EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 06-28-2016, 19:46
Kurapica's Avatar
Kurapica Kurapica is offline
VIP
 
Join Date: Jun 2009
Location: Archives
Posts: 87
Rept. Given: 10
Rept. Rcvd 116 Times in 29 Posts
Thanks Given: 12
Thanks Rcvd at 73 Times in 16 Posts
Kurapica Reputation: 100-199 Kurapica Reputation: 100-199
x64dbg conditional branches logger [Plugin]

Hi

This is just a work in progress so don't expect too much.

Please test it and report if you find bugs.

I use it like this :

First you need 2 break points to trace between, Start and End.

1 - Throw your target in the debugger.

2 - The Start point should break.

3 - Start the plugin.

4 - Enter the name of the module you are interested in, the plugin will try to detect the name where RIP is now.

5 - Enter the target VA, i.e the point where logging should stop, It's your End point from above.


There will be single stepping into this module but if RIP goes out of this module then there will be stepping over

in those external modules unless there is a call back into the that target module then there will be a single step into the target module.


5 - stepping will continue until we hit the 2nd point.

6 - The plugin will show a message box telling we have ended tracing.

7 - now you can save the result to a log file which looks like this in the image below.

8 - you can use any diffing system to compare the results between 2 traces, here I used a plugin for Notepad++.
Attached Images
File Type: jpg 2016_06_25_140922.jpg (1.06 MB, 24 views)
Attached Files
File Type: rar Ktracer.rar (20.4 KB, 24 views)
Reply With Quote
The Following 2 Users Gave Reputation+1 to Kurapica For This Useful Post:
老伙计 (07-22-2016), mr.exodia (07-01-2016)
The Following 6 Users Say Thank You to Kurapica For This Useful Post:
cachito (07-01-2016), niculaita (06-29-2016), Pushad (06-30-2016), TechLord (06-29-2016), uel888 (09-16-2016)
  #2  
Old 07-01-2016, 19:56
Kurapica's Avatar
Kurapica Kurapica is offline
VIP
 
Join Date: Jun 2009
Location: Archives
Posts: 87
Rept. Given: 10
Rept. Rcvd 116 Times in 29 Posts
Thanks Given: 12
Thanks Rcvd at 73 Times in 16 Posts
Kurapica Reputation: 100-199 Kurapica Reputation: 100-199
Bugs fixed and output improved ...

https://s31.postimg.org/9t4ixicy3/2016_07_01_141602.jpg
Attached Files
File Type: rar x64dbg tracer plugin.rar (39.1 KB, 31 views)
Reply With Quote
The Following 4 Users Gave Reputation+1 to Kurapica For This Useful Post:
Fyyre (07-28-2016), Insid3Code (07-01-2016), Kjacky (07-09-2016), tonyweb (07-09-2016)
The Following 6 Users Say Thank You to Kurapica For This Useful Post:
Fyyre (07-28-2016), Kjacky (07-09-2016), mudlord (08-19-2016), niculaita (07-01-2016), TechLord (07-02-2016), user1 (07-03-2016)
  #3  
Old 09-10-2016, 18:47
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Exetools Team Manager
 
Join Date: Feb 2006
Location: Syria
Posts: 955
Rept. Given: 442
Rept. Rcvd 341 Times in 124 Posts
Thanks Given: 82
Thanks Rcvd at 34 Times in 19 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
Question

Hi Kurapica
this is from x64dbg src
do u have any solution for this :
vb.net Marshal List Of Compicated Structure and get Pointer for this List

Quote:
<StructLayout(LayoutKind.Sequential)> Structure ModuleInfo
Public base As Int64
Public size As Int64
Public entry As Int64
Public sectionCount As Integer
<MarshalAs(UnmanagedType.ByValTStr, SizeConst:=MAX_MODULE_SIZE)> Public name As String
<MarshalAs(UnmanagedType.ByValTStr, SizeConst:=MAX_PATH)> Public path As String
End Structure


Public Function cbModuleEnum(ByVal argc As Integer, ByVal argv() As String) As Boolean

Dim ModuleInfo_Strc As New List(Of ModuleInfo)
Dim modlist As IntPtr = Marshal.AllocHGlobal(Marshal.SizeOf(ModuleInfo_Strc)) ' New List(Of ModuleInfo) 'here is the error
Dim s As Boolean = GetList(ModuleInfo_Strc)
Marshal.PtrToStructure(modlist, ModuleInfo_Strc)
Return 1
End Function
Quote:
An unhandled exception of type 'System.ArgumentException' occurred in x.dll

Additional information: Type 'System.Collections.Generic.List`1[x.Script+ModuleInfo]' cannot be marshaled as an unmanaged structure; no meaningful size or offset can be computed.
so what the easy way to solve this problem
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
  #4  
Old 09-16-2016, 01:58
Kurapica's Avatar
Kurapica Kurapica is offline
VIP
 
Join Date: Jun 2009
Location: Archives
Posts: 87
Rept. Given: 10
Rept. Rcvd 116 Times in 29 Posts
Thanks Given: 12
Thanks Rcvd at 73 Times in 16 Posts
Kurapica Reputation: 100-199 Kurapica Reputation: 100-199
Send me a message in private to discuss this problem.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is there anything wrong with OllyDbg's conditional breakpoint BlackWhite General Discussion 4 05-16-2013 00:47
Conditional BPs made easy (wizard style) Rhodium General Discussion 5 01-04-2006 00:17
Olly conditional BP syntax? Rhodium General Discussion 2 07-20-2004 20:30
Olly conditional breakpoint help Rhodium General Discussion 9 07-21-2003 14:19


All times are GMT +8. The time now is 20:25.


苏ICP备05004977号
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX