Exetools

Exetools (https://forum.exetools.com/index.php)
-   Developer Section (https://forum.exetools.com/forumdisplay.php?f=48)
-   -   x64dbg (https://forum.exetools.com/showthread.php?t=15328)

mr.exodia 04-17-2014 15:22

@ahmadmansoor: you code does exactly the same. You function will not work with memdisks etc. strincmp just compares the beginning of the strings with the number of character of the device name. Take a look here for the source code from Scylla of this function: http://bitbucket.org/mrexodia/devicenameresolver

@nonepe: it will not work lol

Greetings

n00b 04-17-2014 15:26

@mr.exodia: I have to just say, I am truly amazed by your work so far - thus far, I have been able to work my way around several x64 targets that I probably wouldn't have been able todo properly with for instance IDA..

So thanks a million for this epic work bro, and thanks again for the testplugin that you made - really helped alot :D

mr.exodia 04-17-2014 16:02

@n00b: glad you like it! feel free to post feature suggestions anytime, so your experience can be improved.

Greetings

ahmadmansoor 04-17-2014 17:01

no it work very fine even with flash memory
 
1 Attachment(s)
Hi mr.exodia :
no my friend I am sure that my code work 100% with all devices ;) , I have try it on flash memory and the driver was V:\
and it work very fine without any problem .
I explain the problem ,why this happen with u .
Look after u make the GetMappedFileNameA

devicepath will be like this "\Device\HarddiskVolume19\T1\WinRAR\WinRAR.exe" const char *
the important thing is (( \Device\HarddiskVolume19 )) -on my PC it is S:\ Disk- this is our harddisk or flash disk name form root .
now u begin go in a loop to find the root name of each disk and make compare .
when u reach the to disk which have a name like ur hard disk name but without (( 9 )) at the end (( \Device\HarddiskVolume1 )) <<< this is G:\ disk on my PC -
and as will as ur length compare is wrong too so when u make compare with ur _strnicmp which will gave u the result = 0 so it pass the compare(if condition) and change the path of our exe to this
"G9\T1\WinRAR\WinRAR.exe" ,by this the next check will wrong too by this string of path.
then u will be not able to load the target .

please try this package again I am sure 100% it work and I can upload a movie prove that it work .

ahmadmansoor 04-17-2014 20:04

Lol 163 views through 45 min ...
x64_dbg is become a very desired debugger .... very Good mr.exodia :cool:

this is full package for both x32 and x64 , so anyone can try and give us the result pls .
Quote:

https://drive.google.com/file/d/0B402C-bcZm3la1BVMXJaVTJtbTA/edit?usp=sharing

Carbon 04-17-2014 21:17

@ahmadmansoor

There is still a bug with QueryDosDevice. This API cannot resolve all devices like encrypted devices.

I had the same bug in scylla https://github.com/NtQuery/Scylla/commit/67d62b4a2c4d7561b53bd595ca1fda51416ac20f

But there is still a problem with network devices.

ahmadmansoor 04-17-2014 21:59

nop my friend I try it on network folder and was working very will .
did u try the package my friend ??
I think I will upload a flash movie .

mr.exodia 04-17-2014 22:18

@ahmadmansoorn I think I see what was wrong with my code, but its fixed already using Aguila's code :)

Greetings

ahmadmansoor 04-17-2014 22:27

yes the problem come form (((ur length compare is wrong))
That all so no need ton of code to fix the problem ,that what I mean .

mr.exodia 04-17-2014 23:11

This code is needed for virtual drives (like ramdisks) like Carbon also said.

ahmadmansoor 04-17-2014 23:53

but it support ramdisks too !!!! and network devices too .....
Lol did I miss something :rolleyes: ???
check this movie ,can u be online ?
Quote:

https://drive.google.com/file/d/0B402C-bcZm3lRE1kT3UtdlRLTlk/edit?usp=sharing

Insid3Code 04-18-2014 01:51

Ahmadmansoor
 
1 Attachment(s)
Quote:

@Insid3code: please try this 'fix' the only problem I could think of was something with virtual devices, but I just cannot reproduce the bug here. https://mega.co.nz/#!H5xlDBqb!j8cRrh3r4a89vXr00yPf_jYI5Oq7Cwx5H_7dSiyCm64
Unfortunately, I had the same bug!


@Ahmadmansoor:
It works fine on my tests.

Flash movie attached...

mr.exodia 04-18-2014 02:28

@insid3code: so this works right now? https://mega.co.nz/#!Px4mhDiY!-cT-rQwjMuZtTWQtKpEjzPChFvCuh-W2NSu_qnYBk6E

Greetings

Carbon 04-18-2014 03:07

If you want to produce an path error, try this tool:
https://www.boxcryptor.com/download/Boxcryptor_Classic_Setup.msi

Create an encrypted folder, mount the folder and start an executable inside this folder.

mr.exodia 04-18-2014 03:12

sorry for spamming with crap, but this should really work: https://mega.co.nz/#!6953UB7R!lpC5rAzrHzqjJFIoWw1HlNaqyfEG8lanfl149aWLcjE

Insid3Code 04-18-2014 17:49

@mr.exodia: Latest fix works fine now...

Sir.V65j 04-24-2014 12:10

is "x64dbg.com" down for everyone? or it's my internet error?

DMichael 04-24-2014 12:45

Quote:

Originally Posted by Sir.V65j (Post 91014)
is "x64dbg.com" down for everyone? or it's my internet error?

if the domain is down you can access directly to the repostery:
https://bitbucket.org/mrexodia/x64_dbg

mr.exodia 04-24-2014 17:11

Domain appears to be up again.

mr.exodia 04-28-2014 09:51

V1.5ALPHA is released!

Changelog:
- added debug privilege option (TitanEngine)
- fixed a bug with GetFileNameFromHandle ('error starting process (invalid pe?)')
- fixed a bug with attaching to an x32 process from the x64 debugger
- added 'detach' command
- added twords,dqwords,ywords and zwords
- added a menu API for plugins
- movable tabs
- detachable tabs (for example to place a tab on a second screen)
- fixed a bug with [esp]=4 (valtostring)
- fixed a lot of bugs with scripts
- removed result display of the mov instruction
- press enter on a script jump to get to the destination
- basic script syntax highlighting
- added RVA view in disassembly (double click on the address)
- double click on the opcodes to toggle breakpoints
- double click on the disassembly to assemble
- double clikc on the comments to comment
- fixed an annoying bug with searching for referenced strings
- when you use '-1' in the ExceptionRangeDialog it will use 'FFFFFFFF' instead
- better documentation
- added a simple 'find' command for scripts
- added find references to an address (ctrl+r)

Download:
http://x64dbg.com

Greetings,

Mr. eXoDia

besoeso 04-29-2014 21:57

Very good friend, i let me suggest you a feature very interesting, it is intermodular calls.

A greeting.

mr.exodia 05-14-2014 04:41

@beseoso: it's on the todo list, thanks :)

V1.6ALPHA is out!

This version is actually to be compatible with ScyllaHide, so many asked things are not yet implemented.

Changelog:
- search for menu in disassembly context menu
- 'ready' instead of 'terminated' on start
- selection API
- updated find, strref and reffind commands
- strings in the stack
- follow in dump/disasm/stack in stack context menu
- force default alignment in SDK
- section names in memory map
- bring debugger to front when paused
- fixed a bug with the '=' sign
- added a line edit window api
- updated TitanEngine (fixes some handle leaks and maybe hanging bugs)

Download:
https://sourceforge.net/projects/x64dbg/files/latest/download

Online Help:
http://mrexodia.cf/x64hlp/

Source Repository:
http://x64dbg.com

Greetings,

Mr. eXoDia

quygia128 05-14-2014 13:30

@Mr.eXodia: i have get a bug with assemble on jump and call command(jnz->jz, jx->jmp, call address), but its work on call register(rcx,rax...)

quygia128

mr.exodia 05-14-2014 22:54

hi,

yes, this bug has been reported various times, I will include this in the limitations.

greetings

mr.exodia 06-02-2014 16:47

V1.7ALPHA is out!

Changelog:
- some help updates
- added version information to file
- detach using right click -> detach on the tab you want to detach
- fixed a bug when searching for strings twice (search didn't work)
- fixd a crash on loading an empty script
- fixed a potential overflow while escaping a debug string
- escape the section names from the memory map
- better pattern finder
- added command auto-completion (includes plugin commands)
- removed an annoying log message on clicking a plugin menu
- fixed bugs in GuiSelectionGet & GuiSelectionSet (thanks to ahmadmansoor)
- added commandline support (x64_dbg.exe "c:\program files\test.exe")
- fixed a bug in modbasefromname (thanks to Artic!)
- added status bar API
- added bpdll command
- fixed a bug in DeviceNameResolver
- fixed various bugs in TitanEngine
- fixed a bug with manual functions in the GUI
- added various bridge exports

Download:
https://sf.net/p/x64dbg

Greetings,

Mr. eXoDia

CrackDJ 06-05-2014 00:17

Hey bro eXoDia, thanks for sharing latest alpha! I was been waiting by x64 version for a long time ago. :)

Greetz,
CD

mr.exodia 06-21-2014 11:36

V1.8ALPHA is out!

Welcome tr4ceflow to the team!

Changelog:
- added IDA-like sidebar
- color customization
- instruction tokenizing
- allow highlighting of instruction tokens (CTRL+H)
- new register view that highlights changes
- fixed a bug with detaching
- updated BeaEngine
- new database format (JSON + lz4)
- massive performance improvements
- use SHIFT for selection
- small fixes
- project code cleaup
- more API functions

Website (made by tr4ceflow):
http://x64dbg.com

Greetings,

Mr. eXoDia

DMichael 06-21-2014 14:33

Quote:

Originally Posted by mr.exodia (Post 92288)
V1.8ALPHA is out!

Welcome tr4ceflow to the team!

Changelog:
- added IDA-like sidebar
- color customization
- instruction tokenizing
- allow highlighting of instruction tokens (CTRL+H)
- new register view that highlights changes
- fixed a bug with detaching
- updated BeaEngine
- new database format (JSON + lz4)
- massive performance improvements
- use SHIFT for selection
- small fixes
- project code cleaup
- more API functions

Website (made by tr4ceflow):
http://x64dbg.com

Greetings,

Mr. eXoDia

the website is really handsome:) and the performance boost is awesome!

but i'm found a bug: if you try to load DLL without 'Sytem Breakpoint' but with regular stop on EP it crashes (x64_dbg(x32))

alen 06-21-2014 18:53

Thanks for sharing x64 version
ــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــ
BEST REGARDS
؟?؟ ALEN ؟?؟

n00b 06-21-2014 19:27

OMG mate, your debugger just can't stop to amaze me - the best X64 debugger to date!
It's working perfect, nothin more or less to say ;)

Only thing I'd like to add which would be useful has to be the ability to copy bytes from sub-menu when selecting either 1 line or several in the core window, and/or in the dump window :)

mr.exodia 07-07-2014 09:49

V1.9ALPHA is out, featuring many requested changes!

Changelog:
http://x64dbg.com/changelog.html (crash when posting the actual changelog)

Website:
http://x64dbg.com

Greetings,

Mr. eXoDia

besoeso 07-07-2014 23:33

1 Attachment(s)
hi, i got a problem in solve module name in new release v.1.9 release.

Pic attached.

A greeting.

Attachment 7841

besoeso 07-07-2014 23:58

1 Attachment(s)
Cpu view pic attached.

Attachment 7842

mr.exodia 07-08-2014 01:27

1 Attachment(s)
@besoeso: Could I use TeamViewer to debug x64_dbg on your computer? I cannot reproduce this problem...

EDIT: First please try these DLL files (copy&overwrite in x64_dbg directory). Please tell me the exact error message, maybe I can provide some fixes for that.

Greetings,

Mr. eXoDia

mr.exodia 07-08-2014 10:12

Hey guys,

Thanks to besoeso I found a bug in the WinAPI which caused NtQueryObject to not set the required structure size. Long story short, if you have Windows XP, download the updated DeviceNameResolver here and copy&replace it in your x64_dbg directory: https://bitbucket.org/mrexodia/devicenameresolver/downloads/DeviceNameResolver_002.rar

Greetings,

Mr. eXoDia

TheEnd 07-10-2014 09:17

Quote:

Originally Posted by mr.exodia (Post 92684)
Hey guys,

Thanks to besoeso I found a bug in the WinAPI which caused NtQueryObject to not set the required structure size. Long story short, if you have Windows XP, download the updated DeviceNameResolver here and copy&replace it in your x64_dbg directory: https://bitbucket.org/mrexodia/devicenameresolver/downloads/DeviceNameResolver_002.rar

Greetings,

Mr. eXoDia

have the same bug in Win7 x32?

-=bb=- 07-10-2014 16:07

Firstly I would like to say WOW! Thank you for a fantastic release - truly brilliant work.

Secondly it seems to crash (here at least) when searching for intermodular calls. If you could let me know what I can do in the way of providing logs, links to target, my set up etc I would be more than happy to offer what assistance I can in troubleshooting this.

Finally, as suggestions for improvement :

1. make the reference windows sortable (or even better searchable) (SO much easier to track down stuff that way)
2. some sort of "Copy all modifications to executable" option and
3. showing referenced data in the window below the disassembly window i.e

Test qword ptr ds[r9+4],0 at RDX and in the window display

Qword ptr ds[r9+4] = 00000001404EEDC0

I realise that most of us are asking to integrate OllyDbg functionality into x64_dbg but IMHO these are some of the most useful. To me anyway :)

Once again mr. exodia - thank you for a fantastic tool

mr.exodia 07-10-2014 21:43

@TheEnd: Did you try the fix in the post above yours?

@-=bb=-:

Thanks!

Regarding the crash, best would be to send me a video/txt how to reproduce it + (most importantly) the file you tried it on. Everything is working fine here.

Regarding your suggestions:
1. first point is implemented 2 seconds ago (thanks for reminding me), second point is already implemented
2. already implemented, try the 'Select groups' button in the patch dialog
3. thanks, but this has been requested a few times now (see issues.x64dbg.com)

To everyone requesting features: make sure it's not already implemented! or already on the issues list http://issues.x64dbg.com Please also create an issue at http://issue.x64dbg.com this allows everyone to work on it.

Greetings,

Mr. eXoDia

-=bb=- 07-10-2014 22:12

Quote:

Originally Posted by mr.exodia (Post 92755)
@-=bb=-:

Thanks!

Regarding the crash, best would be to send me a video/txt how to reproduce it + (most importantly) the file you tried it on. Everything is working fine here.

Have sent you that it PM - sorry forgot to mention I am using v19.

Quote:

Regarding your suggestions:
1. first point is implemented 2 seconds ago (thanks for reminding me), second point is already implemented
2. already implemented, try the 'Select groups' button in the patch dialog
3. thanks, but this has been requested a few times now (see issues.x64dbg.com)
1. Brilliant - thank you.
2. Found it - thank you!

Quote:

To everyone requesting features: make sure it's not already implemented! or already on the issues list http://issues.x64dbg.com Please also create an issue at http://issue.x64dbg.com this allows everyone to work on it.
Sorry - should have checked there first. Mea Culpa!

Kindest regards
BB

Kurapica 07-20-2014 07:15

Hi mr.exodia

May I suggest the following ?

1 - Give us the ability to change font size and type
2 - Scrolling in the CPU window is slow even on a fast box
3 - When pressing Ctrl + G to go to some address, the focus should be given to the edit control in that dialog to allow quick "Copy" , "Paste" functions, actually such dialogs should have a default control which gets the focus as soon as the parent dialog shows up.
4 - Add color schemes based on the Olly's popular color schemes to allow quick changing and adaptation to the new debugger.
5 - Add a "Run till user code" like in Olly
6 - Double Clicking the RIP register should take us to the current RIP line
7 - Make the applications default font something like "Tahoma" with size 9 at least, the current font is too small, I mean the Application's interface like menus and buttons.
8 - I still prefer the old jump high-ligting method


I may have more suggestions in the future and thanks for your patience :)


All times are GMT +8. The time now is 22:20.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX