Nanomite is a graphical debugger I wrote in Cpp and supports x64, x86 and WOW64 debugging and also offers different features ( shown in Pictures below). It uses the windows debugging api, beaengine and dbghelp. No GUI framework has been used! The x64 version of the debugger can debug x64 and WOW64 and the x86 only x86. If you are debugging multiple processes ( child processes of the main application) you can select the process for each action over a drop down menu which appears when you click a button in the main gui. In the most windows the data is sorted by the Process ID. Currently no data modification is possible (like memory, opcodes, regs or something else) but its something that will come!
Of course there is a lot of work to be done and the GUI is just ugly but maybe some of you want to help and commit code and YES its fully open source for all ;). Issues ( I already have a lot known ones) will be fixed as soon as I have time. Also I will write a manual for the GUI and the class ( see below ) to cover "how to use, how does it work and is it able to" questions.
+ fixed a bug which displayed crap on some x64 Addresses + fixed a crash in the Breakpoint Manager + fixed RegView for Wow64 + added dynamic load of Wow64 APIs (first step to XP64) + added right click menu in HeapView (send to HexView) + added right click menu in MemoryView (send to HexView) + added resizability to the different sub windows + added dynamic row calc to stack view (prepare for dynamic main window) + added own class and thread for disassembler I am sorry but the dependencies will take a bit since I need to recompile the whole Qt Libs to get rid of the dependencies ( around 4h for x86 and x64) so next time that will be in .
+ fixed different crashs in disassembler + fixed dependencies of cruntime + fixed the restart icon + fixed little bug in DetachFromProcess + improved speed and memory usage of disassembler + added a check for valid file + added a check for admin rights + warning + added right click menu in RegView (send to Disassembler) + added right click menu in Disassembler (Goto Offset) + added possibility to resize and maximize the mainwindow + changed window style to Qt Plastique
####Notes:
- dependencies: - For developers: You will need a QT Framework which has been compiled with /MT ( or /MTd) else you have a dependencie of the cruntime even if qtNanomite has been compiled without. If you need help to compile your QT this way just drop me an Email / PM. - For all: I will place the needed QT Dlls into the repro and you shouldn´t need the cruntime to be installed anymore.
+ fixed missing registers in x64 RegView + improved entrypoint handling + improved the BPManager + added some hotkeys + added Step Over + added refill on mainwindow resize to match size + added RegEdit + added basic coloring
####Notes: - Hotkeys: STRG + O = open new file STRG + B = breakpoint manager STRG + F4 = stop debugging F12 = options F9 = start debugging / continue F8 = step over F7 = step in F2 = set software breakpoint on selected row (a row must be selected in Disassembler)
- RegEdit: Double click on the regview to open it - Colors: Can be edited via Options Dialog (F12)
Nanomite - Graphical Debugger for x64 and x86 on Windows
Changelog Version 0.1 beta 7 fixed some small handling bugs fixed a bug in disassembler which did not replace old protection on memory after disassembling fixed a bug which did not show terminated processes in DetailView fixed a bug which did not show terminated threads in DetailView fixed a bug which did not clean up memory on manual debugge stop improved DB handler added resolve of jump conditions to improve StepOver added "Return" and "Backspace" Hotkey to navigate in Disassembler added "Clear Log" context menu in LogBox added "Show Source" context menu in Disassembler added "Goto Function" context menu in Callstack added a crash handler added Source Viewer added memory pool for performance improvment and memory leak reduction added mouse scrolling in disassembler and stack added direkt run of target after using menu to select a file
Notes: - CrashHandler - if Nanomite crashs a dumpfile will be written to the application folder. Please send me this file via zer0fl4g[at]gmail[dot]com - Hotkey "Return" - when you selected a jump / call / ... you can follow this instruction using the "Return" key - Hotkey "Backspace" - steps back when you used "Return" to follow a call - Source Viewer - double click on source line in Callstack view. A new Window will open and show the source code (if found) - right click in disassembler opens source view also - Memory Pool - redericted malloc / new / delete / free to the memory pool - heap fragmentation reduction - increasing performance
+ fixed a crash in attaching to a process where we don´t have a file path + fixed a bug which ignored DbgBreakPoint on attaching + fixed a bug which caused double breaking in case we set a breakpoint while beeing on the entrypoint + fixed a crash in pe import reader + fixed a crash (see github issue #1) + fixed a bug in HexView which didn´t display data on x64 processes + fixed a possible crash when opening invalid non pe files + fixed a small bug in "Restart" + added display of current function in windowtitle + added support for drag and drop of files + added possibility to remove breakpoints with "F2" (needs to be a selected row in disassembler) + added "Step back to user code"
Notes:
- "Step back to user code" - If you use this the debugger will continue the execution until you get to the first function which is located in the main module
fixed a bug in disassembler fixed a bug in wow64 StepIn fixed a crash when suspending a process and then StepIn fixed a bug which didn´t display all modules in callstack fixed a crash in loading imports of files without IAT fixed a crash in "Goto Offset" context menu small gui improvements added Single Step Tracer added memory dumper removed error message if you cancel the file selection
Notes:
- Single Step Tracer - only a part is displayed in the window. Use mouse scroll to navigate (will be improved) - MemoryDumper - RightClick in MemoryView or HeapView shows you the option to dump the selected segment.
fixed scrollbar in trace view fixed a possible crash in disassembler fixed a memory leak in the window settings fixed a memory leak in dll and process name receiving fixed a memory leak in trace view fixed display of ascii strings in ascii view fixed a bug which could cause wrong run to user code if debugging more than one process fixed a bug which lead to incorrect restarts on slow systems fixed a bug which caused double calling of some functions in context menus fixed a bug in hex view which may showed wrong data fixed a bug in heap view which caused a crash when copying the whole line to clipboard added PatchManager added process privilege view added commandline options added possibility to set process priorities added possibility to set memory protection added display of current priority in detail view - context menu added display of segment registers in reg view added background worker to string view, hex view and functions view removed processes we can�t access from the attach dialog
Notes:
- Patches can be saved to file (only on the debugged one) - In the memory view you can set the protection of a page using the context menu - Commandline options - "-s": specifies a file - "-c": specifies the commandline for the target if not given you will be asked later - "-p": attachs to the given pid
Version 0.1 beta 13 fixed some crashs related to the qt /MT build, see note for more details fixed some bugs in the patch manager fixed the symbol display in the trace view fixed a bug which showed wrong trace data added Exception Assistant added colors to the state bar added missing edi/rdi register added option to break on tls callback added possibility to show registers of a thread in detailview added possibility to show TEB/TBI of a thread in detailview added possibility to show PEB/PBI of a process in detailview added possibility to set Nanomite as default just in time debugger added possibility in PEEditor to show exports of a loaded module in disassembler added updater (thanks to inisider for this contribution) updated beaengine to rev. 174 updated PE-Editor layout updated DetailView layout updated Options to include more options, easier config Notes: - Needed to compile Qt with /MD because of issues with the cruntime. If you want to use the debugger you have to install the visual c++ runtime 2010. - You can save an exception to the list in the Options window. The debugger then knows how to handle it. Alternatively you can enable the Exception Assistant. This will show a dialog once a exception occures and offers different ways to handle it.
beta 14 + fixed a bug in the options not showing exception wich have been saved using the exception assistant + fixed a bug when stepping over a return + fixed a bug in breakpoint manager which deleted the wrong bp when removing a selected bp + fixed a bug in breakpoint manager which created unusable breakpoints + fixed a bug in breakpoint manager which may resolved ModuleName::APIName to wrong offset + fixed a bug in assembler which double loaded the gui + fixed a bug in hardware breakpoints which did not activate them in running processes + fixed a bug in hardware breakpoints which did not activate them on the current thread + fixed a bug where by detaching from a suspended process didn't resume the process + fixed a bug which did not handle hardware breakpoints for wow64 targets + fixed a bug which showed a wrong menu if child processes where present in the debugging session + fixed a bug which reloaded the disassembler to the wrong offset after adding a new patch + fixed a bug which caused wrong scrolling of disassembler and stack while the process is running + fixed paths in attach dialog with SystemRoot enviroment string + fixed handling of "call * ptr []" and "jmp * ptr []" + fixed some handle and memory leaks + added saving of input in goto dialog + added support of functions in goto dialog + added different hotkeys see hotkey list for all of them + added type column in attach dialog + added state update when doing a trace + added trace to selected disassembly line + added toggle breakpoint on selected disassembly line to context menu + added display of FPU, MMX and SSE register + updated to qt 4.8.5 + updated nasm to 2.10.09 + updated file open dialog to remove annoying messagebox for commandline + updated the internal pe handling + updated resize event of Disassembler and Stack + updated Stack scroll + updated PID dropdown to be only displayed if more then 1 process is running + updated disassembler logic
####Notes: - function in the goto dialog should look like this: "module::function" e.g KERNEL32::IsDebuggerPresent
###Version 0.1 beta 17 + fixed a bug in the internal exception handler which could cause a termination on windows 8.1 + fixed a bug which made patching jumps impossible + added option for "DebugSetProcessKillOnExit" + added option to load symbols from ms servers + added execute to selected line + added possibility to toggle eflags directly from context menu in the register view + improved internal PE file handling + improved copy to clipboard context menu
####Notes: - You can now copy multi lines to the clipboard using the context menu
