Name: Anonymous 2009-02-04 15:17
I know this is probably the last place this is going to get useful replies, but let's try anyway.
I need (well, want) an interactive debugger / disassembler to figure out what a certain executable is doing. Said executable is not protected in any way (it's not packed, it doesn't have any anti-debug protections) and is rather compact and self-contained. It's a usermode Win32 executable.
Getting the data and code sections out is rather easy, but since it's stripped (has no symbols or debugging information) it's not really useful. What I need is something that allows executing step-by-step, allowing to watch and find patterns in memory, place data and code breakpoints, and so on. Just like a normal debugger, but with aids for the lack of debugging information: ability to figure out code flow, ability to manually tag stuff as you figure what it is, etc...
So I'd appreciate recommendations from anyone that has actually done this or tested any tools before. Cost is not really an issue as long as pirated copies can be found somewhere, but I'd appreciate not going overkill (for example, SoftICE would be overkill, if I'm not mistaken). Comfort of use is more important than stealth or advanced deobfuscation features in this case. Also, as I said I just want to figure out some stuff it's doing, I don't need to make any modifications or change its behavior at all.
I need (well, want) an interactive debugger / disassembler to figure out what a certain executable is doing. Said executable is not protected in any way (it's not packed, it doesn't have any anti-debug protections) and is rather compact and self-contained. It's a usermode Win32 executable.
Getting the data and code sections out is rather easy, but since it's stripped (has no symbols or debugging information) it's not really useful. What I need is something that allows executing step-by-step, allowing to watch and find patterns in memory, place data and code breakpoints, and so on. Just like a normal debugger, but with aids for the lack of debugging information: ability to figure out code flow, ability to manually tag stuff as you figure what it is, etc...
So I'd appreciate recommendations from anyone that has actually done this or tested any tools before. Cost is not really an issue as long as pirated copies can be found somewhere, but I'd appreciate not going overkill (for example, SoftICE would be overkill, if I'm not mistaken). Comfort of use is more important than stealth or advanced deobfuscation features in this case. Also, as I said I just want to figure out some stuff it's doing, I don't need to make any modifications or change its behavior at all.