Want to Join Us ?

you'll be able to discuss, share and send private messages.

ida pro plugin labeless, sync IDA with OllyDbg by a1ext

Discussion in 'Plugins' started by storm shadow, Oct 7, 2015.

Share This Page

  1. m4n0w4r

    Well-Known Member

    Many thanks for your hard working!!
    But i think, maybe i and some of my friends still use IDA 6.8 for a very long time ... :(

    Regards,
     
    roocoon and storm shadow like this.
  2. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    thx
     
  3. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
    I'm going to implement the IDA "cursor synchronization" - it means when you are debugging (step in, step over, etc.) the application in debuggee (OllyDbg, x64dbg) it will broadcast the current position and part of CONTEXT when you, so IDA can receive this information and navigate you there (see the attachment)
    labeless_pause_notifications_following.gif

    It will be useful when you want to know where you are in the IDA's graph view while you working in OllyDbg/x64dbg.
    This almost doesn't decrease the debugging performance.

    The question is how to utilyze the information in IDA, except showing the current line.
    For example, the registers values can be stored (only included in the current instruction/all registers) like a "comment".
     
  4. m4n0w4r

    Well-Known Member

    @a1ext:
    Wow .. that's is amazing feature.
    Can you get the return value of function from Ollydbg/x64dbg and store in IDA like a "comment"?
    Or take the parameters information of API call when working in OllyDbg/x64dbg and recomment/ or edit them like we using Standard symbolic constant in IDA.

    Tks so much!
     
  5. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
    Can you show me an example?
     
  6. m4n0w4r

    Well-Known Member

    Here is my example:
    2017-10-10_22-26-32.png

    It just my idea, but i think it hard to implement :(

    Regards
     
    hypnz and storm shadow like this.
  7. m4n0w4r

    Well-Known Member

    Hi @a1ext: I want to ask a question.

    I tried labeless for IDA7 (the same for IDA 6.8). At the first time, open IDA and load the binary. After IDA finish its analyzing, i run other your plug(auto_re), it renamed the sub_xxx to au_re_xxx. But when i config labeless for synchronizing, it can not sync to Ollydbg, like the picture bellow. Why?

    IDA7_labeless.png

    So I must manual rename this sub again, then labeless will auto sync to OllyDBG.


    Regards,
     
    storm shadow likes this.
  8. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
    I'll check this, could you, please, craete an issue on github?
     
  9. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
    @m4n0w4r I've just tried to reproduce your steps and the sync worked.
    The option "Auto sync on rename" works like a subscription on given events and pushing renames to debug backend. In case you turn this option on and clicks "save" Labeless just subscribes on notifications. If you want to enable "auto rename" and apply existing names you should click "Synchronize now" - it will save current settings and do synchronization of all the labels and comments according to selected options.

    The AutoRE plugin makes lots of renames during short period of time and this spams sync queue with "rename" notification, you will see something like this in the log:
    Снимок экрана 2017-11-16 в 1.03.21.png
    the number at end of message is a number of names to sync in queue, it does slow and implemented incorrectly. I'm going to rewrite this part soon (probably in next release)
     
    Last edited: Nov 15, 2017
    Rip Cord likes this.
  10. m4n0w4r

    Well-Known Member

    Rip Cord and storm shadow like this.
  11. m4n0w4r

    Well-Known Member

    @a1ext:
    Any news update for IDA 7.0?
     
  12. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
    I've set up automatic build of the solution in github on commit with help of appveyor, curretly the devel branch is active.
    I have plans to add support of pause notifications sending for x64dbg as well as for OllyDbg 2, but currently I'm very busy with other things.
    I'll release a new version in 1-2 month.

    Do you have any advices, ideas of improvement? Also, I've created a chat on gitter in case anybody has questions or reach me fast: https://gitter.im/labeless/Lobby?ut...badge&utm_campaign=pr-badge&utm_content=badge
     
    m4n0w4r, computerline and Rip Cord like this.
  13. m4n0w4r

    Well-Known Member

    First of all, thanks @a1ext for the new release!!!

    Labeless v_1_1_2_48
    Download here: https://github.com/a1ext/labeless/releases/download/v_1_1_2_48/labeless_release_full_1.1.2.48.7z

    Regards,
     
  14. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
    storm shadow, Rip Cord and m4n0w4r like this.
  15. a1ext

    Well-Known Member Ida Pro Expert Developer

    • a1ext
    • Oct 8, 2015
    • 68
    • 118
    Hi guys,

    The new version of Labeless 1.1.2.65 is available https://github.com/a1ext/labeless/releases/tag/v_1_1_2_65

    Updated bundled x64dbg to snapshot on 1 Jul 2018 and performed other small fixes.

    P.S. Don't forget to uninstall old python module:
    Code (Text):
    pip uninstall labeless
    and install the fresh one using PyPI:
    Code (Text):
    pip install labeless
    or using prebuilt one from release archive:
    Code (Text):
    pip install deploy\labeless-1.1.2.65-py2.py3-none-any.whl
     
  16. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

Top