by disease_2000

 thanx again smurf! ollydbg is cool and very efficient, more ef-
 ficient than visual studio debugger (not in term of power, but

 for example: it let me copy anything that is there to clipboard.
 good for teaching reverse engineer.

00438EE7  |. 57             PUSH EDI
00438EE8  |. 6A 00          PUSH 0                                   ; /lParam = 0
00438EEA  |. 74 5B          JE SHORT STREAMLI.00438F47               ; |
00438EEC  |. 6A 01          PUSH 1                                   ; |wParam = 1
00438EEE  |. A1 30DA4600    MOV EAX,DWORD PTR DS:[46DA30]            ; |
00438EF3  |. 6A 0B          PUSH B                                   ; |Message = WM_SETREDRAW
00438EF5  |. 8B35 90384700  MOV ESI,DWORD PTR DS:[<&USER32.SendMessa>; |
00438EFB  |. 50             PUSH EAX                                 ; |hWnd => NULL
00438EFC  |. FFD6           CALL ESI                                 ; \SendMessageA
00438EFE  |. 6A 01          PUSH 1                                   ; /Erase = TRUE
00438F00  |. 8B0D 30DA4600  MOV ECX,DWORD PTR DS:[46DA30]            ; |
00438F06  |. 6A 00          PUSH 0                                   ; |pRect = NULL
00438F08  |. 8B3D A4384700  MOV EDI,DWORD PTR DS:[<&USER32.Invalidat>; |
00438F0E  |. 51             PUSH ECX                                 ; |hWnd => NULL
00438F0F  |. FFD7           CALL EDI                                 ; \InvalidateRect
00438F11  |. 8B0D 30DA4600  MOV ECX,DWORD PTR DS:[46DA30]
00438F17  |. 8B1D 6C384700  MOV EBX,DWORD PTR DS:[<&USER32.UpdateWin>
00438F1D  |. 51             PUSH ECX                                 ; /hWnd => NULL
00438F1E  |. FFD3           CALL EBX                                 ; \UpdateWindow
00438F20  |. 6A 00          PUSH 0                                   ; /lParam = 0
00438F22  |. 8B0D C4D84600  MOV ECX,DWORD PTR DS:[46D8C4]            ; |
00438F28  |. 6A 01          PUSH 1                                   ; |wParam = 1
00438F2A  |. 6A 0B          PUSH B                                   ; |Message = WM_SETREDRAW
00438F2C  |. 51             PUSH ECX                                 ; |hWnd => NULL
00438F2D  |. FFD6           CALL ESI                                 ; \SendMessageA
00438F2F  |. 6A 01          PUSH 1                                   ; /Erase = TRUE
00438F31  |. A1 C4D84600    MOV EAX,DWORD PTR DS:[46D8C4]            ; |
00438F36  |. 6A 00          PUSH 0                                   ; |pRect = NULL
00438F38  |. 50             PUSH EAX                                 ; |hWnd => NULL
00438F39  |. FFD7           CALL EDI                                 ; \InvalidateRect
00438F3B  |. A1 C4D84600    MOV EAX,DWORD PTR DS:[46D8C4]
00438F40  |. 50             PUSH EAX                                 ; /hWnd => NULL
00438F41  |. FFD3           CALL EBX                                 ; \UpdateWindow
00438F43  |. 5F             POP EDI
00438F44  |. 5E             POP ESI
00438F45  |. 5B             POP EBX
00438F46  |. C3             RETN
00438F47  |> 6A 00          PUSH 0                                   ; |wParam = 0
00438F49  |. A1 30DA4600    MOV EAX,DWORD PTR DS:[46DA30]            ; |
00438F4E  |. 6A 0B          PUSH B                                   ; |Message = WM_SETREDRAW
00438F50  |. 8B35 90384700  MOV ESI,DWORD PTR DS:[<&USER32.SendMessa>; |
00438F56  |. 50             PUSH EAX                                 ; |hWnd => NULL

 by looking at that, you know what you want to reverse....
 the msg and function call are clear. ;)
 they even tell you what the PUSH are!!!!
:D This message was edited by disease_2000, on 6/3/2001 2:16:23 AM
Posted on 2001-06-03 02:11:00 by disease_2000