Jump to content

phono

Members
  • Content Count

    31
  • Joined

  • Last visited

  • Days Won

    13

phono last won the day on August 29 2018

phono had the most liked content!

Community Reputation

39 Excellent

About phono

  • Rank
    Member

Previous Fields

  • Team
    function

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I don't know if in that package it is also included, just wanted to inform that there exists a program with sourcecode to generate custom license keys for it based on a template (ida-tmplv6v7.key).
  2. New Release appeared: 09 Jul 2019 Snoop 2.11.0 2.11.0 Bug fixes #53 - Path Data values have wrong format (should use invariant culture) (thanks @jongleur1983) #55 - Keyboard events not passed to snoop UI window (thanks @stutton) #56 - Snoop crash when application shutdown (solved by using System.Windows.Forms.Clipboard) #83 - Unhandled Exception when changing WPF Trace Level to Activity Tracing (thanks @miloush) #86 - Fatal ExecutionEngineException when process has hidden windows without composition target (thanks @gix) #99 - Prevent window from being restored on screen that's disconnected/off #100 - Snoop 2.10 crashes when snooping a WPF App that uses AvalonDock #106 - Refresh fails because "process has exited" (thanks @jmbeach) Improvements #32 - Try to use AutomationProperties.AutomationId for VisualTreeItem name if element name is not specified. (thanks @paulspiteri) #73 - Add options to prevent multiple dispatcher question and setting of owner on snoop windows #89 - Improved exception handling and error dialog #92 - Adding support for snooping elevated processes from a non elevated snoop instance #116 - Doesn't find PresentationSource hosted in CustomTaskPane (ElementHost) in Office VSTO Add-in This means snoop is now able to spy on multiple app domains. #119 - Adding hyperlink for current delve object to enable explorer navigation The window finder was rewritten to not use a separate window but a dynamically generated mouse cursor instead Small update 19. Sep 2018: Snoop 2.10.0 The most notable thing about Snoop 2.10.0 is that Snoop longer supports .NET 3.5 (for x86 and x64). The good news is that you can now build the solution very easily with Visual Studio 2017 ... that is, you don't have to rely on Visual Studio 2010. This also means that Snoop will now be reliant on the Visual Studio 2017 redistributables instead of the Visual Studio 2010 ones. Finally, we are going to update the Chocolatey package https://chocolatey.org/packages/snoop) and we now have a continuous integration build using AppVeyor. Thanks to Bastian Schmidt for these efforts! We've got more planned! Stay tuned! Snoop 2.9.0 GITHUB After a long, long time ... I've put together a Snoop release! This bundles together all the fixes and improvements that have been committed to master. Most notable is the new Triggers tab ... which Bastian Schmidt has contributed ... taking Christian Moser's work from WPF Inspector and porting to Snoop. Enjoy! p.s. Apparently, newer versions of Windows are blocking the files you download. So you might need to manually right click on the file, choose properties, and unblock them. p.s.s. I have gotten rid of Setup.exe since it keeps showing up on virus scanners. I don't think it had a virus but better safe than sorry. Don't forget that this version of Snoop needs the Visual Studio 2010 MSVC++ x86 and x64 redistributables. You will need to have those installed in order for Snoop to work. p.s.s.s. To easily go back to the previous release, I have added the install (Snoop2.8.0.msi) to a release for the tag 2.8.0 (https://github.com/cplotts/snoopwpf/releases/tag/2.8.0).
  3. And this already happened Q1 2017, and was working since and used up to v15.7.5, but you still have to confirm ;)
  4. I thought just as a followup to the 2013 Community Edition, I share what I used out of the fact, that I lost access to my key ^^ And I was shocked how quick (easy) I was successful at that time, be prepared, it is a very short guide. You can even shorten of course the GetDaysToExpire of course, I just was too lazy. Visual Studio 2017 Enterprise NoExpiration Target File 1: Microsoft Visual Studio 2017 Enterprise\Common7\IDE\Microsoft.VisualStudio.Licensing.dll public virtual int GetDaysToExpire(ProductFamily productFamily, out int expiredDeltaInDays) { int num = 0x383; expiredDeltaInDays = num; return num; } public virtual bool IsTimeToRemind(ProductFamily productFamily) { return false; } public virtual LicensingAction ValidatePIDLicense(ProductFamily productFamily) { return LicensingAction.Success; } Target File 2: Microsoft Visual Studio 2017 Enterprise\Common7\IDE\Microsoft.VisualStudio.OnlineLicensing.dll Just rename it or delete it. DONE!
  5. Is there a difference to the nightly builds? edit: it might come from an official build but it was a direct link to a specific build job. You can find the official latest here: https://ci.appveyor.com/project/0xd4d/dnspy/branch/master/artifacts and every older build revision here: https://ci.appveyor.com/project/0xd4d/dnspy/history
  6. Just seen this article this weekend and I haven't found it here so I thought it would fit in here (have not tried it on my own): Visualizing memory accesses of an executable Links Blog Wiki Source
  7. Thanks! I think dnSpy deserves some good tutorials and documentation so that new users have an easier start and maybe some of them can then help to improve the program further. 0xd4d is doing such an amazing job coding like hell, pushing commit after commit.
  8. Script-003-detailed-unfiltered // prepare dnSpy debugger using dnSpy.Contracts.Scripting.Debugger; var d = Resolve<IDebugger>(); // start our sample program and send an argument and define a first breakpoint at the entrypoint d.Start(@"C:\Temp\sample.exe", "--TestArg", null, BreakProcessKind.EntryPoint); //wait some time until process started and stopped at breakpoint d.Wait(2000); // set an additional breakpoint at Console.WriteLine(num + num2) //d.CreateBreakpoint(ModuleId module, uint token, uint offset, Func<IILBreakpoint, bool> cond) d.CreateBreakpoint(d.GetModuleByName(@"C:\Temp\sample.exe").ModuleId,Convert.ToUInt32(0x06000001),Convert.ToUInt32(0x00000010)); //continue, this will stop at the previously set breakpint d.Continue(); PrintLine("###### Modules #####"); foreach (var m in d.Modules) { PrintLine("######"); PrintLine("m.ModuleId: " + m.ModuleId); PrintLine("m.ModuleId.AssemblyFullName: " + m.ModuleId.AssemblyFullName); PrintLine("m.ModuleId.ModuleNameOnly: " + m.ModuleId.ModuleNameOnly); PrintLine("m.ModuleId.ModuleName: " + m.ModuleId.ModuleName); PrintLine("m.Name: " + m.Name); PrintLine("m.DnlibName: " + m.DnlibName); PrintLine("m.UniquerName: " + m.UniquerName); PrintLine("m.UniqueId: " + m.UniqueId); PrintLine("m.Address: " + m.Address); PrintLine("m.AddressToOffset: " + m.AddressToOffset(m.Address)); } for (int i=0; i<3000;i++) { //if(d.AppDomains != null) PrintLine("AppDomains: " + d.AppDomains); //if(d.CorLib != null) PrintLine("CorLib: " + d.CorLib); //if(d.ActiveFrame != null && d.ActiveFrame.Method != null && !d.ActiveFrame.Method.ToString().StartsWith("System.") ) if(d.ActiveFrame != null && d.ActiveFrame.Method != null //&& !d.ActiveFrame.ILCode.ToString().StartsWith("PresentationCore.dll") //&& !d.ActiveFrame.ILCode.ToString().StartsWith("mscorlib.dll!") //&& !d.ActiveFrame.ILCode.ToString().StartsWith("WindowsBase.dll!") //&& !d.ActiveFrame.ILCode.ToString().StartsWith("PresentationFramework.dll!") ) { if(d.ActiveFrame.Method != null) PrintLine("ActiveFrame.Method: " + d.ActiveFrame.Method); if(d.ActiveFrame.InternalFrameType != null) PrintLine("ActiveFrame.InternalFrameType: " + d.ActiveFrame.InternalFrameType); if(d.ActiveFrame.IsInternalFrame != null) PrintLine("ActiveFrame.IsInternalFrame: " + d.ActiveFrame.IsInternalFrame); if(d.ActiveFrame.ILCode != null) PrintLine("ActiveFrame.ILCode: " + d.ActiveFrame.ILCode); if(d.ActiveFrame.Arguments != null) { foreach (var arg in d.ActiveFrame.Arguments) { PrintLine("######"); PrintLine("Argument.Type: " + arg.Type); PrintLine("Argument.ElementType: " + arg.ElementType); PrintLine("Argument.BoxedValue: " + arg.BoxedValue); PrintLine("Argument.Value: " + arg.Value); PrintLine("Argument.Address: " + arg.Address); PrintLine("Argument.Rank: " + arg.Rank); PrintLine("Argument.ReferenceAddress: " + arg.ReferenceAddress); PrintLine("Argument.Size: " + arg.Size); PrintLine("Argument.HandleType: " + arg.HandleType); PrintLine("Argument.DereferencedValue: " + arg.DereferencedValue); } } if(d.ActiveFrame.Chain != null) PrintLine("ActiveFrame.Chain: " + d.ActiveFrame.Chain); if(d.ActiveFrame.Code != null) PrintLine("ActiveFrame.Code: " + d.ActiveFrame.Code); if(d.ActiveFrame.GenericArguments != null) PrintLine("ActiveFrame.GenericArguments: " + d.ActiveFrame.GenericArguments); if(d.ActiveFrame.GenericMethodArguments != null) PrintLine("ActiveFrame.GenericMethodArguments: " + d.ActiveFrame.GenericMethodArguments); if(d.ActiveFrame.GenericTypeArguments != null) PrintLine("ActiveFrame.GenericTypeArguments: " + d.ActiveFrame.GenericTypeArguments); if(d.ActiveFrame.NativeOffset != null) PrintLine("ActiveFrame.NativeOffset: " + d.ActiveFrame.NativeOffset); if(d.ActiveFrame.Index != null) PrintLine("ActiveFrame.Index: " + d.ActiveFrame.Index); if(d.ActiveFrame.Token != null) PrintLine("ActiveFrame.Token: " + d.ActiveFrame.Token); if(d.ActiveFrame.Locals != null && d.ActiveFrame.Locals.Length > 0) { PrintLine("### LOCALS ###"); foreach (var l in d.ActiveFrame.Locals) { PrintLine("######"); PrintLine("ElementType: " + l.ElementType); PrintLine("Type: " + l.Type); PrintLine("Value: " + l.Value); PrintLine("Class: " + l.Class); PrintLine("ReferenceAddress: " + l.ReferenceAddress); PrintLine("Size: " + l.Size); PrintLine("DereferencedValue: " + l.DereferencedValue); PrintLine("Dimensions: " + l.Dimensions); PrintLine("BoxedValue: " + l.BoxedValue); PrintLine("ArrayElementType: " + l.ArrayElementType); if(l.ElementType.ToString() == "I4") { int a = Int32.Parse(l.Value.ToString()) + 98; l.Write(a); } } } } d.StepInto(); //if processing errors, try with some wait time in ms //d.StepIntoWait(100); } d.Wait(2000); d.Continue();
  9. Script-002-detailed-Script-filtered // prepare dnSpy debugger using dnSpy.Contracts.Scripting.Debugger; var d = Resolve<IDebugger>(); // start our sample program and send an argument and define a first breakpoint at the entrypoint d.Start(@"C:\Temp\sample.exe", "--TestArg", null, BreakProcessKind.EntryPoint); //wait some time until process started and stopped at breakpoint d.Wait(2000); // set an additional breakpoint at Console.WriteLine(num + num2) //d.CreateBreakpoint(ModuleId module, uint token, uint offset, Func<IILBreakpoint, bool> cond) d.CreateBreakpoint(d.GetModuleByName(@"C:\Temp\sample.exe").ModuleId,Convert.ToUInt32(0x06000001),Convert.ToUInt32(0x00000010)); //continue, this will stop at the previously set breakpint d.Continue(); PrintLine("###### Modules #####"); foreach (var m in d.Modules) { PrintLine("######"); PrintLine("m.ModuleId: " + m.ModuleId); PrintLine("m.ModuleId.AssemblyFullName: " + m.ModuleId.AssemblyFullName); PrintLine("m.ModuleId.ModuleNameOnly: " + m.ModuleId.ModuleNameOnly); PrintLine("m.ModuleId.ModuleName: " + m.ModuleId.ModuleName); PrintLine("m.Name: " + m.Name); PrintLine("m.DnlibName: " + m.DnlibName); PrintLine("m.UniquerName: " + m.UniquerName); PrintLine("m.UniqueId: " + m.UniqueId); PrintLine("m.Address: " + m.Address); PrintLine("m.AddressToOffset: " + m.AddressToOffset(m.Address)); } for (int i=0; i<135;i++) { //if(d.AppDomains != null) PrintLine("AppDomains: " + d.AppDomains); //if(d.CorLib != null) PrintLine("CorLib: " + d.CorLib); //if(d.ActiveFrame != null && d.ActiveFrame.Method != null && !d.ActiveFrame.Method.ToString().StartsWith("System.") ) if(d.ActiveFrame != null && d.ActiveFrame.Method != null && !d.ActiveFrame.ILCode.ToString().StartsWith("PresentationCore.dll") && !d.ActiveFrame.ILCode.ToString().StartsWith("mscorlib.dll!") && !d.ActiveFrame.ILCode.ToString().StartsWith("WindowsBase.dll!") && !d.ActiveFrame.ILCode.ToString().StartsWith("PresentationFramework.dll!") ) { if(d.ActiveFrame.Method != null) PrintLine("ActiveFrame.Method: " + d.ActiveFrame.Method); if(d.ActiveFrame.InternalFrameType != null) PrintLine("ActiveFrame.InternalFrameType: " + d.ActiveFrame.InternalFrameType); if(d.ActiveFrame.IsInternalFrame != null) PrintLine("ActiveFrame.IsInternalFrame: " + d.ActiveFrame.IsInternalFrame); if(d.ActiveFrame.ILCode != null) PrintLine("ActiveFrame.ILCode: " + d.ActiveFrame.ILCode); if(d.ActiveFrame.Arguments != null) { foreach (var arg in d.ActiveFrame.Arguments) { PrintLine("######"); PrintLine("Argument.Type: " + arg.Type); PrintLine("Argument.ElementType: " + arg.ElementType); PrintLine("Argument.BoxedValue: " + arg.BoxedValue); PrintLine("Argument.Value: " + arg.Value); PrintLine("Argument.Address: " + arg.Address); PrintLine("Argument.Rank: " + arg.Rank); PrintLine("Argument.ReferenceAddress: " + arg.ReferenceAddress); PrintLine("Argument.Size: " + arg.Size); PrintLine("Argument.HandleType: " + arg.HandleType); PrintLine("Argument.DereferencedValue: " + arg.DereferencedValue); } } if(d.ActiveFrame.Chain != null) PrintLine("ActiveFrame.Chain: " + d.ActiveFrame.Chain); if(d.ActiveFrame.Code != null) PrintLine("ActiveFrame.Code: " + d.ActiveFrame.Code); if(d.ActiveFrame.GenericArguments != null) PrintLine("ActiveFrame.GenericArguments: " + d.ActiveFrame.GenericArguments); if(d.ActiveFrame.GenericMethodArguments != null) PrintLine("ActiveFrame.GenericMethodArguments: " + d.ActiveFrame.GenericMethodArguments); if(d.ActiveFrame.GenericTypeArguments != null) PrintLine("ActiveFrame.GenericTypeArguments: " + d.ActiveFrame.GenericTypeArguments); if(d.ActiveFrame.NativeOffset != null) PrintLine("ActiveFrame.NativeOffset: " + d.ActiveFrame.NativeOffset); if(d.ActiveFrame.Index != null) PrintLine("ActiveFrame.Index: " + d.ActiveFrame.Index); if(d.ActiveFrame.Token != null) PrintLine("ActiveFrame.Token: " + d.ActiveFrame.Token); if(d.ActiveFrame.Locals != null && d.ActiveFrame.Locals.Length > 0) { PrintLine("### LOCALS ###"); foreach (var l in d.ActiveFrame.Locals) { PrintLine("######"); PrintLine("ElementType: " + l.ElementType); PrintLine("Type: " + l.Type); PrintLine("Value: " + l.Value); PrintLine("Class: " + l.Class); PrintLine("ReferenceAddress: " + l.ReferenceAddress); PrintLine("Size: " + l.Size); PrintLine("DereferencedValue: " + l.DereferencedValue); PrintLine("Dimensions: " + l.Dimensions); PrintLine("BoxedValue: " + l.BoxedValue); PrintLine("ArrayElementType: " + l.ArrayElementType); if(l.ElementType.ToString() == "I4") { int a = Int32.Parse(l.Value.ToString()) + 98; l.Write(a); } } } } d.StepInto(); //if processing errors, try with some wait time in ms //d.StepIntoWait(100); } d.Wait(2000); d.Continue();
  10. Script-001-Small-Script // prepare dnSpy debugger using dnSpy.Contracts.Scripting.Debugger; var d = Resolve<IDebugger>(); // start our sample program and send an argument and define a first breakpoint at the entrypoint d.Start(@"C:\Temp\sample.exe", "--TestArg", null, BreakProcessKind.EntryPoint); //wait some time until process started and stopped at breakpoint d.Wait(2000); // set an additional breakpoint at Console.WriteLine(num + num2) //d.CreateBreakpoint(ModuleId module, uint token, uint offset, Func<IILBreakpoint, bool> cond) d.CreateBreakpoint(d.GetModuleByName(@"C:\Temp\sample.exe").ModuleId,Convert.ToUInt32(0x06000001),Convert.ToUInt32(0x00000010)); //continue, this will stop at the previously set breakpint d.Continue(); // print every variable with current value, then modify values foreach (var l in d.ActiveFrame.Locals) { PrintLine("######"); PrintLine("Type: " + l.Type); PrintLine("Value: " + l.Value); if(l.ElementType.ToString() == "I4") { int a = Int32.Parse(l.Value.ToString()) + 98; l.Write(a); } } // print every variable again and show new modified values foreach (var l in d.ActiveFrame.Locals) { PrintLine("######"); PrintLine("Type: " + l.Type); PrintLine("Value: " + l.Value); } // resume program and see modifed result d.Continue();
  11. So here my first tutorial. After creating the trace extension for dnSpy, I wanted to dig into the dnSpy debugger and it's csharp scripting engine. I have prepared 3 scripts, a simple sample console program and screenshots with comments. The first smaller script demonstrates: prepare the debugger start the sample program with parameter and first breakpoint add a breakpoint by code modify variable values before they are used The second script shows additionally how to print some more details like a tracer, but filters some of the mscorlib calls etc, and the third one traces without filtering mscorelib etc. Sidenote: The scripts are written so that you can copy and paste a script as a whole and then start it by pressing enter. HINTS Of course you need to copy the sample.exe to c:\temp\ or adjust the path in the scripts. If you get errors like "Object reference not set to an instance of an object." you might need to add some wait time (in ms) like "d.Wait(1000);". You need to pay attention: if you want to debug an 32bit program you need to run dnSpy-x86.exe. if you want to debug an 64bit program you need to run dnSpy.exe. The scripting debugger will not show you an error message like the one you get if you do it manually with dnSpy! Files The screenshots, the sample program + source code and the scripts are attached as zip. Tutorial Image (very large 5,6 MB) LINK dnSpy-Debugger-Scripting.zip Tutorial.pdf
  12. Update 2016_11_06: added Context menu to filter for selected item PID added more controls, clear filter added possibility to redirect trace messages to the log window as text 2016_11_06-TraceSpy.Extension.x.dll.zip
  13. Update 2016_11_05: removed unused code and code colorizer
  14. There was a notice that there won't be any new build artifacts and one should compile from sources and follow the wiki. Interesting that there is a new build again. Here are the details about why: GITHUB 0xd4d commented on 7cdc043 10 hours ago Too many false positives, and I don't have time to tell the anti-virus companies that report false positives that they're wrong every time there's a new build. I tried to get it compiling on Windows 7 without installing VS2015 only starting with ms build tools and add everything needed step by step, but up to now it's not building.
  15. I have, but I think this might help, too. I already planned to write this together and post it some weeks ago, but now as there are no up to date builds anymore, it was good I already gone through all stept to automate it as much as I could. IMPORTANT You have to run the msbuild.bat around 7-10 times in a row until errors are gone. If anybody can tell me a way to have it go through in one run, please let me know. There were for examples errors with signing and you can find help with searches that tell you to change permissions for cryptostor folder in your profile ... don't have it at hand now, I will add it this weekend. Requirements Visual Studio 2015 (Community) (must be installed) / msbuild 2015 update 3 nuget.exe git for windows (I currently have 2.8.1.windows.1) (Dotnet 4.6.2 SDK) (DotNet Targeting Pack 4.6) First Clone git clone https://github.com/0xd4d/dnSpy d:\dnspy\ Update.bat cd %~dp0\dnSpy git fetch --all git reset --hard origin/master git submodule foreach --recursive git reset --hard git pull git submodule update --init --recursive pause msbuild.bat SET WithNuget=0 IF "%WithNuget%"=="1" ( nuget.exe update -self ) nuget.exe restore "D:\dnSpy\dnSpy.sln" "C:\Program Files (x86)\MSBuild\14.0\Bin\msbuild.exe" "D:\dnSpy\dnSpy.sln" /p:Configuration=Release /m /verbosity:normal /l:FileLogger,Microsoft.Build.Engine;logfile=dnspy-msbuild.proj.proj.Release.log
×
×
  • Create New...