|
@ahmadmansoor: you code does exactly the same. You function will not work with memdisks etc. strincmp just compares the beginning of the strings with the number of character of the device name. Take a look here for the source code from Scylla of this function: http://bitbucket.org/mrexodia/devicenameresolver
@nonepe: it will not work lol Greetings |
@mr.exodia: I have to just say, I am truly amazed by your work so far - thus far, I have been able to work my way around several x64 targets that I probably wouldn't have been able todo properly with for instance IDA..
So thanks a million for this epic work bro, and thanks again for the testplugin that you made - really helped alot :D |
@n00b: glad you like it! feel free to post feature suggestions anytime, so your experience can be improved.
Greetings |
no it work very fine even with flash memory
1 Attachment(s)
Hi mr.exodia :
no my friend I am sure that my code work 100% with all devices ;) , I have try it on flash memory and the driver was V:\ and it work very fine without any problem . I explain the problem ,why this happen with u . Look after u make the GetMappedFileNameA devicepath will be like this "\Device\HarddiskVolume19\T1\WinRAR\WinRAR.exe" const char * the important thing is (( \Device\HarddiskVolume19 )) -on my PC it is S:\ Disk- this is our harddisk or flash disk name form root . now u begin go in a loop to find the root name of each disk and make compare . when u reach the to disk which have a name like ur hard disk name but without (( 9 )) at the end (( \Device\HarddiskVolume1 )) <<< this is G:\ disk on my PC - and as will as ur length compare is wrong too so when u make compare with ur _strnicmp which will gave u the result = 0 so it pass the compare(if condition) and change the path of our exe to this "G9\T1\WinRAR\WinRAR.exe" ,by this the next check will wrong too by this string of path. then u will be not able to load the target . please try this package again I am sure 100% it work and I can upload a movie prove that it work . |
Lol 163 views through 45 min ...
x64_dbg is become a very desired debugger .... very Good mr.exodia :cool: this is full package for both x32 and x64 , so anyone can try and give us the result pls . Quote:
|
@ahmadmansoor
There is still a bug with QueryDosDevice. This API cannot resolve all devices like encrypted devices. I had the same bug in scylla https://github.com/NtQuery/Scylla/commit/67d62b4a2c4d7561b53bd595ca1fda51416ac20f But there is still a problem with network devices. |
nop my friend I try it on network folder and was working very will .
did u try the package my friend ?? I think I will upload a flash movie . |
@ahmadmansoorn I think I see what was wrong with my code, but its fixed already using Aguila's code :)
Greetings |
yes the problem come form (((ur length compare is wrong))
That all so no need ton of code to fix the problem ,that what I mean . |
This code is needed for virtual drives (like ramdisks) like Carbon also said.
|
but it support ramdisks too !!!! and network devices too .....
Lol did I miss something :rolleyes: ??? check this movie ,can u be online ? Quote:
|
Ahmadmansoor
1 Attachment(s)
Quote:
@Ahmadmansoor: It works fine on my tests. Flash movie attached... |
@insid3code: so this works right now? https://mega.co.nz/#!Px4mhDiY!-cT-rQwjMuZtTWQtKpEjzPChFvCuh-W2NSu_qnYBk6E
Greetings |
If you want to produce an path error, try this tool:
https://www.boxcryptor.com/download/Boxcryptor_Classic_Setup.msi Create an encrypted folder, mount the folder and start an executable inside this folder. |
sorry for spamming with crap, but this should really work: https://mega.co.nz/#!6953UB7R!lpC5rAzrHzqjJFIoWw1HlNaqyfEG8lanfl149aWLcjE
|
@mr.exodia: Latest fix works fine now...
|
is "x64dbg.com" down for everyone? or it's my internet error?
|
Quote:
https://bitbucket.org/mrexodia/x64_dbg |
Domain appears to be up again.
|
V1.5ALPHA is released!
Changelog: - added debug privilege option (TitanEngine) - fixed a bug with GetFileNameFromHandle ('error starting process (invalid pe?)') - fixed a bug with attaching to an x32 process from the x64 debugger - added 'detach' command - added twords,dqwords,ywords and zwords - added a menu API for plugins - movable tabs - detachable tabs (for example to place a tab on a second screen) - fixed a bug with [esp]=4 (valtostring) - fixed a lot of bugs with scripts - removed result display of the mov instruction - press enter on a script jump to get to the destination - basic script syntax highlighting - added RVA view in disassembly (double click on the address) - double click on the opcodes to toggle breakpoints - double click on the disassembly to assemble - double clikc on the comments to comment - fixed an annoying bug with searching for referenced strings - when you use '-1' in the ExceptionRangeDialog it will use 'FFFFFFFF' instead - better documentation - added a simple 'find' command for scripts - added find references to an address (ctrl+r) Download: http://x64dbg.com Greetings, Mr. eXoDia |
Very good friend, i let me suggest you a feature very interesting, it is intermodular calls.
A greeting. |
@beseoso: it's on the todo list, thanks :)
V1.6ALPHA is out! This version is actually to be compatible with ScyllaHide, so many asked things are not yet implemented. Changelog: - search for menu in disassembly context menu - 'ready' instead of 'terminated' on start - selection API - updated find, strref and reffind commands - strings in the stack - follow in dump/disasm/stack in stack context menu - force default alignment in SDK - section names in memory map - bring debugger to front when paused - fixed a bug with the '=' sign - added a line edit window api - updated TitanEngine (fixes some handle leaks and maybe hanging bugs) Download: https://sourceforge.net/projects/x64dbg/files/latest/download Online Help: http://mrexodia.cf/x64hlp/ Source Repository: http://x64dbg.com Greetings, Mr. eXoDia |
@Mr.eXodia: i have get a bug with assemble on jump and call command(jnz->jz, jx->jmp, call address), but its work on call register(rcx,rax...)
quygia128 |
hi,
yes, this bug has been reported various times, I will include this in the limitations. greetings |
V1.7ALPHA is out!
Changelog: - some help updates - added version information to file - detach using right click -> detach on the tab you want to detach - fixed a bug when searching for strings twice (search didn't work) - fixd a crash on loading an empty script - fixed a potential overflow while escaping a debug string - escape the section names from the memory map - better pattern finder - added command auto-completion (includes plugin commands) - removed an annoying log message on clicking a plugin menu - fixed bugs in GuiSelectionGet & GuiSelectionSet (thanks to ahmadmansoor) - added commandline support (x64_dbg.exe "c:\program files\test.exe") - fixed a bug in modbasefromname (thanks to Artic!) - added status bar API - added bpdll command - fixed a bug in DeviceNameResolver - fixed various bugs in TitanEngine - fixed a bug with manual functions in the GUI - added various bridge exports Download: https://sf.net/p/x64dbg Greetings, Mr. eXoDia |
Hey bro eXoDia, thanks for sharing latest alpha! I was been waiting by x64 version for a long time ago. :)
Greetz, CD |
V1.8ALPHA is out!
Welcome tr4ceflow to the team! Changelog: - added IDA-like sidebar - color customization - instruction tokenizing - allow highlighting of instruction tokens (CTRL+H) - new register view that highlights changes - fixed a bug with detaching - updated BeaEngine - new database format (JSON + lz4) - massive performance improvements - use SHIFT for selection - small fixes - project code cleaup - more API functions Website (made by tr4ceflow): http://x64dbg.com Greetings, Mr. eXoDia |
Quote:
but i'm found a bug: if you try to load DLL without 'Sytem Breakpoint' but with regular stop on EP it crashes (x64_dbg(x32)) |
Thanks for sharing x64 version
ــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــ BEST REGARDS ؟?؟ ALEN ؟?؟ |
OMG mate, your debugger just can't stop to amaze me - the best X64 debugger to date!
It's working perfect, nothin more or less to say ;) Only thing I'd like to add which would be useful has to be the ability to copy bytes from sub-menu when selecting either 1 line or several in the core window, and/or in the dump window :) |
V1.9ALPHA is out, featuring many requested changes!
Changelog: http://x64dbg.com/changelog.html (crash when posting the actual changelog) Website: http://x64dbg.com Greetings, Mr. eXoDia |
1 Attachment(s)
hi, i got a problem in solve module name in new release v.1.9 release.
Pic attached. A greeting. Attachment 7841 |
1 Attachment(s)
|
1 Attachment(s)
@besoeso: Could I use TeamViewer to debug x64_dbg on your computer? I cannot reproduce this problem...
EDIT: First please try these DLL files (copy&overwrite in x64_dbg directory). Please tell me the exact error message, maybe I can provide some fixes for that. Greetings, Mr. eXoDia |
Hey guys,
Thanks to besoeso I found a bug in the WinAPI which caused NtQueryObject to not set the required structure size. Long story short, if you have Windows XP, download the updated DeviceNameResolver here and copy&replace it in your x64_dbg directory: https://bitbucket.org/mrexodia/devicenameresolver/downloads/DeviceNameResolver_002.rar Greetings, Mr. eXoDia |
Quote:
|
Firstly I would like to say WOW! Thank you for a fantastic release - truly brilliant work.
Secondly it seems to crash (here at least) when searching for intermodular calls. If you could let me know what I can do in the way of providing logs, links to target, my set up etc I would be more than happy to offer what assistance I can in troubleshooting this. Finally, as suggestions for improvement : 1. make the reference windows sortable (or even better searchable) (SO much easier to track down stuff that way) 2. some sort of "Copy all modifications to executable" option and 3. showing referenced data in the window below the disassembly window i.e Test qword ptr ds[r9+4],0 at RDX and in the window display Qword ptr ds[r9+4] = 00000001404EEDC0 I realise that most of us are asking to integrate OllyDbg functionality into x64_dbg but IMHO these are some of the most useful. To me anyway :) Once again mr. exodia - thank you for a fantastic tool |
@TheEnd: Did you try the fix in the post above yours?
@-=bb=-: Thanks! Regarding the crash, best would be to send me a video/txt how to reproduce it + (most importantly) the file you tried it on. Everything is working fine here. Regarding your suggestions: 1. first point is implemented 2 seconds ago (thanks for reminding me), second point is already implemented 2. already implemented, try the 'Select groups' button in the patch dialog 3. thanks, but this has been requested a few times now (see issues.x64dbg.com) To everyone requesting features: make sure it's not already implemented! or already on the issues list http://issues.x64dbg.com Please also create an issue at http://issue.x64dbg.com this allows everyone to work on it. Greetings, Mr. eXoDia |
Quote:
Quote:
2. Found it - thank you! Quote:
Kindest regards BB |
Hi mr.exodia
May I suggest the following ? 1 - Give us the ability to change font size and type 2 - Scrolling in the CPU window is slow even on a fast box 3 - When pressing Ctrl + G to go to some address, the focus should be given to the edit control in that dialog to allow quick "Copy" , "Paste" functions, actually such dialogs should have a default control which gets the focus as soon as the parent dialog shows up. 4 - Add color schemes based on the Olly's popular color schemes to allow quick changing and adaptation to the new debugger. 5 - Add a "Run till user code" like in Olly 6 - Double Clicking the RIP register should take us to the current RIP line 7 - Make the applications default font something like "Tahoma" with size 9 at least, the current font is too small, I mean the Application's interface like menus and buttons. 8 - I still prefer the old jump high-ligting method I may have more suggestions in the future and thanks for your patience :) |
| All times are GMT +8. The time now is 21:51. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2023, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX