PEBrowse Professional Interactive v8.13.1

автор | 5 Февраль, 2009
рубрики RCE программы, Инструменты Комментарии к записи PEBrowse Professional Interactive v8.13.1 отключены

Интерактивный отладчик уровня user mode. Поддерживаются множество основных возможностей современной отладки: точки останова, debug cимволы и прочее.

PEBrowse Professional Interactive (v8.13.1) is a debugger for Microsoft Windows 2000, Windows XP, Windows 2003, and Windows Vista32.

PEBrowse Professional Interactive builds upon the framework presented by PEBrowse Professional to create a very powerful, versatile, and customizable Win32 user mode debugger/disassembler.  PEBrowse Interactive is not a source code debugger, but operates at the Intel x86 instruction level and therefore at the lowest level where your program executes.  The debugger fully supports Microsoft .NET managed processes and seamlessly allows interop or mixed-mode debugging.  It can be set as the startup debugger using the system registry Image File Execution Options key — useful for debugging ASP.NET applications.

There is a large array of breakpoint opportunities, including:

  • process initialization
  • module load
  • thread startup
  • module exports
  • debug symbols
  • JITted (Just-In-Time) methods
  • user specified addresses
  • memory breakpoints
  • conditional breakpoints
  • one-time breakpoints

When a breakpoint fires or an exception in the process occurs, the interface provides easy access to full process context, including:

  • loaded modules
  • valid memory ranges
  • debug log messages
  • register values (including debug, floating-point, and segment registers)
  • stack addresses
  • disassembly at the breakpoint or exception address
  • virtually unlimited numbers of disassembly and memory displays
  • additional process information, including
    • thread information
    • kernel, USER32, GDI32 objects
    • critical sections
    • process environment
    • startup parameters
  • heap display
  • execution path summary
  • subroutine discovery
  • intermediate language disassembly (for .NET managed modules)

There are all of the usual debugging features, such as single-stepping, stepping into/over call statements, executing until a selected instruction, as well as running to the next branch instruction.  You can even add breakpoints on a specific IL statement in a .NET managed method.

Memory DWORD displays automatically indicate if the value is a valid memory address in the context of the debugged process and these values whenever possible resolve to symbolic names or important process regions, e.g., thread stacks, process heaps, and module sections.  The color-coded disassembly displays also attempt to use symbolic information as well as offering various highlighting options designed to allow easy analysis of the code.  There is even convenient access to a scratchpad, a calculator, and tables for hex-to-ASCII values, common Win32 error codes, and Windows message codes.  There are many more options available on each window by accessing the context-sensitive menu items (popups are present also).

Скачать с

Оценить эту тему:
1 звезда2 звезды3 звезды4 звезды5 звезд (2 голосов, средний: 5,00 из 5)
Популярность: 9 242 просмотров
Вы можете следить за любыми ответами на эту запись через RSS 2.0 feed. Комментарии в настоящее время закрыты.