EXETOOLS FORUM

EXETOOLS FORUM (https://forum.exetools.com/index.php)
-   Developer Section (https://forum.exetools.com/forumdisplay.php?f=48)
-   -   x64dbg (https://forum.exetools.com/showthread.php?t=15328)

mr.exodia 10-28-2013 04:36

x64dbg
 
Hi everyone,
 
Maybe some of you heard it already, but Sigma and I are working on an x32/x64 debugger for Windows for a few months now... The debugger currently has the following features:
  • variables, currently command-based only
  • basic calculations, can be used in the goto window and in the register edit window. Example: var*@401000+(.45^4A)
  • software breakpoints (INT3, LONG INT3, UD2), currently command-only (just type 'bp addr')
  • hardware breakpoints (access, write, execute), also command-only
  • stepping (over, into, out, n instructions), can be done with buttons/shortcuts
  • memory allocation/deallocation inside the debuggee
  • quickly access API adresses (bp GetProcAddress)
  • syntax highlighting, currently not customizable
  • simple memory map (just addr+size+module+protection basically)
The debugger has an easy GUI, for which we looked a lot at Olly ;)
 
Screenshot:
http://rghost.net/49769041/image.png
 
Debug engine is TitanEngine, disassembler BeaEngine, icons are from various sources (see About dialog). We use QT for the GUI part.
 
If you have a suggestion, a bug report, need more info, want to contribute, just post here or send me a private message.
 
The latest public build + source can always be found on http://x64dbg.com (click 'Source'->'bin_public') to download the latest build. For now, you can download the first 'alpha' here: http://rghost.net/49769396
 
We would love to hear from you!
 
Greetings,
 
Mr. eXoDia & Sigma

ferrit.rce 10-28-2013 07:43

The idea is cool! :) BTW are you using TitanEngine version 2.0.3? Previously I've implemented some unpackers with this version but I've found several major bugs inside. I've reported all of these issues but seems like this code is dead. Because of that I've tried to fix them alone but I've found a spagetti code :D Just for your information...

mr.exodia 10-28-2013 08:33

Quote:

Originally Posted by ferrit.rce (Post 87628)
The idea is cool! :) BTW are you using TitanEngine version 2.0.3? Previously I've implemented some unpackers with this version but I've found several major bugs inside. I've reported all of these issues but seems like this code is dead. Because of that I've tried to fix them alone but I've found a spagetti code :D Just for your information...

Thanks! We use an updated version of TitanEngine... If you still know these bugs, you could report them here: https://bitbucket.org/mrexodia/titanengine-update/issues (I've fixed many)

Greetings,

Mr. eXoDia

ferrit.rce 10-28-2013 19:52

OK, I'll look for these issues and report them on the URL when I've found something...

Quote:

Originally Posted by mr.exodia (Post 87631)
Thanks! We use an updated version of TitanEngine... If you still know these bugs, you could report them here: https://bitbucket.org/mrexodia/titanengine-update/issues (I've fixed many)

Greetings,

Mr. eXoDia


JeRRy 10-28-2013 23:33

"Yes (mainly x32)" should be "Yes (mainly x64)"

ahmadmansoor 10-29-2013 04:32

I like this Idea very much .... but look on the steps to build this project will take a long time ,especially to get bug report and begin fix it, so for x32 it will be a waste of time ,but for x64 no problem.
anyway I would like to join this project too , maybe as a tester at this time and a coder later.
and I prefer to work on X64 more than x32 .u know ollyDbg take tha place .
so the best thing is thinking in x64 and make one like an ollyDbg x1.0 which all guys like it ,and try to emulate it Functionally.

mr.exodia 10-29-2013 05:40

@ferrit.rce: thanks in advance for that!

@Jerry: you're right, I wanted to change it, but I was too late to edit the post (maybe one of the admins could do that?)

@ahmadmansoor: great you want to join, of course you are welcome! As for the development time x32 and x64 require (almost) no different code. In fact, porting the GUI from x64->x32 took a few minutes :)

Our aim is indeed to add features like ollyDbg, our design is very different though (GUI and DBG are separate, so bugs can be easily fixed without having to recompile all modules) also the plugin architecture is going to be very different (currently there are only some ideas but there will be many types/places to add plugins to)

Also, a new release available in public_bin.

Changelog:
- added Scylla 'plugin' (start scylla with the current process/dll you have loaded)
- fixed many GUI bugs (redraw bugs etc), by Sigma
- fixed this disassembly bug with truncated QWORDS

Download in the repo

Greetings

NeOXOeN 10-30-2013 09:26

mr.exodia: nice.. i hope you will finish the project a lot of work..

bye NeO

sendersu 10-30-2013 13:06

Time of 1 man a hero in the field is out nowadays (IMHO)
only the Team could do things today
so if I'll see some parts I could do and I'll have some free time I'll join as well
right now as a QA only

ahmadmansoor 10-31-2013 22:01

what u use to compile !! ,I have installed Qt ,and try to compile in both qt and vs2010 .
no success .
so any some steps to help .

mr.exodia 10-31-2013 23:21

Quote:

Originally Posted by ahmadmansoor (Post 87702)
what u use to compile !! ,I have installed Qt ,and try to compile in both qt and vs2010 .
no success .
so any some steps to help .

The building process is sadly enough quite complicated, I'm working on a full guide right now, but it might take some time to get that.

Greetings

Sailor_EDA 11-02-2013 06:38

This is an excellent idea. In the past I had looked at incorporating an actual x86 simulator engine like Bochs to help with unpacking but it looks like TitanEngine is an excellent resource to do as well. Looking forward to this tool.

Ember 11-02-2013 07:16

Really good job, mr.exodia! I like to write patches in OllyDbg using the assemble command, it would be nice to have the assemble command so I could patch 64-bit programs in the same way.

mr.exodia 11-03-2013 08:11

Quote:

Originally Posted by Ember (Post 87726)
Really good job, mr.exodia! I like to write patches in OllyDbg using the assemble command, it would be nice to have the assemble command so I could patch 64-bit programs in the same way.

Good, I'm working on a NASM DLL, it should do for assembling I think. The only problem is that I wanna interpret everything as hex an nasm has no commandline for that and another problem is relative memory addresses that are in x64.

Greetings

emo 11-03-2013 20:14

source is have svn link?


All times are GMT +8. The time now is 06:49.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX