Hi Mr.exodia
how I can get the line ( address + hex + assemble command ) at GUI ?.
and how I can refresh the GUI after change some hex value ?

"invalid pe" Bug (Flash movie attached):

@ahmadmansoor: Copying this is not yet possible, same for the plugin API. This is on the todo list however. Refreshing the GUI is possible using the following APIs:
@Insid3code: please try this 'fix' the only problem I could think of was something with virtual devices, but I just cannot reproduce the bug here. https://mega.co.nz/#!H5xlDBqb!j8cRrh3r4a89vXr00yPf_jYI5Oq7Cwx5H_7dSiyCm64

Greetings

"invalid pe" Bug Fix
 

Hi mr.exodia
no my friend the problem came form here ((DevicePathToPath))
specially from this command
I think u useing it wrong

this is how I modify the code to make it work
note : I just like to work with string than other lab lab ( char -const char ...) :D

please try the attached files .
bs : thanks for the hint for Refreshing GUI

well, i will try to debug dos, hope it support.

@ahmadmansoor: you code does exactly the same. You function will not work with memdisks etc. strincmp just compares the beginning of the strings with the number of character of the device name. Take a look here for the source code from Scylla of this function: http://bitbucket.org/mrexodia/devicenameresolver

@nonepe: it will not work lol

Greetings

@mr.exodia: I have to just say, I am truly amazed by your work so far - thus far, I have been able to work my way around several x64 targets that I probably wouldn't have been able todo properly with for instance IDA..

So thanks a million for this epic work bro, and thanks again for the testplugin that you made - really helped alot :D

@n00b: glad you like it! feel free to post feature suggestions anytime, so your experience can be improved.

Greetings

no it work very fine even with flash memory
 

Hi mr.exodia :
no my friend I am sure that my code work 100% with all devices ;) , I have try it on flash memory and the driver was V:\
and it work very fine without any problem .
I explain the problem ,why this happen with u .
Look after u make the GetMappedFileNameA

devicepath will be like this "\Device\HarddiskVolume19\T1\WinRAR\WinRAR.exe" const char *
the important thing is (( \Device\HarddiskVolume19 )) -on my PC it is S:\ Disk- this is our harddisk or flash disk name form root .
now u begin go in a loop to find the root name of each disk and make compare .
when u reach the to disk which have a name like ur hard disk name but without (( 9 )) at the end (( \Device\HarddiskVolume1 )) <<< this is G:\ disk on my PC -
and as will as ur length compare is wrong too so when u make compare with ur _strnicmp which will gave u the result = 0 so it pass the compare(if condition) and change the path of our exe to this
"G9\T1\WinRAR\WinRAR.exe" ,by this the next check will wrong too by this string of path.
then u will be not able to load the target .

please try this package again I am sure 100% it work and I can upload a movie prove that it work .

Lol 163 views through 45 min ...
x64_dbg is become a very desired debugger .... very Good mr.exodia :cool:

this is full package for both x32 and x64 , so anyone can try and give us the result pls .

@ahmadmansoor

There is still a bug with QueryDosDevice. This API cannot resolve all devices like encrypted devices.

I had the same bug in scylla https://github.com/NtQuery/Scylla/commit/67d62b4a2c4d7561b53bd595ca1fda51416ac20f

But there is still a problem with network devices.

nop my friend I try it on network folder and was working very will .
did u try the package my friend ??
I think I will upload a flash movie .

@ahmadmansoorn I think I see what was wrong with my code, but its fixed already using Aguila's code :)

Greetings

yes the problem come form (((ur length compare is wrong))
That all so no need ton of code to fix the problem ,that what I mean .

This code is needed for virtual drives (like ramdisks) like Carbon also said.