Want to Join Us ?

you'll be able to discuss, share and send private messages.

ida pro plugin labeless, sync IDA with OllyDbg by a1ext

Discussion in 'Plugins' started by storm shadow, Oct 7, 2015.

Share This Page

  1. gavz

    Member

    • gavz
    • Dec 29, 2015
    • 14
    • 12
  2. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
    m4n0w4r, Rip Cord, gavz and 1 other person like this.
  3. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
    I've got a reason why IDA 6.9 (Qt 5.4.1) crashes at exit.
    The case is when sove of view were opened (settings view or "python remote execution" view) before IDA exit.
    Because of:
    1) some QStringLiterals from Labeless are used by IDA's GUI (they all are shared and some of them are cached in QtGui (font database in this case))
    2) Labeless is PLUGIN_FIX and as other plugins it unloads before IDA exit
    3) when Labeless plugin is unloaded QtGui still has references to some strings which point to unloaded memory (at this time QApplication instance is alive)

    There is Qt bug report (not mine) https://bugreports.qt.io/browse/QTBUG-46880

    So, I work on fixing that and soon Labeless will be ready for IDA 6.9.
    P.S. x64dbg support is almost done.
     
  4. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    Qt is very buggy when closing events.Also you have the problem, that the plugin is runing instance inside another main window, this case IDA itself.
    Have you tried QtGui.QCloseEvent() uppon exit?

    @mr.exodia will be happy to hear that you are working on Labeless for x64dbg also.
     
    gavz likes this.
  5. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
    What do you mean?

    The problem is that I can't do clean-up of Qt internal structures (which are caches some of shared data) in my plugin.

    P.S. Abou x64dbg, he knows. I spoke to him.
     
  6. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
  7. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
    Does anybody want to test Labeless for OllyDbg 2.0 or x64_dbg (x64-bit applications dumping support added) ?
     
  8. m4n0w4r

    Well-Known Member

    Wow, greatz !
    Can I and other members try it :)

    Regards,
     
    a1ext likes this.
  9. computerline

    Well-Known Member Ida Pro Expert

    That greatz :D
     
    a1ext likes this.
  10. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
    Here is pre-release 1.1.0.1 and here is draft of a new README
     
    Last edited: May 13, 2016
  11. m4n0w4r

    Well-Known Member

    Thanks so much!

    I've tested with OllyDBG v1 & v2, Sync labels and comments feature works fine! :)

    Regards,
     
    Rip Cord and a1ext like this.
  12. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
    How about dumping ? I think dumping is the Main feature (now you can dump x64 app) of the Labeless.
     
    Rip Cord likes this.
  13. m4n0w4r

    Well-Known Member

    I try dumping and feel ok.

    About x64dbg:
    I used x64dbg version (13-Feb-2016) that you attched in labeless_release_full_1.1.0.1.7z. After config labeless (My OS: Windows 7 Pro x64 SP1)

    x32dbg works fine:
    x64dbg load fail:
    I tried the latest version of x64dbg(16-May-2016) but both of x32dbg & x64dbg fail:
    Regards,
     
    a1ext likes this.
  14. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
    Please check the following restrictions:
    • Are you set up python x64 system-wide?
    • Are you performed set up of protobuf and labeless python module for your python x64? You should specify full path to the python.exe like
    About x64dbg, the Labeless plugin is binary depends on x64dbg SDK. I'll periodically update Labeless with the latest x64dbg snapshot, because SDK wrappers require update & rebuild.
     
    m4n0w4r likes this.
  15. m4n0w4r

    Well-Known Member

    Thanks, i dont setup python x64 on my laptop. Will try it!
    Once again, your plugin is so great :)

    Regards,
     
    a1ext likes this.
  16. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
    Thank you :)
     
  17. computerline

    Well-Known Member Ida Pro Expert

    The sync & dumping features work very well, same as @m4n0w4r, I coudn't load x64dbg plugin. There the problem while the debugger (in my case is OllyDbg) stop while sync, and IDA continue show nag repeatly that only one way to use taskmgr to stop IDA.
     

    Attached Files:

    m4n0w4r and a1ext like this.
  18. ThangCuAnh

    New Member

    Author build the x32/64dbg labeless plugin with old pdk.
    In old pdk, the old, error import function in x32/64dbg.dll is:
    void Script::Function::DeleteRange(unsigned long,unsigned long)
    decorated name: ?DeleteRange@Function@Script@@YAXKK@Z

    In new pdk, they are:
    void Script::Function::DeleteRange(unsigned long,unsigned long,bool)
    ?DeleteRange@Function@Script@@YAXKK_N@Z

    I have patched them and they run well.
     
    computerline, m4n0w4r, a1ext and 2 others like this.
  19. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
    Could you describe what you did before that happen?
     
  20. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
    I'll update the x64dbg build in the new LL release soon.
     
Top