you'll be able to discuss, share and send private messages.
Discussion in 'Plugins' started by storm shadow, Oct 7, 2015.
In the description of labeless, you mention that this plugin can sync comments between IDA & Olly, but i dont know how to do?
Example, I want to sync my comments in IDA (like the picture bellow) to OllyDBG:
Try to turn on sync of comments in Labeless settings.
What IDA PRO version do you have?
I use IDA version 6.6.141224 and also turn on sync of comments:
In Menu, only see the Sync label now function:
I have one place where it can fail, ok. I'll check that on Sunday. I'm at BotConf'2015 right now :3
Okie, i and other members will wait for your fix!
Tks for useful plugins.
@a1text: Is there any update or fix?
There is new option "Comments:" in the Configuration view:
The new option is per-database and you should select type of comments sync and save (you can select it and then uncheck "Enable labels & comments sync" if you want to use only "Sync labels now" from main menu) settings.
Here is testing version of Labeless for IDA 6.6 with new comments sync option.
P.S. Don't forget to use proper "Remote module base".
Very interesting , i've just tested and it works like a charm
PS: Any release for higher version like 6.8?
I dont know why ESET (i used Nod32 AV 8) notified
Build for IDA 6.8 will be available soon (~at end of weekend).
Hmm, Avast and Nod32 are crazy https://www.virustotal.com/en/file/...8db8764985940336a65d6b2d/analysis/1449715291/
I don't use AV %)
Tks for your info.
Why dont you upgrade the feature to automatically get proper "remote module base" when test connection with OllyDBG?
Labeless can't decide which module you are going to dump later (or sync with).
When i delete comments from IDA, these comments still exist at OllyDBG!
When do you release the plugin for IDA 6.8 ?
So, that require to keep syncronization history...
I have used the following logic:
Labels and comments are overwriten in Olly only when IDA has labels & comments.
If IDA doesn't have anything to sync at some addresses, then I will not wipe any comments/labels in Olly (I think that is right behavior).
When you often switch between two Olly's (for example main process and inject in some another process), Labeless can't know (for now) about what were syncronized before for each Olly
So, you may tell me your thoughts about how that can be fixed in good way
For now, comments sync is under testing and I noticed that this feature isn't ready to be released.
I can provide a binary for testing if you want.
Someone asked me to make synchronization of stack variables defined in IDA. That would be good to get that information in Olly. And may be struct field operands too. I don't know is Olly has possiblitity to set custom operand to display, may be that can be done using comments?
Thanks for your reply and birnary for testing,
In my opinion,I think IDA and OllyDBG use different disassembler engine, so that make synchronization of labels & comments is so enough. If make synchronization of stack variables and struct fields may lead something wrong in OllyDBG.
* Labeless for IDA 6.8 and [NEW!] IDA 6.9 with comments sync (for tests). In IDA 6.9 'Labeless' menu can jump left side - don't worry, that soon be fixed.
* Labeless for Olly 2.0 (fixed bug with wrong formatting)
UPD: first archive is updated, re-download it, please.
UPD2: hmmm, seems like labeless crashes IDA 6.9 at exit, may be problem in Qt5...
There "Access Violence" on exit ida 6.8 also, my crash dump log
eax=00000000 ebx=03b293b4 ecx=00000000 edx=00000000 esi=777e9e70 edi=04be51d0
eip=66dadd35 esp=00d0c554 ebp=00d0c55c iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210246
66dadd35 39484c cmp dword ptr [eax+4Ch],ecx ds:002b:0000004c=????????
Resetting default scope
66dadd35 39484c cmp dword ptr [eax+4Ch],ecx
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 66dadd35 (QtCore4!QT::QSharedMemory::isAttached+0x00000005)
ExceptionCode: c0000005 (Access violation)
Attempt to read from address 0000004c
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
66dadd35 39484c cmp dword ptr [eax+4Ch],ecx
WARNING: Stack unwind information not available. Following frames may be wrong.
00d0c55c 04a86d81 04be4580 00d0c584 04a840b0 QtCore4!QT::QSharedMemory::isAttached+0x5
00d0c568 04a840b0 1053079d 04be4580 00d0c5dc labeless_ida_680+0x16d81
00d0c584 04b9e8cd 00d0c5a8 04b849d2 00000000 labeless_ida_680+0x140b0
00d0c58c 04b849d2 00000000 00000000 04a70000 labeless_ida_680+0x12e8cd
00d0c5a8 04b84aee 03b293ec 03b29330 03b29330 labeless_ida_680+0x1149d2
00d0c5ec 04b84b6b 04a70000 00d0c618 777f88ae labeless_ida_680+0x114aee
00d0c5f8 777f88ae 04a70000 00000000 00000000 labeless_ida_680+0x114b6b
00d0c618 777d2067 04b84b4d 04a70000 00000000 ntdll!LdrxCallInitRoutine+0x16
00d0c668 777dd318 00000000 00000000 6326dad1 ntdll!LdrpCallInitRoutine+0x43
00d0c6d0 777bef8f 04be22e0 01431d50 00000000 ntdll!LdrpProcessDetachNode+0xbb
00d0c6f0 777d9f4a 6326db29 04be22e0 03adcd7c ntdll!LdrpUnloadNode+0x3d
00d0c728 777d9ea5 04a70000 00acf218 01411d50 ntdll!LdrpDecrementModuleLoadCount+0x7b
00d0c744 751e9eb6 04a70000 00000000 04be22e0 ntdll!LdrUnloadDll+0x55
00d0c758 0f34cb42 04a70000 03adcd60 0f3b5217 KERNELBASE!FreeLibrary+0x16
00000000 00000000 00000000 00000000 00000000 ida!free_dll+0x12
STACK_COMMAND: .ecxr ; kb
Maybe this make crash in ida 6.9
How to reproduce it? Give me please the SHA256 of used plugin.
I used the plugin for 6.8 build above SHA256: 0B8C8FF153A079C66E4F82D62A1C1F9C4994DE1128A61F4E9A2358C59DFE7435 , I copy it to IDA plugins dir, and run ida. After close IDA, the dump is create in C:\Users\<user>\AppData\Local\CrashDumps, or could be create by use debugdiag & application verifier as the guid in here http://blogs.msdn.com/b/lagdas/arch...-with-application-verifier-and-debugdiag.aspx, track Access Violation exception. The above info is output of windbg, I use command !analyze -v
Separate names with a comma.