Downloads the address: http://www.sysersoft.com
Syser Debugger is designed for Windows NT Family based on X86 platform. It is a core-level debugger with full-graphical interfaces and supports assembly debugging and source code debugging.

Syser Debugger is able to debug Windows applications and Windows drivers.

Syser Debugger perfectly combines the functions of IDA Pro, Softice and Ollydbg, which makes operations easier and faster and provides powerful functions.


System requirements:

1. 586/100 or higher processors (586/300+ recommended)
2. OS: Windows 2000, Windows XP, Windows 2003 or later.
3. At least 256MB RAM
4. At least 5MB free disk space
5. VGA Video Card(Resolution: 640*480, at least 16bit (65536) color)
6.Mouse or compatible pointing devices (PS2 Mouse, USB Mouse, TouchPad, TrackPoint).


Program Features:

1. Supports color disassembly.
2. Source code debugging supports syntax coloring.
3. Source code debugging supports collapsing mapping between source code and assembly instructions.
4. Supports dynamic loading and unloading.
5.Full keyboard action support (if no mouse is available, all operations can be performed through keyboard).
6. Full mouse action support (if no keyboard is available, all operations can be performed through mouse commands).
7. Commands are Softice-compatible
8. Multi-language support, fully implemented unicode at low level.
9. Supports plug-ins.
10. Supports multi-CPU and Intel Hyper-Threaded processors.
11. Supports startup scripts (similar to batch files).
12. Supports clipboard function, able to copy data from Ring 3 debugger to Ring 0 debugger.
13. Able to work with Softice safely. Softice should be started after Syser. Syser can be removed and even be debugged.
14. Fully supports PDB debugging symbol files.
15. Automatically load drivers to debug.
16. Supports comments adding when debugging.
17. Supports bookmark function.
18. Address navigation is supported in disassembly windows and users can browse different functions quickly by double-clicking.
19. Source code debugging supports quick view of variables and users can view variable types and values by moving cursor over variable names.
20. Syser is the perfect combination of IDA and Softice functions.
21. Supports address cross-reference lists.
22. Supports data reference lists.
23. Supports the advanced processing modes of pointing devices, such as TouchPad, TrackPoint.
24. Supports multiple data windows.
25. Supports multiple code windows to facilitate the browsing of assembly code.
26. Supports run trace mode for ollydbg.
27. The automatic generation and automatic loading of debugging symbol files makes the complex procedure of source code debugging unnecessary. If you are developing and debugging on the same machine and the storage directory of the source code keeps unchanged, you could enter our debugger for source code debugging and assembly debugging simply by right-clicking the executable file you compiled and selecting Debug with Syser from the popup menu.

ScreenShots

http://www.sysersoft.com/ScreenShots/CodeViewRightButtonMenu.gif
http://www.sysersoft.com/ScreenShots/CodeViewRightButtonMenu2.gif
http://www.sysersoft.com/ScreenShots/CodeViewTip.gif
http://www.sysersoft.com/ScreenShots/SourceRightButtonMenu.gif
http://www.sysersoft.com/ScreenShots/SourceTip.gif


1.1 editions improvements:

1 supports in ollydbg run the trace track way.
2 chm form help handbook completes
3 chm form order reference manual completes
4 further improves software the stability
5 Syser Ring 3 debuggers issues
6 revised the first start speed slow question

The Syser Debugger function mainly develops to following several directions:

1. devotes into software explains the aspect most intrepid debugging tool. (Official edition is possible inside to inlay some popular shells peels off the shell function.)
2. reduces procedure development and the debugging cycle, causes the driver the debugging to step into to the original code level entire graph debugging time. (Mainly is includes based on the C language and C++ language application procedure and driver)
3. provides nimble and the formidable card connection. Provides the card automatic loading and the manual loading and so on the many kinds of way. As well as will provide the card SDK (graph contact surface connection later possibly provides through the COM form).


The ultimate objective Ring 3 debuggers may compare favorably with with Ollydbg, the Ring 0 debuggers may contend with with Softice

Downloads the address: http://www.sysersoft.com

Greetings wuyanfeng,

Welcome to the board. It's nice to be able to give feedback directly to the author of such an interesting debugger and hopefully help its development. I will continue my testing on the new version and report on any ring0 successes.

Regards,
Kayaker

I agree with Kayaker!

It is a very nice debugger.
And it is working perfectly in my HT system.

Regards,
Opc0de

This debugger deffinitely has huge potential, i'll give this new version a try aswell

"in the counter- assembly window support address navigation function, double strikes the fast browsing different function through the mouse"

"Syser realized IDA and the Softice function perfect union"

"Center chooses with "Debug with the Syser" vegetable single item may enter our debugger carries on the original code level or assembler-level debugging"

An interesting debugger with an interesting description too. If I understand correctly this is like a combination of SoftIce and Ollydbg?

The descritption text is verbatim from some automatic Chinese-English translation machine.
hopefully some of people in the board skilled in Reversing, Languages and writing may help the board with a more conventional translation of the web site and of the help file texts. . .

With a dab of DeDe.

SiGiNT

As far as I can tell, the ring0 capabilities are somewhat limited to driver debugging, i.e. you can set a breakpoint on DriverEntry, but you can't for example trace 'into' an INT2E call and make the transition from ntdll to ntoskrnl and ring0. But, you can return from a driver back into ntoskrnl and trace 'out' of ring0.

There seems to be 2 separate applications here, a ring3 GUI debugger a la Olly, and another which also allows loading a driver for debugging. (This one uses a boot driver which loads like the Softice one). Making full use of it for driver debugging seems a little problematic depending on what you need to do.

With the Syser kernel debugger you can from the menu:
1. Load an application for debugging
2. Load a driver for debugging
3. Load Syser symbol files

Here's the problem as far as I can figure out: Say you have a GUI app which loads a driver on startup, and executes IOCTL calls (DeviceIoControl) at some point to communicate with the driver. If you select Option 1, Syser will not automatically stop at the entry point of your driver, because it doesn't recognize it yet. You first need to select Option 2 and load the driver separately. Syser will set a BP on DriverEntry and load the driver *independant* of the GUI application.

The problem with this however is that your driver is now loaded in the system with absolutely no way to call your DriverUnload routine and close/cleanup the driver!


There is a way to make use of it though. What loading the driver has accomplished is that Syser has now made a symbol file for your driver. You first need to restart your GUI application - it should fail to load the driver since it's already running, then you need to uninstall the driver through your application. If you now reload the symbol file and start your GUI, Syser will break on DriverEntry in a normal manner.

Unless I'm not using it properly, this is quite cumbersome. Worse would be an unsourced target application where loading the driver without the GUI(/console) might require a reboot to cleanup. In theory however, the Syser symbol file that was created could still be used later.


What you can do now is:
- trace through DriverEntry
- set BP's on all the IOCTL calls in the driver, which will activate whenever they are used!
- possibly, set BP's on various ntoskrnl functions (didn't try it)


Being able to break on DriverEntry IS very useful! I'm assuming that the debugger sets a 0xCC on the OEP of the driver once the symbol file exists. This seems to indicate that in some manner Syser recognizes by name that a driver is being loaded. I don't know how exactly, whether there's a hook of a driver loading API, or some system callback or indicator is used, or something entirely different.

While it would probably be harder to implement, more useful would be being able to specify a Driver name to monitor loading of *before* you start the GUI application, and without having to load the driver separately first to create a symbol file. Chicken and the egg again..


A very nice debugger in all, though there are still stability problems, it locked up my Win2K system entirely a few times. The interface is very nice and the Source Explorer is great. It seems to have trace and plugin features like Olly. While in kernel mode, many of the Softice commands have been duplicated, though some are not implemented yet.

In VMWare, it seemed to run well except that the mouse was erratic and unusable, the sensitivity setting had no effect.


What I'd like to see:

Menus that can be called from a keyboard ALT command (for when the mouse doesn't work), as in
MENUITEM "F&ile" , MENUITEM "T&ools" ...

Ability to set I1HERE ON or I3HERE ON from a loading script, as in winice.dat, so you can use Int1/Int3 in your driver for debugging. As it stands now it seems you need to remember to set it while paused on the break at DriverEntry (some commands are only valid while in kernel mode). If you don't remember, a BSOD will remind you..

Fix VM mouse problem in VMWare. (Using Logitech cordless mouse)


All in all, this could still be a good second choice after Softice alone for debugging drivers. Congratulations to the author.


Kayaker

pretty nice software... looks very promising.. but to be honest.. the gui can be optimized :-p theres no need for me to have a pseudo xp look. maybe skins would be a good solution? :-)))

Most of this could be totally unrelated, but the occurance of these, (this?), problems seem to fall in line with the install date -

1. Just an annoyance: no GUI boot-up - fix is the same as with SoftIce -
fix the boot.ini file.
2. Start - Search function no longer works - Search works fine when
invoked in Explorer.
3. I can no longer click through to most HTML or download links in
IE6 - still works fine with FireFox.
4. With start-up gui disabled and SyserDebug uninstalled - it still
appears to load the boot-up.sys file - I'll pay more attention
next time and see if I can find the file and delete it - may fix
the problems above.

Obviously these are not critical problems but I'd kind of like to narrow it down to what caused it - anyone else experience this?

SiGiNT

Problems 1 & 4 are easily solved - use the provided uninstaller - and not the WIN uninstaller - I'll never learn!

Up

As in "bump", or move the thread to the top of the pile?

Considering the apparent language difficulties, I'm not sure if any feedback we provide in English is of any use to the author. I hope this is not the case.

The author may simply be looking for free advertising, as this is scattered in various forums across the web. Not sure if there is a shareware version available yet, but I suspect the stability of Syser under rigorous testing is still an issue.

In deference to the attempt at communication, I will "sticky" this thread for a short period of time so it may be seen by more people.

Kayaker

thank Kayaker