[原创]ret-sync插件：windbg/ollydbg+ida逆向调试神器

1.首先在IDA中加载待调试的二进制，保存(Ctrl+W)生成idb文件。本文用Crackmes.cf中Level1的#ParadoxX做示例，加载AC1D.Materie.exe并保存，最终生成AC1D.Materie.idb，如图：ida有不少主流调试器的扩展插件，如windbg/gdb等，可以在静态分析的基础上动态调试二进制文件。可是众多调试器扩展中没有兼顾ollydbg，难免觉得是一项缺憾。

---
来源: 看雪论坛
原文链接: https://bbs.kanxue.com/thread-252634.htm

谁能提供一个x64dbg版的编译好的插件

是这个吧 282K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6T1L8$3!0@1L8r3g2Y4i4K6u0r3M7X3g2@1i4K6u0V1M7%4W2F1j5H3`.`.

[sync] form create
Note: importing 'sip' module into <module '__main__' (built-in)>
Note: importing 'QtWidgets' module into <module '__main__' (built-in)>
[sync] default idb name: CRACKME.EXE
[*] sync enabled
[*] init_broker
[*] cmdline: "C:\Python27\python.exe" -u "C:\Program Files\IDA 7.2\plugins\retsync\broker.py" --idb "CRACKME.EXE"
[sync] name CRACKME.EXE
[sync] module base 0x400000
[sync] hexrays not available
[*] broker new state: Starting
[*] broker new state: Running
[*] broker started
Shortcut F2 is used for two actions:
@IDC:py_hotkeycb_0000021F2B091480
BreakpointToggle
Shortcut for "BreakpointToggle" will be disabled.
Shortcut F2 is used for two actions:
@IDC:py_hotkeycb_0000021F2B091480
hexview:EditOrApplyChanges
Shortcut for "hexview:EditOrApplyChanges" will be disabled.
Shortcut Ctrl+F2 is used for two actions:
@IDC:py_hotkeycb_0000021F2B5B1B88
ProcessExit
Shortcut for "ProcessExit" will be disabled.
Shortcut Ctrl+F1 is used for two actions:
@IDC:py_hotkeycb_0000021F2B5B1C18
ExternalHelp
Shortcut for "ExternalHelp" will be disabled.
Shortcut Alt+F2 is used for two actions:
@IDC:py_hotkeycb_0000021F2B5B1C60
ManualInstruction
Shortcut for "ManualInstruction" will be disabled.
Shortcut F11 is used for two actions:
@IDC:py_hotkeycb_0000021F2B5B1D38
FullScreen
Shortcut for "FullScreen" will be disabled.
Shortcut Ctrl+F1 is used for two actions:
@IDC:py_hotkeycb_0000021F2B5B1D80
@IDC:py_hotkeycb_0000021F2B5B1C18
"@IDC:py_hotkeycb_0000021F2B5B1C18" will be deleted.
[*] << broker << dispatcher not found, trying to run it
[*] << broker << dispatcher now runs with pid: 1444
[*] << broker << connected to dispatcher
[*] << broker << listening on port 64883
[sync] restarting broker
[*] << broker << received kill notice
[*] broker new state: Not running
[*] broker finished
[*] sync disabled


[*] sync enabled
[*] init_broker
[*] cmdline: "C:\Python27\python.exe" -u "C:\Program Files\IDA 7.2\plugins\retsync\broker.py" --idb "CRACKME.EXE"
[sync] name CRACKME.EXE
[sync] module base 0x400000
[sync] hexrays not available
[*] broker new state: Starting
[*] broker new state: Running
[*] broker started
Shortcut Ctrl+F1 is used for two actions:
@IDC:py_hotkeycb_0000021F2B5C3288
@IDC:py_hotkeycb_0000021F2B5C3120
"@IDC:py_hotkeycb_0000021F2B5C3120" will be deleted.
[*] << broker << dispatcher not found, trying to run it
[*] << broker << dispatcher now runs with pid: 5140
[*] << broker << connected to dispatcher
[*] << broker << listening on port 64888
Command "JumpAsk" failed
Command "JumpAsk" failed
Command "JumpAsk" failed
[*] << broker << dispatcher connection error, quitting
[*] broker new state: Not running
[*] broker finished
[sync] idb is disabled为什么 这个信息呢？ .idb文件放哪里？ 是给OD用的吗？

最后于 2019-8-16 10:14
被killbr编辑

，原因：

来晚了，确实不错，明天白天做个测试录像。

在线用vs2017编译好的所有版本下载连接为：
9c9K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6V1k6i4k6Q4x3X3g2S2P5Y4g2J5k6g2)9J5k6h3y4G2L8g2)9J5c8X3u0G2L8%4c8D9k6h3N6V1k6i4k6Q4x3V1k6J5k6i4c8Q4x3X3c8K6P5h3&6U0i4K6u0V1M7X3g2D9k6h3q4K6k6g2)9J5c8W2)9#2k6X3u0#2K9h3I4V1

我用OD和x64dbg测试，ida里面好像就只有个同步到当前行的功能.

拍拖

我之前看好像不支持IDA7.0，现在可以支持了吗？
可以啊 
6.x要自己装python模块

wx_时光_477781

labeless 比这个好用吧?
我试试

labeless 比这个好用吧?

win10+vs2017  x64dbg 

ret-sync  32位 64位

mark

这个插件确实好用.学习了.感谢大神分享!

感谢分享！

最后于 2019-7-15 23:15
被Sampgirl编辑

，原因：

这个插件可真是方便啊，同时开着调试更清晰了

od1/2编译版本，vs2013版本，其他没编译成功

最后于 2019-7-17 00:26
被方向感编辑

，原因：