Hi guys!

Even though I have installed an updated GCC version from the one available for Ubuntu 14.04.5 using the PPA ubuntu-toolchain-r/test, I'm still getting this error:
dlopen(/opt/ida-6.95/plugins/labeless_ida_690.plx): /opt/ida-6.95/plugins/labeless_ida_690.plx: symbol _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_createERjj, version GLIBCXX_3.4.21 not defined in file libstdc++.so.6 with link time reference

I guess this is compilation/ABI-related, so not sure if there is an easy solution for this besides me upgrading to a newer Linux distro?

Thank you in advance.
Best.

Does anybody interested in the build for macOS?

Now with the new IDA finally being x64 bit could we hope for a release that has this top plugin will support the new version?

Is it possible to add sync support for Bynary files like Shellcodes? That would be useful when debugging them without the worry to convert them to executables.

I see the function analysis of IDA is much better than OllyDbg so that I want Labeless not only syncs function names from IDA as labels but also marks the functions which OllyDbg doesn't recognize as functions/procedures.

Here, the label of the function is synced:

Here, the procedure list doesn't include the function synced from IDA:

Will it be compatible with the new version:IDA7.0

Latest release will not load up the labeless plugin in x64dbg debugger. This goes for the the x64 only. The 32 bit version is working as it should.

looks cool, but the project description is still " No description or website provided. "?

cheers.

Hey,

Any chance of updating precompiled binary x64dbg version? It is still on a version from 2016...

Thanks,
Disconnect3d

It will be great if you will add support for WinDbg debugger.

@a1ext
Debug 32 bit programs in 64-bit IDA7.0（ida.exe）:
Just tested, ida7.0 prompts the connection to fail, but does not affect the use.
It's a strange question, and I almost give up using it

new problem:
Debug 64 bit programs in 64-bit IDA7.0（ida64.exe）:
prompts connection failure,Click hand sync.
No response，The program card to death

Debug 32 bit programs in 64-bit IDA7.0（ida64.exe）:
prompts connection failure,Click hand sync.
Log prompt Received data, but not displayed

The environment:
win10x64
labeless1.1.2.65 - release binary
ida7.1
x64dbg - Jul 1 2018

The main issue is nothing is syncing properly. I don't see any specific errors when running the sync manually, i just don't see anything flowing over to x64dbg.

Here's an example of what i see in the output window in ida:
Labeless: do sync all now... Labels: 142, comments: 3 RPC Thread: OK, tasks left: 0
in x64dbg log window
LL: Labeless::onClientSockAccept: Connected from: 127.0.0.1:51869 LL: socket 00000848 accepted LL: Labeless::onClientSockRead: Received 8 bytes of 8. LL: Labeless::onClientSockRead: Received 89 bytes of 89. LL: Labeless::onClientSockBufferReceived: new request pushed { jobId: 9, bkg: 0, finished: 0 } LL: Labeless::serverThread: jobId 9 socket 00000848 Response sent, len: 0x0000000A LL: Labeless::serverThread: jobId 9 is removed

When running the "test connection" button inside of the ida plugin, i get: "Test failed, error: Invalid version response:"

I've setup and installed this for both x64 and x86 ida/x64dbg and i get the same result in both setups.

One other thing to note. The 1.1.2.65 release code doesn't have the setup.py in the deploy directory so i just pulled that from master to run the python setup.py install.

Hi, first of all thanks for the great plugin. I tried to use x64DBG butI noticed that labeless plugin is not showing in the plugin toolbar. I used the x64DBG included in your package but it doesn't work.
OS: Windows 7 SP1

Chinese comments cannot be synchronized

With turned on "Enable labels & comment sync", when user dumps new region IDA spams with rename notifications. Background sync of labels "on rename" should be inactive when IDADump working.

Hi a1ext,

Based on the thread that we discussed at http://techbliss.org/. I reproduced my question as the following video:

Regards,

#IDADump issue

Environment

labeless v1.1.4.0, 64 bit x64dbg, python2,

IDA-side information

in PyOlly stderr logs, sometimes, VirtualQueryEx failed with error 998, however the memory regoin was surely accessable on x64dbg.

Problem Description

Describe the problem/bug as clearly as possible.

Steps to Reproduce

1.try IDAdump by regions, then check out stderr log , then compare the dumped result in IDA hex view to the x64dbg memory view.

Possible Solutions

I think the problem could be a bug in python2 ctypes (python3 seems no such issues), however we could handle it carefully.
I found two APIs were referred,
VirtualProtectEx and VirtualQueryEx, both there are SIZE_T in prototype.
see

example, look at C.sizeof(mbi), gave a 32 bits int 0x30, but should be a SIZE_T in prototype which is 64 bits on x64,
or, ctypes will finally call on VirtualQueryEx with a undefined high 32bits value like 0x????????00000030,
after changing to C.c_size_t(C.sizeof(mbi)) and C.c_size_t(GRANULARITY) , IDADump works perfectly.

Is it supported by debuggers, is it possible to use/sync structs in olly, x64dbg, etc.?

The current latest release of Labeless doesn't sync repeatable comments from IDA.

After I migrate from OllyDbg v1.10 to Immunity Debugger with OllyMigrate on a Windows 7 x64 machine, Labeless crashes but other plugins don't.

Subj. Sample will be provided later, if needed.

ida 6.8:
Labeless::loadImportTable: storage::loadExternSegData() failed

First of all, I appreciated for your work!

I download the link on the bottom of the Github page and try to install it.
But the plugin doesn't show up in the plugin menu.
I also checked the log, but nothing showed up.

I've tried ollydbg 108b, 110 and 201 but all of them don't work either.

So here comes my questions:

1. What version of ollydbg is compatible with Labeless?
2. If I only want to use (instead of build) the plugin, is Visual Studio 2012 (or newer) necessary?

Environment

IDA-side information

Debugger-side information

Not related

Problem Description

Labeless scripting in IDA and in Olly lacks of Python script history. It would be useful if you occasionally close PyOlly tab or IDA crashes.

I use IDA 7.2 and labeless 1.1.12.85.
When I test connect in setting tab, the error message :
Test failed, error:
Labeless::connectToHost: connect() to 192.168.37.129:3852 failed. Error:
0x0000274d No connection could be made because the target machine actively refused it.

Pls help me

When I download the release I cannot find the labeless_ida.plx and labeless_ida.plx64 files. Where have they gone?

Labeless in the latest release "[x64dbg] SDK and testing bundle are updated to snapshot on 2016-09-18_01-22"(labeless_release_full_1.1.0.9.7z) just works with x32dbg but not x64dbg.

x64dbg x64：
[PLUGIN] Failed to load plugin: labeless_x64dbg.dp64

x64dbg x32：

LL: Labeless::logInitPythonFail: "import labeless as ll" failed.
LL: pluginit: Labeless::initPython() failed
[PLUGIN] pluginit failed for plugin: labeless_x64dbg.dp32

labeless vesion：

labeless_release_full_1.1.0.7.7z

x64dbg vesion ：

snapshot_2016-09-01_07-38.7z

Currently, whenever the debuggee is restarted in the debugger and changes its base address, we need to manually update Labeless from IDA with the new base address.

I suggest, if possible, that Labeles will get triggered when the debuggee is restarted and changes its address and will update the "Remote module base" automatically.

Hi,

Great work, I love the plugin. I was wondering if you were thinking about support the Linux version of IDA? Since you have remote debugging, I assume this is possible?

Dynamic dump, some functions IDA are not recognized
OD1.10 And IDA 7.0

Hello!
My Enviroment: Windows10, IDA7.0, x64dbg 2018.5.17

x64dbg:

004017D0 |  | mov ecx,dword ptr ss:[esp+10]                | ecx:start
004017D4 |  | mov eax,dword ptr ss:[esp+4]                 |
004017D8 |  | mov dword ptr ds:[4040B4],ecx                | ecx:start
004017DE |  | mov ecx,<c2dcad_1.g_obj3>                    | ecx:start
004017E3 |  | mov dword ptr ds:[4040AC],eax                |
004017E8 |  | call <c2dcad_1.CObj3_MyCreateWindow>         |
004017ED |  | mov ecx,<c2dcad_1.g_obj3>                    | ecx:start
004017F2 |  | call <c2dcad_1.CObj3_MyMessageLoop>          |
004017F7 |  | ret 10                                       |

DA7.0:

.text:004017D0                 mov     ecx, [esp+nShowCmd]
.text:004017D4                 mov     eax, [esp+hInstance]
.text:004017D8                 mov     g_obj3.m_nShowCmd, ecx
.text:004017DE                 mov     ecx, offset g_obj3
.text:004017E3                 mov     g_obj3.m_hInstance, eax
.text:004017E8                 call    CObj3_MyCreateWindow
.text:004017ED                 mov     ecx, offset g_obj3
.text:004017F2                 call    CObj3_MyMessageLoop
.text:004017F7                 retn    10h
.text:004017F7 _WinMain@16     endp

Is a method asyn g_obj3.m_nShowCmd to 4040B4 at 004017D8?
Thanks!

I've setup protobuf & labeless with python 2.7 32bit.
Then I copied the corresponding plugin folder to ollydbg and x64dbg
I can safely use ollydbg with labeless as well as the given x64dbg.
But whenever I run my own x64dbg(32bit) it just stuck and the crash.
Deleting labeless_x64dbg.dp32 solves that problem but obviously we cannot do that as a workaround.
So any ideas? I would appreciate every help.
Thank you

Hi, I see a problem when I try set a breakpoint with bp command in OllyDbg with the Command Bar plugin, if the labels are synced from IDA, I cannot set breakpoints with labels synced. I must edit label (:) to remove the arguments in the label to be able to set the breakpoint at the label. I think you could give an option to sync only the label name without the arguments in the labels :) .

For 4k monitors and the Windows 150% DPI Zoom, the UI is not very useable, and I cant seem to resize it to at least fit the elements.

Win10 x86 plug-ins can not be loaded normally, olldbg and x64dbg

Does this tool work with IDA Pro demo version? I can see that after the build phase there are no IDA plugins files to copy (IDA[XX]\plugins\labeless_ida.plw, IDA[XX]\plugins\labeless_ida.p64) but I was rather thinking whether it is possible to make this work with the demo version of full one is required?

I have a buffer in Olly in Latin9 encoding:

When passing a string like this in __result__ variable I can't see this value in IDA:

There are no errors seen in log output.

Hi,
In the docs it's mentioned that Linux is supported but couldn't find any Linux IDA plugins in release files or notes on how to build the plugin on Linux?
Is the Linux IDA supported with the current version and could you provide some notes on how to build the plugin?

Thanks!

The latest x64dbg has a working update checker again. Also, there should be no breaking API changes (ever) 👍

Could you make some videos of using dynamic dumping of debugged process memory regions to unpack some packer protected demo programs/malware?
I have seen your video https://www.youtube.com/watch?v=M5K5Ldaq284 but it should be useful if we have more illustrations for Labeless.

It will be great, if you will add every thread EIP as start_xxx points, so it will be possible to see what every thread does.

Subj.
You told me that this happens because of Jedi thread.

Does labeless need Olly Advanced (advancedolly.dll) as I see it's included in the release?

LL: Labeless::logInitPythonFail: "import labeless as ll" failed.
LL: pluginit: Labeless::initPython() failed
[插件] 插件函数pluginit失败: labeless_x64dbg.dp32

load fails, how does it work? none-English character not support?

Hi, I've been trying to get the same experience as the video on the "Wiki" page, with x64dbg and IDAPro. I haven't been able to get IDA to jump automatically to the x64dbg EA, but I can get it to jump manually (through the menu).
It might be worth mentioning that it's across VM's, and all of the other features are present.

And many thanks for a wonderful plugin, it's going to help me a lot in the future!

For now installation requires protobuf downloading, but not every vm has internet connection/vm tools to download it.

Environment

IDA-side information

Debugger-side information

Doesn't matter

Problem Description

After dumping part of dynamically resolved API table, code references get broken:

Steps to Reproduce

1. Open Trickbot sample
2. trace it in debugger until APIs are resolved
3. Perform Keep and import dumping of resolved APIs memory region (416CAC - 416F8C):
   

Possible Solutions

The following script fixes the problem:

seg = idaapi.getseg(0x416CAC)
seg.sel = idaapi.setup_selector(2)
seg.update()

Hi, I recently update labeless to the latest version and see that the local vars of functions are not synced from IDA to OllyDbg like the previous versions of labeless. I think it's more convenient to sync all function local vars (not only the structs only ones).

After following the instructions on the target machine with the latest version (1.1.0.7), the 32-bit version of x64dbg does not load the plug-in properly. Meanwhile, the 64-bit version has no issue.

You can see both the log screen output for both versions here (32-bit on left, 64-bit on right):

I had this same issue with a previous version attempted earlier (1.1.0.3 specifically).

I've been struggling with trying to get this working to no avail.

I am running on Python 2.7 within a Windows 7 VM.

Thank you for your work on this great set of plugins - I appreciate the time and effort you have put into this valuable project.