ret-sync: synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg) with IDA/Ghidra disassemblers
ret-sync
ret-sync stands for Reverse-Engineering Tools SYNChronization. It is a set of plugins that help to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg/OllyDbg2/x64dbg) with a disassembler (IDA/Ghidra). The underlying idea is simple: take the best from both worlds (static and dynamic analysis).
Debuggers and dynamic analysis provide us with:
- local view, with live dynamic context (registers, memory, etc.)
- built-in specialized features/API (ex: WinDbg’s !peb, !drvobj, !address, etc.)
Disassemblers and static analysis provide us with:
- macro view over modules
- code analysis, signatures, types, etc.
- fancy graph view
- decompilation
- persistent storage of knowledge within IDBs/GPRs
Key features:
- synchronize graph and decompilation views with debugger’s state
- no need to deal with ASLR, addresses are rebased on-the-fly
- pass data (comment, command output) from the debugger to disassembler
- multiple IDBs/GPRs can be synced at the same time allowing to easily trace through multiple modules
- disassembler and debugger can be on different hosts / VMs
Download && Use
Copyright (C) 2016 bootleg
