[Cracking tool] debugging tool (debuggers)

I often use some practical debugging tools.Debuggers)

Ollydbg Debugger
Ollydbg [2008.1.1]	(Because ollydbg 1.1 (http://www.ollydbg.de) officially no longer updated, so some fans of ollydbg modification, to add some features or modify some bugs, ollyice is one of the modified version, the name of ollyice is only easy to distinguish, and its essence is still ollydbg. A new dynamic tracing tool that combines Ida and SoftICE. The ring 3 debugger is very easy to use and has replaced SoftICE as the most popular debugging and decryption tool today.Highly recommended! Ollyice v1.10 modified [2008.1.1]========================================================== ========================================================== 2008.1.1 1. locklose adds some API and struct information: 1) Some API identification is added; 2) 290 struct & enumeration types are added; 3) 2504 API function structures are added; 4) includes some common VB functions, some VC functions, and some msvcrt. DLL function; 2. fixed some bugs. ollyice.exe was modified on the basis of the second edition of cao_cong. Ollydbg. EXE is modified in English. It is modified in the same way as ollyice.exe. Note: ollyice.exe (cao_cong Chinese Version) Preparation file ollydbg. INI is completely English. Therefore, ollydbg in Chinese and English versions can share a configuration file. The ollyice name is from the ollydbg modification book of forgot. Ollyice. EXE and ollydbg. EXE also made the following changes: 1. common changes such as windows and class names; 2. [outputdebugstring] patch for string formatting; 3. refer to the odbydyk v1.10 in dyk158 to automatically configure UDD and plugin as absolute paths. 4. refer to the article "OD replication Bug Analysis and Correction" in NBW to fix the bug that sometimes all data cannot be copied to the clipboard when copying data from the memory area. 5. Refer to ohuangkeo "one of the reasons for not being analyzed by OD and the repair method" to slightly improve the OD recognition PE format capability (it may still report non-PE files, but it can be debugged ). 6. Fixed the issue where the bpwm command of the ollyscript. dll plug-in was interrupted during memory read/write. 7.jingulong's loaddll.exe can easily interrupt the olldbg at the DLL entry. 8. Thanks to darkbul for notifying me of the bug and fixing in the shift + F2 condition window. 9. Thanks to dreaman for fixing the bug that the three functions of findlabel, findname, and findnextname will overflow when processing strings. 10. Improve the sprintf function to display bugs where some floating point numbers will crash. The Fix code here directly references the hexer code. 11. This modified version, combined with the hideod plug-in, can effectively hide the OD. 12. added the practical shortcut key function 13. Fixed themida v1.9.x. X to detect ollyice's anti and cooperated with hidetoolz to debug the themida v1.9.x. x shelling program. 14. Some API and struct information is added to locklose.
Ollydbg plug-in	The various plug-ins of olldbg are very important and can expand the functions of ollydbg.
Ollyscript script	Transfer the ollyscrip scripts collected by some websites here for your convenience.
Osceditor V1.0 beta 2	Osceditor (ollyscript Editor) is a script editor specially written for ollydbg plug-in ollyscript. This program uses the dynamic display of related commands to instantly display the syntax of related commands and available formatting text, so that we can quickly write scripts. Author: loveboom
SoftICE Debugger
SoftICE Series	Ring Level 0 debugger. 1. Remote debugging through the Internet 2. Single-host, source-level debugging capability 3. Support for Windows NT, Windows 95, Windows 98, and Windows 2000, powerful and reliable debugging methods are provided to companies that are preparing device drivers and system components for any Windows platform. 4. It is a powerful debugging software. To maximize your awareness of the running status of your program, you can always debug the Windows kernel.
Iceext0.67 iceext 0.70	Winnt/2 k/XP, iceext is a SoftICE nt plug-in that supports the latest DriverStudio 3.2. nitecdump supports up to DS 2.7, so SoftICE in later versions can replace nicedump. It extends the command functions of SoftICE in Win NT/2 k/XP, and adds dump, BPR, and suspend commands. Http://stenri.pisem.net/http://sourceforge.net/project/showfiles.php? Group_id = 149807 & package_id = 165469 & release_id = 416109
Nmtranspath	Nmtranspath solves the problem that all versions of the DriverStudio symbol loader cannot interrupt the program entry point.
Icedump 6.026 and nticedump 1.14	It can be used with SoftICE to capture memory data. It works well in case of shelling and can enhance the SoftICE tracking capability. frogsice patching is not required. Note:Up to ds2.7 is supported. Therefore, use iceext to replace SoftICE of a later version..
Trw2000(Only for win 9x/me)
TRW 2000	The tracing debugging program in Windows 9x and Windows ME is more powerful, and the command format is compatible with SoftICE.
Superbpm	It only works in the Win9x/me system. If you have tracked asprotect shells above 1.1, you will find that common breakpoints are completely invalid. You can use this tool to restore the breakpoint function and use SoftICE and trw2000 tracking software.
Rordbg
Rordbg v0.25	This is a simple debugger implemented by virtual machine technology. It is mainly used for Shell Analysis and shelling. Currently, it can only run the main thread of the EXE file and the DLL entry program. This tool can only be used as an aid to the analysis shell, because it is a virtual execution of each command, so the speed is very slow. Author: kernel64 Latest Version: http://bbs.pediy.com/showthread.php? S = & threadid = 26629.
Visual BASIC program debugger
Smartcheck	It is a major automatic error detection and debugging tool for Visual Basic. It can automatically detect and diagnose errors during the VB runtime, and convert some unclear error information to the exact error description. Its eventdebugging feature provides a simple solution for Visual Basic development teams and independent developers to solve the most difficult problems. A gun can protect people, and of course it can also kill people. He is also a killer of VB Software! Cracking weapon! Due to copyright, this site does not provide its download, if it is used for learning and research needs, please use http://www.google.com search.
Wktvbdebugger 1.4e	Tools used to dynamically crack the VB p-Code Program
Debugger for other platforms
Linice 2.6	Debugger http://www.linice.com on liunix Platform

Debugging tools

Xidt 2.0 + source code	Supports Win2k/XP/2003 for backup and IDT recovery. There are four buttons on the main interface: Show: view the current IDT. Save: Archive: Save the current IDT to the file. Load: Read File: Read the IDT. Write from the file: Write the IDT to the system! Http://bbs.pediy.com/showthread.php? S = & postid = 76530 # post76530	Goldenegg
Hwnd	View the handle. It is easier to use bmsg hwnd XXXX in Sice.	Drag0nma
Fake rdtsc	Many shell codes use rdtsc to detect the running time. If debugging is performed in OD, the time must be extended. In this way, the time difference between the two rdtsc shells can be found by the debugger. If the TSD (Time Stamp disabled) of CR4 is set to a bit, running rdtsc in ring3 will lead to an exception (privileged command), so it enters ring0 and sets this flag, then hook OD's waitfordebugevent to intercept the exception event. When the Exception Code is a privileged command, read the opcode in the exception for check. If it is rdtsc, add EIP 2, setthreadcontext... (softworm ). This tool is based on this principle. Rdtsc instructions: http://bbs.pediy.com/showthread.php? S = & threadid = 11562.
Point-H	In Windows 9x, the universal breakpoint is the hmemcpy breakpoint. in Windows XP, there is a resumable breakpoint similar to the universal breakpoint. This breakpoint (temporarily called point-h) is unique on each machine, in user32.dll. you can find. Once found, it can be used in C ++, VB, Delphi, ASM, or other programming languages, as long as the simple next breakpoint is on this address. See: http://bbs.pediy.com/showthread.php? S = & threadid = 9330.
Vcdebuger	This solution mainly addresses the following issues that VC uses to crack. 1) Open VC 2) install ins tools-> Customize-> add-ins and micro files-> browse-> find the location of the DLL file-> OK-> tick 3) there is a new toolbar on the interface, a total of four buttons 4) use VC (file-> open) to open an EXE file, F10/F5 run. Then you can trace the debugging. 5) The plug-in has 1st buttons to set API breakpoints. 6) The second and second buttons of the plug-in are used for Memory search.	Sailwei

Original article: http://www.pediy.com/tools/Debuggers.htm