Exetools

Exetools (https://forum.exetools.com/index.php)
-   Developer Section (https://forum.exetools.com/forumdisplay.php?f=48)
-   -   x64dbg (https://forum.exetools.com/showthread.php?t=15328)

mr.exodia 02-17-2014 05:50

V0.8ALPHA Released!

Changelog:
- DBG: fixed a bug when stopping the currently debugged file
- DBG: fixed a problem with the output symbols
- DBG: undecorated symbol names
- DBG: resolved issue #34 (no more random crashes)
- DBG: added step until return (thanks to RaMMicHaeL for the suggestion)
- GUI: updated breakpoint view to display label+comment
- DBG: fixed a small bug in DebugDisableBPX
- DBG: breakpoint list contains module names without extension
- BRIDGE: changed BridgeAlloc to use WINAPI
- DBG: changed emalloc to use WINAPI
- GUI: added GPUStack files
- GUI: Fixed a display bug in the disassembly

Download:
https://bitbucket.org/mrexodia/x64_dbg/downloads

Greetings,

Mr. eXoDia

cxj98 02-17-2014 14:08

I don't see any big update, many feature not functional.

mr.exodia 02-17-2014 19:14

Quote:

Originally Posted by cxj98 (Post 90046)
I don't see any big update, many feature not functional.

Hi,

Thanks for the feedback, but could you be more specific about features that don't work please? Like this I cannot improve anything. If you mean that there are still many features to implement: I know, we are working hard on it, but this update should have solved some problems so that's why I released it (this ensures users don't report crashes that were already fixed).

If you have a bugreport:
1) Post a crashdump when you cannot reproduce it
2) Post a screenshot/video/txt about how to reproduce the crash

We take bug reports very seriously, they will be fixed right away.

Greetings,

Mr. eXoDia

mr.exodia 02-19-2014 10:14

V0.9ALPHA Released:
- added symbol viewer
- fixed many memory leaks and random crashes (hopefully the random crashes will stay away now)
- added recent file list (thanks to durazell!)
- everything compiled with MSVC2010, also fixed some crashes, don't know why, create a fresh installation
- simple tabbed layout

Download:
https://bitbucket.org/mrexodia/x64_dbg/downloads

Greetings,

Mr. eXoDia

PS No big updates, just the symbol view

Insid3Code 02-19-2014 17:00

I like new look (Tabs)
BTW, Symbol info (Follow in disassembler) very helpful! thanks!

chessgod101 02-20-2014 06:19

Are there any plans to implement features like search for all referenced text strings, all intermodular calls, names in current module, and others like in ollydbg? That is certainly a feature that I am yearning to see in an x64 debugger.

mr.exodia 02-20-2014 06:27

Hi,

Yes, these plans were my first plans when I started with this project :) Do you maybe know a good way of detecting unicode strings from memory? I will again take a look at this, but I dont want it to be a silly feature.

Greetings

Av0id 02-20-2014 16:53

mr.exodia, there is ollydbg plugin called 'ustrref', it's open source - http://www.luocong.com/myworks.htm#ustrref

mr.exodia 02-20-2014 17:52

Quote:

Originally Posted by Av0id (Post 90106)
mr.exodia, there is ollydbg plugin called 'ustrref', it's open source - http://www.luocong.com/myworks.htm#ustrref

Sorry for this thank you-type post, but: THANKS!

I will most certainly implement string searching very soon with this code (but first I have to finish XEDParse)

Greetings,

Mr. eXoDia

Bey 02-21-2014 01:33

One thing I noticed immediately is it doesn't appear to support (or display) the
fpr/mmx and xmm registers. Will these be supported (or displayed) in the future?

mr.exodia 02-21-2014 02:17

@Bey: Yes, they will be supported :)

Greetings

mr.exodia 02-24-2014 20:09

Working hard on the references, but because I'm away this week I wanted to push this out.

V1.0ALPHA Released!

Changelog:
- better symbol searching
- draft of the reference window (currently only manually adding references using the commands 'refinit' and 'refadd addr,label'
- Sigma fixed the dump window! (dump using the 'dump addr' command)
- small bugfixes

Download:
https://bitbucket.org/mrexodia/x64_dbg/downloads

Greetings,

Mr. eXoDia

PS We are still looking for more developers who have some time left to work on this project, please contact me.

cxj98 02-24-2014 20:22

excellent project, need call third developer work together. that will be much better on speed.

n00b 02-24-2014 21:07

Nevermind... It was due to my poor judgement by running it in Win7 mode... My bad...
Works flawless! :D

mr.exodia 02-24-2014 23:24

Quote:

Originally Posted by cxj98 (Post 90165)
excellent project, need call third developer work together. that will be much better on speed.

Hi,

Im open to suggestions, maybe Oleh wants to team up :p

mr.exodia 03-03-2014 08:29

v1.1ALPHA Is out (just release 11)

Changelog:
- simple stack view (no interaction yet, sorry)
- small bugfixes

Download:
https://bitbucket.org/mrexodia/x64_dbg/downloads

Greetings,

Mr. eXoDia

PS Just a small snapshot of this weekend, hopefully there will be some context menus later this week.

cxj98 03-03-2014 09:10

it's very good now, keep good working.

nikor 03-05-2014 09:23

great work! glad to see an open source x64 debugger maturing so well

ali56s 03-05-2014 20:49

how can I search string at it?
BR

ahmadmansoor 03-15-2014 09:40

update backup need fix .
after u make some changes to source code ,and reload target in the debugger again the BP ( which u put it before ) will still and take its place as int3 .program will failed .

n00b 03-28-2014 16:13

I read somewhere that you can use commands based on the TitanEngine itself - does this include for instance DumpProcess by any chance?
I tried using Scylla's process dumper, but its no good for me as it keeps creating this messed up dump...

The best would be to have a proper dumper like OllyDumpEx, which produces a very good dumped executable on PE32 :)

Anyways, back to my question; is there any chance I can use TitanEngine's DumpProcess within the x64_Dbg for this purpose?

mr.exodia 03-28-2014 17:42

@n00b: currently i didnt implement this command, but take a look at the plugin engine. its easy to add a command.

greetingd

Carbon 03-28-2014 19:38

Quote:

Originally Posted by n00b (Post 90581)
I tried using Scylla's process dumper, but its no good for me as it keeps creating this messed up dump...

messed up dump?

n00b 03-29-2014 02:18

Yeah, it simply won't run when dumped - I also tried with another tool, which dumps the process aswell - and it ran, but the size increased exponentially to say the least... Went from 40mb to 70mb...

mr.exodia 03-29-2014 07:41

@n00b: I'll create a small plugin for you to see if its working. Will do that after the new release of x64dbg :)

Greetings

n00b 03-29-2014 15:24

Thank you so much mate, that would be really helpful indeed :)
@Carbon: The tool I used which managed to create a working dump, is VSD v1.0 x64 :)

n00b 03-30-2014 16:14

@mr.exodia: So, I'm trying to create my own plugin here - and I was curious, how do I get the current RIP of any process through a plugin?
I have checked both example plugin, and the TitanHide plugin for clues - even looked quickly at the headers which to include...

I'm not the most experienced coder of plugins, so I apoligize for looking too noobish - hehe :)

Big regards :)

mr.exodia 03-31-2014 04:56

@n00b: Thanks for the interest. You can either use the Bridge export 'DbgValFromString' or you can use TitanEngine (just call GetContextData).

some example code:
Code:

//Bridge
//you can also use 'CIP' for an architecture-independent IP register
duint rip=DbgValFromString("RIP"); //"RIP" can be anything that's an expression
//TitanEngine
rip=GetContextData(UE_RIP);

Feel free to post here if you have feature requests.

@everyone:
V1.2ALPHA is out!

Changelog:
- many small crash fixes (stack overflows etc)
- many fixes regarding the Dump window
- different dump views
- bugs with valfromstring fixed (now much faster)
- latest development version of TitanEngine Community Edition (many, many, many fixes)
- simple thread view
- project design overview (x64_dbg_sceme.vsd), useful for plugin developers
- TLS callback support
- informative window title
- user preferences (eg on which events to break)
- bug with the recent file list fixed
- ignore exception ranges
- debug strings are now displayed (escaped)
- added 'xor' command
- many fixes in the script engine
- simple stack display

Download:
https://bitbucket.org/mrexodia/x64_dbg/downloads

Greetings,

Mr. eXoDia

mr.exodia 03-31-2014 06:21

1 Attachment(s)
Sorry, I could not edit my previous post anymore..

Attached an example plugin (DumpProcess), I tested it for a simple DLL + EXE and it appears to work fine. Feel free to (ab)use it however you like.

EDIT: @n00b, seems like I've misread your question. To get the RIP of any process, you should use the function GetThreadContext, enum the threads in a process using CreateToolhelp32Snapshot & Thread32Next and then get the RIP of the thread you're interested in...

Greetings,

Mr. eXoDia

mr.exodia 04-05-2014 06:36

V1.3ALPHA is out!

Changelog:
- added reference searching 'ref value[,page]'
- added string reference searching (little button in the upper-right or the command 'strref [page]'
- fixed a bug when you removed all ignored exception ranges.

Download:
https://bitbucket.org/mrexodia/x64_dbg/downloads

Greetings,

Mr. eXoDia

mr.exodia 04-08-2014 06:27

V1.5ALPHA is out (lol, kinda spamming)

Changelog:
- fixed some bugs with references
- added the 'Previous (-)' and 'Next (+)' function (to get back to your previous address of interest). This has a maximum depth of 1024, but it's easy to change this to any other value, since I use dynamic arrays

Download:
https://bitbucket.org/mrexodia/x64_dbg/downloads

Greetings,

Mr. eXoDia

mr.exodia 04-09-2014 20:22

@stev: ... ok thats the download link I provided.

Insid3Code 04-12-2014 02:08

Hi mr.exodia,

I have a machine who has a hard disk more than one tera, partitioned into multiple disk drive (disk drive letter: c, d, e, f ... p)

x64_dbg display "error starting process (invalid pe?)!" when I try to debug something in disk drive (letter: M, N, O or P)

it works fine on (disk drive letter: C,D,E.......L)

s0me0n3 04-16-2014 16:57

I have mutliple HDDs, too, all splitted into seperated partitions.

I have my x64_dbg on th C drive, so please explain what you do:
Where lays the debugger? Where do you try to debug? Did you tried running the debugger as admin to ensure you have the right to read and write on every path? Does it happens with ANY file you try to debug? Do you tried it over a network path or do you simply tried debugging a file from your normal windows from another partition?

Some more info will help finding and fixing the problem. ;)

mr.exodia 04-16-2014 21:29

Hi,

I have also noticed this problem, I think there is some bug with both TitanEngine (DLLLoader) and x64_dbg. Unfortunately I cannot reproduce the bug very well.

Greetings

ahmadmansoor 04-17-2014 00:11

Hi Mr.exodia
how I can get the line ( address + hex + assemble command ) at GUI ?.
and how I can refresh the GUI after change some hex value ?

Insid3Code 04-17-2014 03:06

"invalid pe" Bug (Flash movie attached):
PHP Code:

http://www.mediafire.com/download/pwagwb0oppzmx5p/demo001.rar 


mr.exodia 04-17-2014 06:42

@ahmadmansoor: Copying this is not yet possible, same for the plugin API. This is on the todo list however. Refreshing the GUI is possible using the following APIs:
Code:

BRIDGE_IMPEXP void GuiUpdateAllViews();
BRIDGE_IMPEXP void GuiUpdateRegisterView();
BRIDGE_IMPEXP void GuiUpdateDisassemblyView();
BRIDGE_IMPEXP void GuiUpdateBreakpointsView();

@Insid3code: please try this 'fix' the only problem I could think of was something with virtual devices, but I just cannot reproduce the bug here. https://mega.co.nz/#!H5xlDBqb!j8cRrh3r4a89vXr00yPf_jYI5Oq7Cwx5H_7dSiyCm64

Greetings

ahmadmansoor 04-17-2014 07:42

"invalid pe" Bug Fix
 
2 Attachment(s)
Hi mr.exodia
no my friend the problem came form here ((DevicePathToPath))
specially from this command
Quote:

if(!_strnicmp(devicepath, curDevice, x)) //we match the device
I think u useing it wrong

this is how I modify the code to make it work
Quote:

bool DevicePathToPath(const char* devicepath, char* path, size_t path_size)
{
if(!devicepath or !path)
return false;
char curDrive[3]=" :";
char curDevice[MAX_PATH]="";
for(char drive='C'; drive<='Z'; drive++)
{
*curDrive=drive;
if(!QueryDosDeviceA(curDrive, curDevice, MAX_PATH))
continue;

std::string str(curDevice);
std::string str1(devicepath);
std::string temp,temp1;
int x=0;
for (int i=0;i<=str1.size();i++)
{
temp1=str1.substr(i,1);
if (temp1.compare("\\")==0){x=x+1;};
if (x==3){x=i;break;};
}
str1=str1.substr(0,x);
if(str1.compare(str)==0 )
{
//if(strlen(devicepath)-curDevice_len>=path_size)
if(strlen(devicepath)-x>=path_size)
return false;
//sprintf(path, "%s%s", curDrive, devicepath+curDevice_len);
sprintf(path, "%s%s", curDrive, devicepath+x);
return true;
}
}
return false;
}
note : I just like to work with string than other lab lab ( char -const char ...) :D

please try the attached files .
bs : thanks for the hint for Refreshing GUI

nonepe 04-17-2014 09:54

well, i will try to debug dos, hope it support.


All times are GMT +8. The time now is 14:43.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX