Menu
IDA pro ,x64Dbg, olldbg & windbg are used to Reverse Engineering purposes(as a Dissembler) and debugging.
233
x64dbg is an open-source debugger for Windows that is a popular malware analysis tool. A debugger is used to step through code as it executes, so you can see exactly what it's doing. Debuggers are essential for troubleshooting bugs, but they're also used to reverse engineer malware.
IDA Pro is primarily a multi-platform, multi-processor dis-assembler that translates machine executable code into assembly language source code for purpose of debugging and reverse engineering. It can be used as a local or as a remote debugger on various platforms.
In addition to being a disassembler, IDA is also a powerful and versatile debugger. It supports multiple debugging targets and can handle remote applications, via a remote debugging server.
OllyDbg is a power disassembler that can prove useful in the analysis of malware. It can be used alone to perform a static analysis of the executable or in conjunction with other tools to perform a dynamic analysis of the executed dropper.
It's quite hard to give an answer that is not opinion-based. Trying to stay factual:
OllyDbg and x64Dbg falls roughly under the same category. Their main strength is debugging without symbolic information (although they can also do debugging with symbolic information). OllyDbg (closed source) hasn't been maintained since a long time now and is limited to x86 32-bit. On the other hand x64Dbg is actively maintained,open source and can handle x86 and x64. Both supports plugins.
Windbg is mainly a symbolic debugger (although obviously it works without any symbols). Being maintained by Microsoft it is very powerful when symbols are available. It supports plugins (in C or C++), scripting (it has its own scripting language but it also supports officially JavaScript and a third-party python scripts loader) .NET debugging and can do Kernel debugging (in this aspect it is the de facto Kernel debugger on Windows systems). In its latest version it also supports TTD (Time Travel Debugging).
IDA main strength is that it's an interactive disassembler. You can "interrogate" the binary (more precisely, the database generated from the binary) in many ways from python scripts. It also supports debugging by itself or through other engines (gdb or windbg engines for example).
75
Notable other professional dissassembler/debuggers are Binary Ninja (not free) and Ghidra (open source)
32
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
