x64dbg vs Ollydbg vs IDA Pro

x64dbg_vs_ollydbg_vs_ida

Debuggers & Disassemblers are by far the most important tools in cybersecurity(specifically Reverse engineering). It becomes very important to select a perfect tool for a particular task otherwise quite often task becomes daunting in case of debugging. Beginners usually have a hard time picking one among ollydbg, x64dbg or IDA. This is a perfect guide for those who are confused which to choose. Before diving deep into which one to choose & when to choose, let’s first understand some basic things on which compare is done.

Difference between Debuggers and Disassemblers

These terms are often used interchangeably by newbies. A disassembler is a tool that attempts to convert machine language code (binary) to assembly language(ASM). Disamsseblers might able to fully or partially convert code i.e there is no 100% surety of the conversion. This type of reversing tools are widely used to reverse exe, dll, apk in Windows XP, 7, 10 or Linux.Example of disassembler is-:

  • IDA Pro(Interactive Disassembler)

Debugging tools are one step ahead of disassemblers, after analyzing the binary they allow the reversers to step through the code i.e running 1 line at a time. To be an efficient reverser you should have a decent grasp of the fundamentals of a debugger. Examples of debugging tools for Windows are-:

  • Ollydbg
  • X64dbg
  • Windbg

Difference between Static and Dynamic Analysis

Static Analysis

Static Analysis in reverse engineering refers to the analysis of the file without running it. It is also known as “Behavior Analysis”. In the case of debuggers & disassemblers, IDA is best for doing static analysis of the binary file.

Dynamic Analysis

Dynamic Analysis in reverse engineering refers to the analysis of the file while running it on a machine. Tools like ollydbg, x64dbg, etc are best in case of doing the dynamic analysis of the binary file.

Ollydbg debugger

ollydbg

Olly Debugger is by far one of the most used debuggers for 32bit programs for Microsoft® Windows®. It is a dynamic debugger i.e it allows the user to modify the source code while running the program.

Pros-:

  • Shareware but FREE to use.
  • Very Powerful dynamic debugger.
  • Quite easy to use as compared to IDA.
  • Allows you to directly load & debug DLLs.
  • A lot of Plugins & Scripts available.

Cons-:

  • Works only for  Microsoft® Windows®.
  • Meant only for x86(or 32 bit) software.
  • Not efficient in case of static analysis of files.

IDA disassembler

ida_pro

IDA(Interactive DisAssembler) is made by a company called Hex-Rays®. IDA is used for static analysis as compared to ollydbg & x64dbg which are dynamic in nature. IDA is a VERY powerful & Cross-platform disassembler. It is a must for professional debugging. The major drawback is that it’s not free, instead is VERY costly.

Pros-:

  • Really VERY powerful Disassembler.
  • Fully supports platforms like Windows, Mac OS X, Linux & Android(recently started supporting it).
  • It supports both x86 & x64 bit architecture.
  • Contains built-in debuggers.
  • Supports a huge number of processors & file formats.

Cons-:

  • Very costly. (Although its FREE but limited version is available here).
  • Not a beginner friendly user interface.

IDA Pro vs IDA Free

Hex-rays IDA(Interactive DisAssembler) comes in two flavor – Free and Pro. As the name suggests IDA free is free to use but has some serious limitations while the pro is a paid version which is VERY VERY expensive. IDA Free has the following limitations-:

  • Debugging not allowed
  • IDAPython feature not present
  • No commercial usage allowed
  • Lacks many popular processors
  • No technical support

X64dbg debuggerx64dbg

It is open source debugger developed by Mr. eXodia for both x86 & x64 type of files. x64dgb is a quite new debugger in the industry(although stable). It is a more likely 64-bit version of ollydbg and is a dynamic type debugger.

Pros-:

  • Fully free & open source.
  • Supports both 32 & 64-bit files.
  • User-friendly interface.

Cons-:

  • Only meant for windows.
  • A quite nascent tool as compared to others.

Final Thoughts

I would highly recommend if you are a beginner then start out debugging with 32-bit programs with ollydbg or x64dbg as using IDA might be little overwhelming to you. If you are intermediate or expert at Reverse Engineering then IDA is a must as it is one of the most powerful & versatile disassembler and debugger(but it’s VERY costly!). So what’s your favorite debugger? Let me know in the comments.

Happy debugging!

 

error4hack

Hi, this is error4hack, a computer geek who loves to learn new things(mostly by trial & error method) & then loves to share that knowledge with others. He also likes to listen to music in his free time. He strongly believes in KISS(Keep It Simple Stupid) principle. Youtube channel-: https://www.youtube.com/c/eRRor4hack

You may also like...

Leave a Reply

avatar

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
Notify of