Figure 4.7 A screenshot of WinDbg while it is attached to a user-mode process.
WinDbg has been improved dramatically in the past couple of years, and new
releases that include new features and bug fixes have been appearing regularly.
Still, for reversing applications that aren’t heavily integrated with the operating
systems, OllyDbg has significant advantages. Olly has a far better user interface,
has a better disassembler, and provides powerful code analysis capabilities that
really make reversing a lot easier. Costwise they are both provided free of
charge, so that’s not a factor, but unless you are specifically interested in debug-
ging DLL initialization code, or are in need of the special debugger extension
features that WinDbg offers, I’d recommend that you stick with OllyDbg.
IDA Pro
Besides it being a powerful disassembler, IDA Pro is also a capable user-mode
debugger, which successfully combines IDA’s powerful disassembler with
solid debugging capabilities. I personally wouldn’t purchase IDA just for its
debugging capabilities, but having a debugger and a highly capable disassem-
bler in one program definitely makes IDA the Swiss Army Knife of the reverse
engineering community.
Reversing Tools 121