Are there any 64-bit capable (native) debuggers for Windows except windbg? The only other I knew was IDA, but it just keeps crashing on my very simple EXEs (I don't have the latest IDA though). Lots of searching didn't yield anything useful either.

Windbg is THE most powerful debugger around, but its UI is pretty much horrible for RE-type work. I guess I can write some extensions to ease things a bit, but I'm lazy.

I use IDA 5.2 (the last leeched version) and using in REMOTE WINDOWS DEBUGGING mode work perfect, you need put the win64remote server in your Desktop, start the server, and configure IDA to work remote,but put localhost and the por of the server and work well in the same machine.

ricnar

@Ricardo, I also use like this, and sometimes it works, but many times I get IDA hang whilst it attempts to rebase the x64 binary...

--
bedrock

u might wanna try http://ugdbg.sourceforge.net/

once it's beta...

oh softice, how do i miss thee...

regarding ugdbg, after a quick skim-through of the source code, it looks like it's user-mode only. as such, i have no idea why the author is using a softice like ui as opposed to a nice user-friendly gui. i guess some people are still stuck in the '90s

Speaking of such things, there was an open source kernel debugger project on wasm.ru a while back. Seems to be on hold unfortunately. Just wondering if anyone checked it out.

Browse the trunk for what source exists:

http://code.google.com/p/ngdbg/source/browse/

Original thread:

the author is me,

well the reason for using a sice style ui is because ollydbg annoys me... it's as unusable as windbg imho...

and regarding the missing kernel, well yeh i simply just don't have the spare time to research/develop like usb drivers just for the input etc... (i'd appreciate one as well)

my intention was just to share the project with others as it might come handy for the one or other especially on x64

daemon, thanks for the reply. do you planning on having any functionality that windbg doesn't already have?

honestly i have no clue what's going to be added or not, but since it's open source everyone can customize it to his own needs (or contribute to it in general, i'd appreciate that as my spare time is kinda limited)

http://ugdbg.sourceforge.net/ugdbg_14_x64_initial_pdb_support.jpg
http://ugdbg.sourceforge.net/ugdbg_14_x32_initial_pdb_support.jpg

i'm making good progress... hope to reach alpha state in a few weeks (~6 ?)

a little status update for the interested ones...

http://ugdbg.sourceforge.net/comments.jpg
http://ugdbg.sourceforge.net/previewmode.jpg
http://ugdbg.sourceforge.net/multiview.jpg

kernel access (read+write) is granted on all supported os (this should also include windows 7), tracing dpl 0 will sooner or later be implemented as well...

hmmm, as mush as i dislike softice interface, i could live with it, but using a mixture looks bad

but hey, if it is usefuly and working then maybe i will get used to it

well as for the mixture, i guess i'll change that in future...

it pretty looks like softice i just tryed it for the moment since i use softice i wasnt able to get it to work instead so i like to give you some advices:
well i tryed first ADDR winrar "that command isnt there" then i noted in help it has a debug command and a debug winrar and winrar.exe no help also i tryed its program id
ok then i tryed the ctrl + a and did hit a process : then it says :
executing file attach dialogue
then i try u 00400000 -> says : invalid command also bl or bpx bpm give same results

my first advice is write a readme how to use the debugger

my other advice in the readme it says you have to install windbg that dont sounds comfortable for me it would be good if you make an installer including what is requied for windbg and your debugger

hi,

the debugger is pre-alpha which means a quite early stage in development.

the readme will follow soon.

windbg is not a requirement unless you want to have kernel access... for debugging applications you don't need to install it.

i guess most likely you didn't attach to a process, else the commands should have worked or you are lucky to have found a bug

(as for attaching you do ctrl-a -> then select a process using the cursor keys, press enter and you'll see if the process of attaching succeeds or not)

the log should look sth like this

UgDbg v0.1 Pre-Alpha build Jul 28 2009 15:54:14 by Someone
UGDBG: using YASM, SDL, SDL_Draw, Libconfig, Distorm64 (1.7.30)
UGDBG: CPU: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
UGDBG: CPU: x86 Family 6 Model 23 Stepping 10, Cores: 2
UGDBG: KERNEL: access enabled
UGDBG: trying to load 'C:\vs2003\UgDbgSvn\trunk\UgDbg_v0.1\Release\P...\sdk.dll'
UGDBG: PLUGIN: DebugEvent handler installed for sdk.dll
:set i3here on
UGDBG: i3here=on
UGDBG: executing file attach dialogue
UGDBG: selected PID: c08
UGDBG: trying to attach...
UGDBG: Process got born with ID:c08
UGDBG: Entrypoint : 00000000
UGDBG: ImageBase : 00400000
UGDBG: Thread got born with ID:198
UGDBG: Thread got born with ID:c4c
UGDBG: Thread got born with ID:c58
UGDBG: Thread got born with ID:c5c
UGDBG: Thread got born with ID:680
UGDBG: breakpoint reached
UGDBG: ntdll.dll has 1316 exports
UGDBG: kernel32.dll has 951 exports
UGDBG: advapi32.dll has 677 exports
UGDBG: rpcrt4.dll has 514 exports
UGDBG: msvcrt.dll has 830 exports
UGDBG: gdi32.dll has 609 exports
UGDBG: user32.dll has 732 exports
UGDBG: shlwapi.dll has 314 exports
UGDBG: ole32.dll has 339 exports
UGDBG: imm32.dll has 133 exports
UGDBG: lvprcinj.dll has 1 exports
UGDBG: msctf.dll has 39 exports
UGDBG: msctfime.ime has 30 exports
UGDBG: oleaut32.dll has 398 exports
UGDBG: version.dll has 14 exports
UGDBG: msvcr90.dll has 1450 exports
UGDBG: winmm.dll has 209 exports
UGDBG: sorting export table entries
UGDBG: sorting completed
:u 401000
001B:00401000 eb 10 JMP 401012
001B:00401002 66 623a BOUND DI, [EDX]
001B:00401005 43 INC EBX
001B:00401006 2b2b SUB EBP, [EBX]
001B:00401008 48 DEC EAX

Damd fine work so far, mate !

I have x64 kernal access using your x64 edition on Windows 7 build 7600
Everything I have tested seems to working OK.

I cannot launch the x32 edition in the native x64 environment.. The execution aborts silently.

I kinda want the x32 edition to run under native x64 OS :

Or a (x64 -> x32 -> x64) mode-switch command in the x64 edition

Keep up the spirit .. SICE and NTICE was god

hi thx for notifying but i had this issue addressed a few days ago, it's working but i think i didn't pack a release since the submission...

regarding kernel access i'm currently trying to extend it to be able to also trace kernel code / crashdumps...

anyway thx again for letting me know