Jump to content

Tools

YOUR-AD-HERE

TOOLS

Locked ret-sync: synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg)

By itsMe
August 13, 2020 in Tools

Start new topic

Recommended Posts

Master Hacker

itsMe

Posted August 13, 2020

- Share

Posted August 13, 2020

This is the hidden content, please

ret-sync stands for Reverse-Engineering Tools SYNChronization. It is a set of plugins that help to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg/OllyDbg2/x64dbg) with a disassembler (IDA/Ghidra). The underlying idea is simple: take the best from both worlds (static and dynamic analysis).

Debuggers and dynamic analysis provide us with:

local view, with live dynamic context (registers, memory, etc.)
built-in specialized features/API (ex: WinDbg’s !peb, !drvobj, !address, etc.)

Disassemblers and static analysis provide us with:

    macro view over modules
    code analysis, signatures, types, etc.
    fancy graph view
    decompilation
    persistent storage of knowledge within IDBs/GPRs

Key features:

    synchronize graph and decompilation views with debugger’s state
    no need to deal with ASLR, addresses are rebased on-the-fly
    pass data (comment, command output) from the debugger to disassembler
    multiple IDBs/GPRs can be synced at the same time allowing to easily trace through multiple modules
    disassembler and debugger can be on different hosts / VMs

This is the hidden content, please

Link to comment

Share on other sites

Guest

This topic is now closed to further replies.

Go to topic listing

Similar Content
- Foundations of Linux Debugging, Disassembling, and Reversing (2023)
  
  By ~~Nd0714~~ , April 11, 2023
  - reversing
  - and
  - (and 7 more)
    
    Tagged with:
    
    reversing
    
    and
    
    disassembling
    
    debugging
    
    linux
    
    foundations
    
    (2023)
    
    debugging,
    
    disassembling,
  - 0 replies
  - 168 views
- Telepy - Windows Telegram Desktop Session Stealer
  
  By itsMe, April 11, 2023
  - telepy
  - windows
  - (and 4 more)
    
    Tagged with:
    
    telepy
    
    windows
    
    telegram
    
    desktop
    
    session
    
    stealer
  - 0 replies
  - 200 views
- SharpRDPHijack: RDP Session Hijacking [Guide]
  
  By dEEpEst, March 29, 2023
  - hijacking
  - session
  - (and 3 more)
    
    Tagged with:
    
    hijacking
    
    session
    
    rdp
    
    sharprdphijack:
    
    [guide]
  - 0 replies
  - 201 views
- Foundations of ARM64 Linux Debugging, Disassembling, and Reversing: Analyze Code, Understand Stack Memory Usage, and Reconstruct Original C/C++ Code with ARM64
  
  By ~~drevil~~ , February 14, 2023
  - usage,
  - disassembling,
  - (and 19 more)
    
    Tagged with:
    
    usage,
    
    disassembling,
    
    code,
    
    c/c++
    
    debugging,
    
    original
    
    reconstruct
    
    usage
    
    stack
    
    memory
    
    understand
    
    analyze
    
    and
    
    arm64
    
    linux
    
    reversing:
    
    foundations
    
    debugging
    
    with
    
    disassembling
    
    code
  - 0 replies
  - 183 views
- Windbg - A complete guide for Advanced Windows Debugging
  
  By ~~lewon.afridi~~ , January 29, 2023
  - advanced
  - for
  - (and 7 more)
    
    Tagged with:
    
    advanced
    
    for
    
    guide
    
    complete
    
    debugging
    
    reverse engineers
    
    advanced windows debugging
    
    windbg
    
    windows
  - 0 replies
  - 230 views

×

Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.