Exetools

Exetools (https://forum.exetools.com/index.php)
-   Developer Section (https://forum.exetools.com/forumdisplay.php?f=48)
-   -   x64dbg (https://forum.exetools.com/showthread.php?t=15328)

metal 11-23-2014 23:33

I will send you a PM, I don't want to reveal what software tbh.

mr.exodia 12-30-2014 11:45

V2.3ALPHA is out!

Changelog:
http://x64dbg.com/changelog

Website:
http://x64dbg.com

Greetings,

Mr. eXoDia

cxj98 01-08-2015 13:32

some feature suggest and request.
 
1. didn't you see, when we click on next asm code of jump xxxxxx, the red arrow jump line will automaticlly showed on OllyDBG, but none in x32dbg.



eg:



00401000 jnz 004010004

00401001 xxxxxxxxxx

00401002 xxxxxxxxxx

00401003 jmp 00401005

00401004 xxxxxxxxxxxxxxxxxx <----------- If you click here, the red jump line will automatic showed in OllyDBG jump from 00401000, but none in x32dbg, will this implement?

00401005 xxxxxxxxxxxxxx



2. didn't you see, when we search something, will result many, at current, we need set each breakpoint by press F2 many times one by one, so if I find thousand times of mov al, 1, should I need press F2 shousand times to set breakpoint on it? do you even think make a option or sub-menu called set all breakpoint or set bulk breakpoint on all of them? so in OllyDBG is have this feature on set all breakpoint on them or cancel breakpoint on them.



eg find result:



00401000 mov [EAX + 12], 1

00402000 sub 2, [EAX + 12]

00403000 mov EBX, [EAX + 12]

00404000 imul EAX, [EAX + 12]



3. at currently, we set API any breakpoint through command line box, that is inconvenience for user and me, did you even think make a API breakpoint Plugin or API Breakpoint menu option? in OllyDBG there is many such plugins, that is good, but none available yet in x32dbg.



eg:



bp MessageBoxA/W

bp ExitProcess



4. at currentlly, we set each windows eg: infobox window, stack window, hex window width & lenth, but exit debugger process, next time relauched, it can't saved into config.ini file, so need reset again, didn't you even think let it can be saved, so next time relauched I don't need set it again and again, I really hate it.



5. still against, when unicode string searching will be supportted? maybe there is some source code open Plugins on OllyDBG, If I can find for you. thanks.

chessgod101 01-28-2015 05:43

I just published a definitive tutorial for x64_dbg. It documents its settings and features and shows you how to use the tool to effectively debug a 64-bit application.

http://reverseengineeringtips.blogsp...to-x64dbg.html

mr.exodia 04-03-2015 08:09

V2.4ALPHA Released!

Changelog:
- resolved a crash when scrolling up in the dump
- resolved reference view not following in disasm correctly
- resolved losing settings
- fixed a crash with a critical section initialized multiple times
- added secret option to disable database compression
- various ui improvements
- allow 'jmp short'
- fixed hardware breakpoints
- disasm/dump/stack plugin menu api
- display the number of bytes selected and the module in dump
- added topmost option
- fixed TLS callbacks on DLLs
- show reference count in reference window
- fixed possible buffer overflows
- added a close all button in the reference view to close all tabs
- fixed a bug with a non-refreshed memory map on start
- report bug button
- update hex when editing ascii/unicode in HexEditDialog
- settings dialog now scales
- fixed importing patches
- thread-safe dbghelp access (could fix some crashes)
- Yara pattern finding support
- resolved an issue where toggling patches did not toggle the actual bytes
- data copy dialog in various formats (C byte/word/dword/string/unicode)
- dynamic 'Find references to' menu in disassembler (auto-detects constants)
- added find references option to the dump (also works with a range selection)
- show what was searched for in reference tab title
- RegEx support in SearchListView

Download:
http://snapshots.x64dbg.com

Donate:
http://donate.x64dbg.com

Greetings,

Mr. eXoDia

ahmadmansoor 04-04-2015 21:10

Nice news
Quote:

disasm/dump/stack plugin menu api
:D

Conquest 04-04-2015 22:06

can you implement some type of compatibility with olly plugins. The sheer amount of olly plugins is main reason why i still cannot use it as my default debugger.(i understand the fact that most plugins on the wild is to fix and hide olly, but some of them has other purposes as you can already guess, ex- ollyscript, oreans unvmer etc.)

Carbon 04-05-2015 01:45

@Conquest
That is too much work and wasted time.

Maybe you should become active?
- Create feature requests: https://bitbucket.org/mrexodia/x64_dbg
- Ask plugin authors for a x64dbg version.

x64dbg has already more than enough hide plugins.

Conquest 04-05-2015 11:32

Quote:

Originally Posted by Carbon (Post 98760)
Maybe you should become active?
- Create feature requests: https://bitbucket.org/mrexodia/x64_dbg
- Ask plugin authors for a x64dbg version.

You misunderstood me, i am not looking for hiding features, some of the pluigns for olly like oreans unvmer and zeus are very important and unfortunately ,deathway isnt active recently(and i doubt with his busy schedule he will be interested in learning x64dbg) and i dont know ximo personally or how to contact him. I can write 1 or 2 small plugins may be but i am far less capable of creating something as good as theirs(or just too lazy).

But i got your point, it will be really cumbersome to provide olly compatibility .
Thanks for considering my advice though. Appreciate it.

mr.exodia 04-05-2015 11:38

Compatibility with OllyDbg plugins is not possible, just because the architecture is completely different. Maybe I could do some exports ollydbg has, but those would already require plugin patching or some weird dll called 'OllyDbg.exe' that was somehow loaded in x64dbg and the plugin at the same time (first load OllyDbg.exe in x64_dbg and then load the plugin in x64_dbg?).

Feel free to give it a shot.

For plugins that only use a few APIs it might be possible to do with some hacks, but apart from that I doubt it is possible.

Carbon 04-05-2015 18:25

Olly has 188 exported functions. That is insane.

Oreans UnVirtualizer 1.8 uses 27 functions. Emulation is possible. But some APIs are really difficult to emulate (in my opinion).
Code:

_Addsorteddata (hard)
_Addtolist (easy)
_Createsorteddata (hard)
_Deletesorteddata (hard) 
_Deletesorteddatarange (hard)
_Destroysorteddata (easy)     
_Disasm (easy)                 
_Finddecode (hard)           
_Findmemory (easy)           
_Findmodule (easy)           
_Findname (hard)           
_Flash (easy)                 
_Getsortedbyselection (hard)
_Infoline (easy)             
_Painttable (hard)         
_Plugingetvalue (easy)       
_Pluginreadintfromini (easy) 
_Pluginreadstringfromini (easy)
_Pluginwriteinttoini (easy)   
_Progress (easy)             
_Quicktablewindow (hard)
_Readmemory (easy)           
_Registerpluginclass (easy)   
_Setcpu (hard)             
_Tablefunction (hard)       
_Unregisterpluginclass (easy) 
_Writememory (easy)


Jupiter 04-06-2015 07:44

Poll options update
 
Please, update poll options. Currently there are only 3 options excluding the most important one: "Yes, as x64 debugger"

Would you use this debugger?
  • Yes, as x64 debugger
  • Yes (mainly x32)
  • Not at all
  • Yes, if it gets better (please post feature suggestions)

Hypnz 04-07-2015 00:44

U can also add another one. -Yes, As x32 and x64 debugger.

mr.exodia 04-07-2015 01:12

When i made the poll I meant to make the "Yes (mainly x32)" "Yes (mainly x64)" the typo was never fixed :) now added the option.

Carbon 05-01-2015 02:00

Please remove the poll, because it is useless. With further improvements more and more users will use this debugger.

Have you thought about supporting more OS? Like linux x86/x64? I don't know how good the win code separation is but supporting another OS will be a killer. If your code is good :D you only need to replace titanengine, because qt is platform independent anyway.

Creating the basic linux debugger functions is as easy as in windows.
e.g. https://github.com/tuco86/edb-debugger/blob/master/plugins/DebuggerCore/unix/linux/DebuggerCore.cpp

PS: Please create a new snapshot with the new plugin icon stuff :)


All times are GMT +8. The time now is 06:08.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX