ida pro plugin labeless, sync IDA with OllyDbg by a1ext

A

a1ext

New member
Developer
Ida Pro Expert
I'm going to implement the IDA "cursor synchronization" - it means when you are debugging (step in, step over, etc.) the application in debuggee (OllyDbg, x64dbg) it will broadcast the current position and part of CONTEXT when you, so IDA can receive this information and navigate you there (see the attachment)
labeless_pause_notifications_following.gif

It will be useful when you want to know where you are in the IDA's graph view while you working in OllyDbg/x64dbg.
This almost doesn't decrease the debugging performance.

The question is how to utilyze the information in IDA, except showing the current line.
For example, the registers values can be stored (only included in the current instruction/all registers) like a "comment".
 
m4n0w4r

m4n0w4r

New member
@a1ext:
Wow .. that's is amazing feature.
Can you get the return value of function from Ollydbg/x64dbg and store in IDA like a "comment"?
Or take the parameters information of API call when working in OllyDbg/x64dbg and recomment/ or edit them like we using Standard symbolic constant in IDA.

Tks so much!
 
m4n0w4r

m4n0w4r

New member
Hi @a1ext: I want to ask a question.

I tried labeless for IDA7 (the same for IDA 6.8). At the first time, open IDA and load the binary. After IDA finish its analyzing, i run other your plug(auto_re), it renamed the sub_xxx to au_re_xxx. But when i config labeless for synchronizing, it can not sync to Ollydbg, like the picture bellow. Why?

IDA7_labeless.png

So I must manual rename this sub again, then labeless will auto sync to OllyDBG.


Regards,
 
A

a1ext

New member
Developer
Ida Pro Expert
m4n0w4r said:
Hi @a1ext: I want to ask a question.

I tried labeless for IDA7 (the same for IDA 6.8). At the first time, open IDA and load the binary. After IDA finish its analyzing, i run other your plug(auto_re), it renamed the sub_xxx to au_re_xxx. But when i config labeless for synchronizing, it can not sync to Ollydbg, like the picture bellow. Why?

View attachment 820

So I must manual rename this sub again, then labeless will auto sync to OllyDBG.


Regards,
Click to expand...
I'll check this, could you, please, craete an issue on github?
 
A

a1ext

New member
Developer
Ida Pro Expert
a1ext said:
I'll check this, could you, please, craete an issue on github?
Click to expand...
@m4n0w4r I've just tried to reproduce your steps and the sync worked.
The option "Auto sync on rename" works like a subscription on given events and pushing renames to debug backend. In case you turn this option on and clicks "save" Labeless just subscribes on notifications. If you want to enable "auto rename" and apply existing names you should click "Synchronize now" - it will save current settings and do synchronization of all the labels and comments according to selected options.

The AutoRE plugin makes lots of renames during short period of time and this spams sync queue with "rename" notification, you will see something like this in the log:
Снимок экрана 2017-11-16 в 1.03.21.png
the number at end of message is a number of names to sync in queue, it does slow and implemented incorrectly. I'm going to rewrite this part soon (probably in next release)
 
Last edited:
A

a1ext

New member
Developer
Ida Pro Expert
m4n0w4r said:
@a1ext:
Any news update for IDA 7.0?
Click to expand...
I've set up automatic build of the solution in github on commit with help of appveyor, curretly the devel branch is active.
I have plans to add support of pause notifications sending for x64dbg as well as for OllyDbg 2, but currently I'm very busy with other things.
I'll release a new version in 1-2 month.

Do you have any advices, ideas of improvement? Also, I've created a chat on gitter in case anybody has questions or reach me fast: https://gitter.im/labeless/Lobby?ut...badge&utm_campaign=pr-badge&utm_content=badge
 
m4n0w4r

m4n0w4r

New member
First of all, thanks @a1ext for the new release!!!

Labeless v_1_1_2_48
  • [IDA] IDA PRO 7x compatibility added
  • [Feature,IDA] template names substitution added (like in REtypedef, under development)
  • [Feature,Olly2,IDA] Pause notification broadcasting is under development (after you enable it, when you trace (step in/over/out, run till cursor, etc. - on any pause of the debuggee execution) the IDA will receive small packets with the cursor position and the context and will show it to you). Currently Oll2 only is supported, watch how it looks like
  • [Feature,IDA,Olly1,Olly2,x64dbg] Now we can navigate from IDA to debugger and vice versa without copying/typing the address to go to, new hotkeys were added for that Shift+J and Ctrl+Shift+J respectively
  • [IDA68] build options fixed
  • [Linux build] project and fixed bug with GCLIBCXX CXX11 ABI
  • [Fix] issue #29
  • [3rd-party] Added libprotobuf v140 x64
  • [Integrations] Added gitter badge and Appveyour automatic builds (build status now is displayed in README.md)
  • [Release] debug symbols package building added
  • [Olly1,Olly2,x64dbg] an about dialog will display build timestamp instead of last source change one
  • [Python module] wheel packaging opportunity added, soon it will be available for installation from PyPI
Click to expand...

Download here: https://github.com/a1ext/labeless/releases/download/v_1_1_2_48/labeless_release_full_1.1.2.48.7z

Regards,
 
A

a1ext

New member
Developer
Ida Pro Expert
A

a1ext

New member
Developer
Ida Pro Expert
Hi guys,

The new version of Labeless 1.1.2.65 is available https://github.com/a1ext/labeless/releases/tag/v_1_1_2_65

Updated bundled x64dbg to snapshot on 1 Jul 2018 and performed other small fixes.

P.S. Don't forget to uninstall old python module:
Code: 
pip uninstall labeless

and install the fresh one using PyPI:
Code: 
pip install labeless
or using prebuilt one from release archive:
Code: 
pip install deploy\labeless-1.1.2.65-py2.py3-none-any.whl
 
A

a1ext

New member
Developer
Ida Pro Expert
A

a1ext

New member
Developer
Ida Pro Expert
You must log in or register to reply here.
Top