EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > Developer Section

Notices

View Poll Results: Would you use this debugger?
Yes (mainly x32) 72 29.63%
Not at all 22 9.05%
Yes, if it gets better (please post feature suggestions) 79 32.51%
Yes (mainly x64) 70 28.81%
Voters: 243. You may not vote on this poll

Reply
 
Thread Tools Display Modes
  #151  
Old 09-16-2014, 12:21
anon_c anon_c is offline
Friend
 
Join Date: Jan 2011
Posts: 27
Rept. Given: 25
Rept. Rcvd 8 Times in 3 Posts
Thanks Given: 12
Thanks Rcvd at 1 Time in 1 Post
anon_c Reputation: 8
I've just used this tool (V2.1ALPHA) recently and wow! I am speechless on what to say about the improvement since the last time I used this debugger! Thanks a lot mr.exodia for the ongoing development of x64dbg, it is a really nice work and greatly appreciated!

Here are a few comments:

I can't seem to find a plugin development tool or instructions? Does it exist?

Do the hardware breakpoints work? When I try to set one, I always seem to get "address not aligned" in the log.

When I try to set a hardware breakpoint on access for a byte, I see the message "error setting hardware breakpoint". The log shows "invalid size, using 1"… Yet, right clicking on the byte and Breakpoint, the "Remove Hardware" appears in the contextual options. And we can delete the HWBP…

In the small action window in between the disassembly and the dump windows: when not in full screen, the horizontal scroll bar interferes with the visibility

A little cosmetic change on the icon when pinned in the taskbar. On Windows 7 with Aero, the icon is barely visible (at least on my systems…). Maybe add a little red contour? Not a big deal, only a suggestion…
Reply With Quote
  #152  
Old 09-19-2014, 21:24
RedBlkJck RedBlkJck is offline
Family
 
Join Date: Oct 2011
Posts: 98
Rept. Given: 66
Rept. Rcvd 80 Times in 43 Posts
Thanks Given: 19
Thanks Rcvd at 6 Times in 5 Posts
RedBlkJck Reputation: 80
I'm having a problem with the _NT_SYMBOL_PATH on both 32 & 64 bit. I use a central folder for storing all the symbols that are updated from the MSDN online repository. C:\debug\symbols When using a batch file for setting the srv path or setting it globally in the environment variables, x32_dbg doesn't find the symbols. It's ignoring the path set with _NT_SYMBOL_PATH and only searches for a folder named Symbols in the path of the debugger. C:\debug\x64_dbg\x32\Symbols The folder didn't exist but I've created the folder and tried setting the path there. This made no difference, it won't pulls any symbols from MSDN.

I updated to the current debug tools available from MS, replaced the required files and that made no difference. The only way I can get the symbols to load outside of the debugger path is by creating a hard symbolic folder link named "Symbols" and point it to the central symbols folder.
mklink /J C:\Debug\x64_dbg\x32\Symbols C:\Debug\Symbols
This seems to be working to load from local but it doesn't pull from MSDN. I use the same cmd for setting the env bat file that works for OllyDbg ver 1. Am I missing something?

Here is log entry from a symbol that is not current. This is starting with a batch file and a hard symlink set for the symbol folder. (If no hard symlink, all symbols fail.)
SYMSRV: C:\Debug\x64_dbg\x32\symbols\wininet.pdb\44EB68294B5042CB87A79B41E46A85692\wininet.pdb not found
DBGHELP: C:\Windows\SysWOW64\wininet.pdb - file not found
DBGHELP: wininet.pdb - file not found
DBGHELP: wininet - export symbols

Loaded the same app in Ollydbg 1 via srv batch file which updated the symbol from MSDN, now x64_dbg finds the symbol.
DBGHELP: wininet - public symbols
C:\Debug\x64_dbg\x32\symbols\wininet.pdb\44EB68294B5042CB87A79B41E46A85692\wininet.pdb

Idea?
Request - Possible to add setting the local symbol path with an option for using MSDN similar to how Ollydbg 2 does? So no batch file or global var is needed.
Thx - jack
Reply With Quote
  #153  
Old 09-20-2014, 02:34
mr.exodia's Avatar
mr.exodia mr.exodia is offline
Super Moderator
 
Join Date: Nov 2011
Posts: 855
Rept. Given: 496
Rept. Rcvd 1,154 Times in 308 Posts
Thanks Given: 92
Thanks Rcvd at 528 Times in 202 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
@anon_c: There is a plugin API, but it's not very documented. We are working on that.

As for your hardware breakpoint problem, this is a hardware limitation (alignment with HWBP size), please see if you can reproduce the issue on another pc.

The icon is not ours, it's licensed from icons8 (with backlinks).

@RedBlkJck: For a central storage, consider setting up your own symbol store. Please add an issue saying the symbol path must be customized though INI/Settings.

Notice that you need to manually download the symbols in the symbols tab, x64dbg will not (like visual studio) automatically download symbols from the internet, as it terribly slows down the debugging.

Greetings
__________________
x64dbg: http://x64dbg.com
My Blog: http://mrexodia.cf
Reply With Quote
  #154  
Old 09-20-2014, 11:00
RedBlkJck RedBlkJck is offline
Family
 
Join Date: Oct 2011
Posts: 98
Rept. Given: 66
Rept. Rcvd 80 Times in 43 Posts
Thanks Given: 19
Thanks Rcvd at 6 Times in 5 Posts
RedBlkJck Reputation: 80
Ah ok. I saw from another post in ref to the _NT_SYMBOL_PATH where it looked like the MSDN symbol store would be used.

I looked at using the symstore method but it seemed to be a little more maintenance than I cared to do. I am using symsrv with a local cache stored in a centralized folder. SRV*LocalStore*RemoteStore If the local store has an older cache or the symbol is not present then MSDN is pulled. The initial build up of the cached files slows it down quite a bit but after that it doesn't seem to take very long to load up. Easy enough to use the LocalStore only if needed.

Anyway, yes to be able to control the SymSetSearchPath by the ini file would be much more convenient. Quite a bit of progress since the project started, congrats. Cheers
Reply With Quote
  #155  
Old 09-29-2014, 01:10
rasta rasta is offline
Friend
 
Join Date: Oct 2013
Posts: 37
Rept. Given: 16
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 9
Thanks Rcvd at 6 Times in 5 Posts
rasta Reputation: 7
Do you plan to include some memory search feature like in ollydbg? This is the only missing feature for me so far. Great work.
Reply With Quote
The Following 2 Users Gave Reputation+1 to rasta For This Useful Post:
Mahmoudnia (10-24-2014), obfuscator (10-24-2014)
  #156  
Old 10-25-2014, 18:47
mr.exodia's Avatar
mr.exodia mr.exodia is offline
Super Moderator
 
Join Date: Nov 2011
Posts: 855
Rept. Given: 496
Rept. Rcvd 1,154 Times in 308 Posts
Thanks Given: 92
Thanks Rcvd at 528 Times in 202 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
V2.2ALPHA is out!

Because I started a Bachelor Computer Science I didn't implement all requested features for this version, they are still on the ToDo list though and when I have more time I will try to implement them.

Changelog:
- better JIT Debugger information in the GUI
- JIT commands in the help
- Fixed various TitanEngine bugs
- resolved a crash when calling plugin callbacks
- remove plugins from the internal list on unloading (resolved another crash)
- fixed a bug in SearchListView with searching (strings would disappear)
- do not draw CIP when running
- fixed a bug with copying single byte commands
- fixed the launcher (crashes with compatibility mode)
- move detach command to file menu (+ new icon)
- HW BP on [RSP] is now back (thanks to DragonLoft!)
- show if a jump is going to execute or not in the InfoBox
- fix: Changing a label from an empty value to an empty value shows an error
- breakpoint/bookmark in the symbol view
- advanced change page rights dialog
- clear threads on detach (bugfix)
- fixed a crash in AbstractTableView
- new about dialog
- search for -> command in gui
- fixed deadlock on detaching while a script was running
- fixed a bug in the DbgDisasmFastAt function
- changed some register positions
- go to thread entry option in Thread view
- save user sorting preference for the session
- fixed various possible buffer overflows and other possible bugs
- change commandline of debuggee on the fly
- select next breakpoint on enable/disable
- unicode support (UTF-8)
- register view now has scroll area
- set focus to disassembly on target load
- better scrollbars in InfoBox
- uppercase option now will not uppercase API names
- fixed a bug with duplicate recent files
- changed confusing 'memory leaks found' message
- auto move cursor on toggling BP in reference view
- performance improvement with reading settings

Website:
http://x64dbg.com

Greetings,

Mr. eXoDia
__________________
x64dbg: http://x64dbg.com
My Blog: http://mrexodia.cf
Reply With Quote
The Following 8 Users Gave Reputation+1 to mr.exodia For This Useful Post:
alekine322 (11-10-2014), ali56s (10-28-2014), cjack (10-25-2014), computerline (10-26-2014), copyleft (10-29-2014), Mahmoudnia (10-26-2014), quygia128 (10-30-2014), sh3dow (10-25-2014)
  #157  
Old 10-30-2014, 01:58
0x22 0x22 is offline
Family
 
Join Date: Aug 2014
Posts: 65
Rept. Given: 15
Rept. Rcvd 47 Times in 18 Posts
Thanks Given: 12
Thanks Rcvd at 54 Times in 15 Posts
0x22 Reputation: 47
What can i say other than very nice work, finally someone to pick up the thread on x64.
What I do wonder is though if you can implement a feature so that we can be able to search full memory, all of it at once, like you can in olly for unicode and ascii.

I don't think the feature is there unless im totally braindead and missed it.
If you could add this it would make my life much easier

What do you think?

Thanks in advance!

Last edited by 0x22; 10-30-2014 at 02:18.
Reply With Quote
  #158  
Old 10-30-2014, 02:56
mr.exodia's Avatar
mr.exodia mr.exodia is offline
Super Moderator
 
Join Date: Nov 2011
Posts: 855
Rept. Given: 496
Rept. Rcvd 1,154 Times in 308 Posts
Thanks Given: 92
Thanks Rcvd at 528 Times in 202 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
@0x22: You can search in a single memory section by pressing Ctrl+B in the dump window.

For searching the complete memory: If you can, please code an efficient algorithm to search the complete memory. I tried various things, but they were too slow to be useful.

Greetings
__________________
x64dbg: http://x64dbg.com
My Blog: http://mrexodia.cf
Reply With Quote
  #159  
Old 10-30-2014, 03:32
Carbon Carbon is offline
VIP
 
Join Date: Sep 2013
Posts: 113
Rept. Given: 7
Rept. Rcvd 189 Times in 48 Posts
Thanks Given: 0
Thanks Rcvd at 53 Times in 16 Posts
Carbon Reputation: 100-199 Carbon Reputation: 100-199
Quote:
Originally Posted by mr.exodia View Post
For searching the complete memory: If you can, please code an efficient algorithm to search the complete memory. I tried various things, but they were too slow to be useful.
Maybe you need a video tutorial https://www.youtube.com/watch?v=lwFIC7It3Fc

Sorry couldn't resist
__________________
My blog: https://ntquery.wordpress.com
Reply With Quote
  #160  
Old 10-31-2014, 15:13
quygia128's Avatar
quygia128 quygia128 is offline
Family
 
Join Date: Apr 2011
Location: SomeWhere
Posts: 107
Rept. Given: 233
Rept. Rcvd 182 Times in 47 Posts
Thanks Given: 51
Thanks Rcvd at 11 Times in 7 Posts
quygia128 Reputation: 100-199 quygia128 Reputation: 100-199
hi eXoDia,

why i can't download the latest version from here

check it plz.
Reply With Quote
  #161  
Old 10-31-2014, 15:34
MarcElBichon MarcElBichon is offline
VIP
 
Join Date: Jan 2002
Posts: 200
Rept. Given: 190
Rept. Rcvd 154 Times in 55 Posts
Thanks Given: 75
Thanks Rcvd at 108 Times in 29 Posts
MarcElBichon Reputation: 100-199 MarcElBichon Reputation: 100-199
Smile

Quote:
Originally Posted by quygia128 View Post
hi eXoDia,

why i can't download the latest version from here

check it plz.
Direct link:

Quote:
http://master.dl.sourceforge.net/project/x64dbg/alpha/release/release_022.rar
Reply With Quote
The Following User Gave Reputation+1 to MarcElBichon For This Useful Post:
quygia128 (10-31-2014)
  #162  
Old 11-04-2014, 00:55
elite_r elite_r is offline
Friend
 
Join Date: May 2013
Location: CCCP
Posts: 28
Rept. Given: 1
Rept. Rcvd 14 Times in 10 Posts
Thanks Given: 4
Thanks Rcvd at 18 Times in 10 Posts
elite_r Reputation: 14
Hi mr.exodia. I have a question about the script in x64_dbg on x64 system. I did not find the commands to patch memory of any size, and then I use "mov" - change memory only 8 bytes at once that patch is not suitable. I think to patch a memory of any size is one of the most used functions when writing a script unpacker. Maybe I'm not there watching or if this is not yet supported in the scripts - are there plans to do this in? because scripting without patching - very limited.

Last edited by elite_r; 11-04-2014 at 01:02.
Reply With Quote
  #163  
Old 11-04-2014, 20:09
mr.exodia's Avatar
mr.exodia mr.exodia is offline
Super Moderator
 
Join Date: Nov 2011
Posts: 855
Rept. Given: 496
Rept. Rcvd 1,154 Times in 308 Posts
Thanks Given: 92
Thanks Rcvd at 528 Times in 202 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
@elite_r: Yes, this is something I wanted to add for some time now. Please create an issue at http://issues.x64dbg.com that describes the problem (and a possible solution if you have one).

Greetings
__________________
x64dbg: http://x64dbg.com
My Blog: http://mrexodia.cf
Reply With Quote
  #164  
Old 11-23-2014, 07:29
metal metal is offline
Friend
 
Join Date: Aug 2010
Posts: 11
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
metal Reputation: 1
Actually, I used it to crack some software, it was a real PITA since it kept crashing all the time. If you need more info, I will provide it for you.
Reply With Quote
The Following User Gave Reputation+1 to metal For This Useful Post:
mr.exodia (11-23-2014)
  #165  
Old 11-23-2014, 07:33
mr.exodia's Avatar
mr.exodia mr.exodia is offline
Super Moderator
 
Join Date: Nov 2011
Posts: 855
Rept. Given: 496
Rept. Rcvd 1,154 Times in 308 Posts
Thanks Given: 92
Thanks Rcvd at 528 Times in 202 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
@metal: Please provide as much information as you can on crashes. Please also try the snapshots found here to see if certain issues are maybe already fixed:

https://sourceforge.net/projects/x64dbg/files/snapshots/

@everyone:

We would appreciate screen recordings that show you working with x64dbg to see about the usability of the software (or features people don't know about). These recordings will be kept confidential if desired. I think they would really help to figure out what is needed most for x64dbg in the future.

Greetings,

Mr. eXoDia
__________________
x64dbg: http://x64dbg.com
My Blog: http://mrexodia.cf
Reply With Quote
The Following 3 Users Gave Reputation+1 to mr.exodia For This Useful Post:
cjack (11-23-2014), copyleft (11-23-2014), Youtoo (12-07-2014)
Reply

Tags
bit, debugger, x32, x64, x64_dbg

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
nfd - x64dbg plugin hors Community Tools 2 04-01-2018 08:18
CopyToAsm - x64dbg plugin mrfearless Community Tools 0 03-04-2018 08:36
x64dbg - Find OEP by section hop schrodyn General Discussion 6 01-19-2018 04:31
Q: How can I get this kind of output from X64DBG? Stingered General Discussion 3 01-13-2018 07:15
x64dbg python Storm Shadow Developer Section 6 08-04-2017 15:29


All times are GMT +8. The time now is 07:10.


��ICP��05004977��
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX