Want to Join Us ?

you'll be able to discuss, share and send private messages.

ida pro plugin labeless, sync IDA with OllyDbg by a1ext

Discussion in 'Plugins' started by storm shadow, Oct 7, 2015.

Share This Page

  1. m4n0w4r

    Well-Known Member

    Many thanks for your hard working!!
    But i think, maybe i and some of my friends still use IDA 6.8 for a very long time ... :(

    Regards,
     
    roocoon and storm shadow like this.
  2. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    thx
     
  3. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 65
    • 107
    I'm going to implement the IDA "cursor synchronization" - it means when you are debugging (step in, step over, etc.) the application in debuggee (OllyDbg, x64dbg) it will broadcast the current position and part of CONTEXT when you, so IDA can receive this information and navigate you there (see the attachment)
    labeless_pause_notifications_following.gif

    It will be useful when you want to know where you are in the IDA's graph view while you working in OllyDbg/x64dbg.
    This almost doesn't decrease the debugging performance.

    The question is how to utilyze the information in IDA, except showing the current line.
    For example, the registers values can be stored (only included in the current instruction/all registers) like a "comment".
     
    storm shadow, m4n0w4r and Rip Cord like this.
  4. m4n0w4r

    Well-Known Member

    @a1ext:
    Wow .. that's is amazing feature.
    Can you get the return value of function from Ollydbg/x64dbg and store in IDA like a "comment"?
    Or take the parameters information of API call when working in OllyDbg/x64dbg and recomment/ or edit them like we using Standard symbolic constant in IDA.

    Tks so much!
     
  5. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 65
    • 107
    Can you show me an example?
     
  6. m4n0w4r

    Well-Known Member

    Here is my example:
    2017-10-10_22-26-32.png

    It just my idea, but i think it hard to implement :(

    Regards
     
    hypnz and storm shadow like this.
  7. m4n0w4r

    Well-Known Member

    Hi @a1ext: I want to ask a question.

    I tried labeless for IDA7 (the same for IDA 6.8). At the first time, open IDA and load the binary. After IDA finish its analyzing, i run other your plug(auto_re), it renamed the sub_xxx to au_re_xxx. But when i config labeless for synchronizing, it can not sync to Ollydbg, like the picture bellow. Why?

    IDA7_labeless.png

    So I must manual rename this sub again, then labeless will auto sync to OllyDBG.


    Regards,
     
    storm shadow likes this.
  8. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 65
    • 107
    I'll check this, could you, please, craete an issue on github?
     
  9. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 65
    • 107
    @m4n0w4r I've just tried to reproduce your steps and the sync worked.
    The option "Auto sync on rename" works like a subscription on given events and pushing renames to debug backend. In case you turn this option on and clicks "save" Labeless just subscribes on notifications. If you want to enable "auto rename" and apply existing names you should click "Synchronize now" - it will save current settings and do synchronization of all the labels and comments according to selected options.

    The AutoRE plugin makes lots of renames during short period of time and this spams sync queue with "rename" notification, you will see something like this in the log:
    Снимок экрана 2017-11-16 в 1.03.21.png
    the number at end of message is a number of names to sync in queue, it does slow and implemented incorrectly. I'm going to rewrite this part soon (probably in next release)
     
    Last edited: Nov 15, 2017
    Rip Cord likes this.
  10. m4n0w4r

    Well-Known Member

    Rip Cord and storm shadow like this.
Top