# Good disassemble/debugging program?



## netrom (Apr 16, 2009)

Hi all!

I want to


----------



## DutchDaemon (Apr 16, 2009)

... finish a sentence?


----------



## netrom (Apr 16, 2009)

Sorry for that^ Accidentally pressed submit.

But anyway, I'm looking for a good program for doing reverse engineering in. At some point in my past I used OllyDBG in Windows which, I think, is pretty darn good. But I can't find any similar application for *nix. I know dbg, ddd etc. But they they're not as "nice".

So any alternatives?

Thanks!


----------



## graudeejs (Apr 16, 2009)

Truth is, there are none (nice. With nice i think something like IDA Pro, Turbo debugger, ollydbg, Immunity Debugger, SoftIce)

for linux there's at least Ida Pro (cli version)

you can disassemble with ht [editors/hteditor] (a bit), but you can't do nothing serious.

btw FreeBSD/Linux is open source, so you don't need to disassemble


However there is this project:
http://rr0d.droids-corp.org/


If you find anything interesting plz let me know,
I'm very interested in reverse engineering


----------



## ephemera (Apr 17, 2009)

objdump, readelf, nm, gdb from the base system.

http://en.wikipedia.org/wiki/GNU_Binutils


----------



## SirDice (Apr 17, 2009)

killasmurf86 said:
			
		

> btw FreeBSD/Linux is open source, so you don't need to disassemble


While true you can use your fbsd/linux box to disassemble/analyze/reverse engineer windows executables.


----------



## drhowarddrfine (Apr 17, 2009)

fwiw, I had started to work on porting ollydbg to FreeBSD a couple years ago. Life got in the way but one of these days, Alice....one of these days.


----------



## netrom (Apr 18, 2009)

killasmurf86 said:
			
		

> However there is this project:
> http://rr0d.droids-corp.org/



Thanks for the link. I downloaded it and compiled it but when I kldloaded it the system panicked and restarted. I could begin to determine why but I'm more in the mood for some learning.. Hehe.

But as ephemera pointed out, I'm gonna go for gdb etc. first to get the hang of all the basics. It doesn't really matter if that's not imprinted into the brain anyway.

Oh, and drhowarddrfine please do soon! :e


----------



## graudeejs (Apr 18, 2009)

btw, here are some free for personal use tools for windows

IDA Pro FreeWare 4.9
http://www.hex-rays.com/idapro/idadownfreeware.htm
Ida is the best disassembler know to me in this galaxy

Immunity debugger
http://www.immunityinc.com/products-immdbg.shtml
seams pretty good


Open Source Hex editor:
ht editor
http://hte.sourceforge.net/
in ports it's editors/hteditor
i like this editor because it doesn't have cli problems like giew


----------



## drhowarddrfine (Apr 19, 2009)

Let's not forget ald. I don't think the guy has updated it in years but I was using it a couple years ago when I was writing some assembly.


----------



## netrom (Apr 19, 2009)

killasmurf86 said:
			
		

> Open Source Hex editor:
> ht editor
> http://hte.sourceforge.net/
> in ports it's editors/hteditor
> i like this editor because it doesn't have cli problems like giew


I have been using hte the last few days and I think it's pretty good at what i does. Also the built-in assembling features are nice.

But I was thinking.. If you want to reverse engineer a binary with no debugging symbols and so on. Then gdb and the like are not very easy to use because the names are not readable. And you can't look at the source code either. How then does one step through a program to understand what it does?

So you can get some info by using objdump but still..


----------



## SirDice (Apr 19, 2009)

netrom said:
			
		

> But I was thinking.. If you want to reverse engineer a binary with no debugging symbols and so on. Then gdb and the like are not very easy to use because the names are not readable. And you can't look at the source code either. How then does one step through a program to understand what it does?


Using a lot of blood, sweat and tears


----------



## graudeejs (Apr 19, 2009)

SirDice said:
			
		

> Using a lot of blood, sweat and tears



and IDA Pro


Ida pro is great thing.... 
AND latest version have build in debugger, AND a feature (plugin probably) to convert asm code back to C code (if i recall correctly it was named Hex-rays decompiler)

http://www.hex-rays.com/decompiler.shtml


Good book on subject is:
Hackers disassembling uncovered by Kriss Kaspersky
http://www.amazon.com/Hacker-Disassembling-Uncovered-Techniques-Programming/dp/1931769222

only thing it heavily relies on Soft-Ice and unfortunately this peace of great software is dead.
http://en.wikipedia.org/wiki/SoftICE


----------



## SirDice (Apr 20, 2009)

killasmurf86 said:
			
		

> and IDA Pro
> 
> Ida pro is great thing....
> AND latest version have build in debugger,


Very true indeed. The full version is quite expensive though 



> Good book on subject is:
> Hackers disassembling uncovered by Kriss Kaspersky
> http://www.amazon.com/Hacker-Disassembling-Uncovered-Techniques-Programming/dp/1931769222


A very good book on the subject but it mostly focuses on how to get at passwords and/or serials in code and how to prevent hackers getting them.



> only thing it heavily relies on Soft-Ice and unfortunately this peace of great software is dead.
> http://en.wikipedia.org/wiki/SoftICE


IIRC it was part of driverstudio and last I tried it worked perfectly on windows XP.


----------



## graudeejs (Apr 20, 2009)

SirDice said:
			
		

> IIRC it was part of driverstudio and last I tried it worked perfectly on windows XP.



What is IIRC?


----------



## SirDice (Apr 20, 2009)

Sorry, I've been on the Internet for far too long...

IIRC means "If I Recall Correctly".

http://www.dict.org/bin/Dict?Form=Dict2&Database=*&Query=iirc


----------



## graudeejs (Apr 20, 2009)

SirDice said:
			
		

> Sorry, I've been on the Internet for far too long...
> 
> IIRC means "If I Recall Correctly".
> 
> http://www.dict.org/bin/Dict?Form=Dict2&Database=*&Query=iirc



lol, I for some reason thought it was some kind of software, that I haven't heard of. lol


Yes it was part of driverstudio (or something like that) form NuMega


----------



## graudeejs (Oct 22, 2009)

This is old and forgotten thread, but I wanted to point out
devel/cgdb

I'm starting to like it, at least it seams to be much easier to use than pure gdb for gdb noob like me 

mostly because you see source all the time, and don't have to type list.... etc

(Still exploring it)


----------



## paradox (Oct 24, 2009)

for debugging
user level debugger

EDB debugger http://www.codef00.com/projects.php
screen shot http://www.codef00.com/img/debugger.png

may be some one add it to ports?


----------



## graudeejs (Oct 25, 2009)

Maybe I'll try after January.... (if I'll find some time)
Currently I don't have time at all


----------



## SIFE (Oct 26, 2009)

there are some library to dissemble x86 elf file format .


----------

