EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > Developer Section

Notices

View Poll Results: Would you use this debugger?
Yes (mainly x32) 72 29.63%
Not at all 22 9.05%
Yes, if it gets better (please post feature suggestions) 79 32.51%
Yes (mainly x64) 70 28.81%
Voters: 243. You may not vote on this poll

Reply
 
Thread Tools Display Modes
  #211  
Old 07-23-2015, 01:35
Syoma Syoma is offline
reverse engineer
 
Join Date: May 2009
Posts: 338
Rept. Given: 35
Rept. Rcvd 77 Times in 50 Posts
Thanks Given: 15
Thanks Rcvd at 48 Times in 27 Posts
Syoma Reputation: 77
I am not olly pro, so let me ask few questions about x64dbg?
1. Minor. Does it have sync option between tabs. So, if I stopped at some EIP I can switch to memory map and see synced memory region line active, not the top one.
Example: I stopped at 18001234 switch to Memory Map and see 18000000 active and it is .text of test.dll

2. Minor. Is there an option show Export names in comments?
Example: I stopped at 18001234 and see in comments column: test.dll!DllMain

3. Major. How can I point DLL of interest, but start test.exe instead of DLLLoaderXXX.exe? I changed the command line and restarted debug, but the command line reset as well. I suppose it changes only environment data, not the .exe.

4. Crit. Extend the Q3. Is it possible to debug 64-bit DLL and use .net .exe as loader? If I try to point .exe as target x64dbg says "Use 32-bit debugger". I think it is not my case.

5. Idea. Any plans to make it interactive like IDA? Or at least split the code flow blocks with empty lines.
Reply With Quote
  #212  
Old 07-26-2015, 09:38
rcer rcer is offline
Friend
 
Join Date: Dec 2008
Posts: 122
Rept. Given: 5
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 4
Thanks Rcvd at 2 Times in 2 Posts
rcer Reputation: 7
I am trying find the encryption seeds from a 64bit daemon, and have only experience using Ollydbg, which doesn't debug x64 binaries.

So I started using x64_dbg, but this debugger does not have a field where you can input any arguments such as "-t computer-name 4 –c license.lic"

I tried

x64_dgb "C:\FullPathTo\File.exe" parm1 parm2 -3 -4 -debug


x64_dgb "C:\FullPathTo\File.exe" -t computer-name 4 –c license.lic

and using InitDebug & setcommandline, but none of these pass the arguments -t computer_name 4 -c license.lic to the debugger

Can anybody tell me how to pass on arguments to this debugger?

rgds
Reply With Quote
  #213  
Old 07-28-2015, 08:36
rcer rcer is offline
Friend
 
Join Date: Dec 2008
Posts: 122
Rept. Given: 5
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 4
Thanks Rcvd at 2 Times in 2 Posts
rcer Reputation: 7
Any help please?
Reply With Quote
  #214  
Old 07-29-2015, 04:57
NytroRST NytroRST is offline
Friend
 
Join Date: Oct 2014
Posts: 2
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
NytroRST Reputation: 0
Just tested it on x64 - Google Chrome. Immunity crashed for some reason, but this helped me a lot!
Reply With Quote
  #215  
Old 09-03-2015, 12:05
yoza's Avatar
yoza yoza is offline
Moderator
 
Join Date: Aug 2015
Location: Himalaya
Posts: 124
Rept. Given: 22
Rept. Rcvd 148 Times in 49 Posts
Thanks Given: 99
Thanks Rcvd at 574 Times in 87 Posts
yoza Reputation: 100-199 yoza Reputation: 100-199
I always use your x64_dbg.
It helped me a lot! It's a great and a masterpiece creation.

Thank you mr.exodia...

Best regards,
-=yoza=-
Reply With Quote
  #216  
Old 09-03-2015, 12:12
TechLord TechLord is offline
Banned User
 
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 789
Rept. Given: 389
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 811
Thanks Rcvd at 1,797 Times in 478 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
Quote:
I always use your x64_dbg.
It helped me a lot! It's a great and a masterpiece creation.
Yes, I also use it a lot, especially on 64-bit systems along with ScyllaHide and it works like a charm !

Certainly helps a lot , with newer programs whose anti-debugging mechanisms simply check for OLLY , but don't check for this debugger

Please continue your development on this mr.exodia ...
Reply With Quote
  #217  
Old 09-22-2015, 01:55
Hero Hero is offline
VIP
 
Join Date: Jan 2005
Posts: 221
Rept. Given: 2
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 3
Thanks Rcvd at 2 Times in 2 Posts
Hero Reputation: 1
I wonder if it is possible to call a dll export when we load dll in x64dbg(similar to olly).
Does anyone know if this is possible? I were not able to find this myself.
__________________
I should look out my posts,or JMI gets mad on me!
Reply With Quote
  #218  
Old 09-22-2015, 03:08
Syoma Syoma is offline
reverse engineer
 
Join Date: May 2009
Posts: 338
Rept. Given: 35
Rept. Rcvd 77 Times in 50 Posts
Thanks Given: 15
Thanks Rcvd at 48 Times in 27 Posts
Syoma Reputation: 77
May be use "Set origin here" to change EIP after break on retn in DllMain.
Reply With Quote
  #219  
Old 09-22-2015, 07:13
mr.exodia's Avatar
mr.exodia mr.exodia is offline
Super Moderator
 
Join Date: Nov 2011
Posts: 855
Rept. Given: 496
Rept. Rcvd 1,154 Times in 308 Posts
Thanks Given: 92
Thanks Rcvd at 528 Times in 202 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
Hello,

Syoma is right, you can do something like setting the EIP. Another method is to simply code a small DLL loader that does something like this:

Code:
#include <windows.h>

int main() {
    HINSTANCE hInst = LoadLibraryA("x32gui.dll");
    typedef int (*GUIGUIINIT)(int, char**);
    GUIGUIINIT _gui_guiinit = (GUIGUIINIT)GetProcAddress(hInst, "_gui_guiinit");
    int result = _gui_guiinit(0, nullptr);
    return 0;
}
Hope this helps,

Mr. eXoDia
__________________
x64dbg: http://x64dbg.com
My Blog: http://mrexodia.cf
Reply With Quote
The Following User Says Thank You to mr.exodia For This Useful Post:
b30wulf (09-24-2015)
  #220  
Old 09-22-2015, 17:00
Hero Hero is offline
VIP
 
Join Date: Jan 2005
Posts: 221
Rept. Given: 2
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 3
Thanks Rcvd at 2 Times in 2 Posts
Hero Reputation: 1
Quote:
Originally Posted by mr.exodia View Post
Hello,

Syoma is right, you can do something like setting the EIP. Another method is to simply code a small DLL loader that does something like this:

Code:
#include <windows.h>

int main() {
    HINSTANCE hInst = LoadLibraryA("x32gui.dll");
    typedef int (*GUIGUIINIT)(int, char**);
    GUIGUIINIT _gui_guiinit = (GUIGUIINIT)GetProcAddress(hInst, "_gui_guiinit");
    int result = _gui_guiinit(0, nullptr);
    return 0;
}
Hope this helps,

Mr. eXoDia
Hi

Thanks for reply.
These 2 ways were somehow obvious and I already have done it this way.
But I thought there may be an easy for it like olly, because it somehow a useful option for debugging DLLs.
Maybe I write its plugin my own.

Regards
__________________
I should look out my posts,or JMI gets mad on me!
Reply With Quote
The Following User Gave Reputation+1 to Hero For This Useful Post:
The Following User Says Thank You to Hero For This Useful Post:
b30wulf (09-24-2015)
  #221  
Old 09-23-2015, 07:11
mr.exodia's Avatar
mr.exodia mr.exodia is offline
Super Moderator
 
Join Date: Nov 2011
Posts: 855
Rept. Given: 496
Rept. Rcvd 1,154 Times in 308 Posts
Thanks Given: 92
Thanks Rcvd at 528 Times in 202 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
Yea, a plugin sounds cool. Feel free to drop me a message if you need help.
__________________
x64dbg: http://x64dbg.com
My Blog: http://mrexodia.cf
Reply With Quote
  #222  
Old 10-16-2015, 16:37
deroko's Avatar
deroko deroko is offline
cr4zyserb
 
Join Date: Nov 2005
Posts: 216
Rept. Given: 13
Rept. Rcvd 30 Times in 14 Posts
Thanks Given: 7
Thanks Rcvd at 23 Times in 11 Posts
deroko Reputation: 30
Just a quick q, why not implementing python as script instead of developing own scripting language?
__________________
http://accessroot.com
Reply With Quote
The Following User Says Thank You to deroko For This Useful Post:
Storm Shadow (10-17-2015)
  #223  
Old 10-16-2015, 23:03
mr.exodia's Avatar
mr.exodia mr.exodia is offline
Super Moderator
 
Join Date: Nov 2011
Posts: 855
Rept. Given: 496
Rept. Rcvd 1,154 Times in 308 Posts
Thanks Given: 92
Thanks Rcvd at 528 Times in 202 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
At the time it seemed more logical to do an olly script like language. Right now there is someone working on python.
__________________
x64dbg: http://x64dbg.com
My Blog: http://mrexodia.cf
Reply With Quote
The Following User Says Thank You to mr.exodia For This Useful Post:
Storm Shadow (10-17-2015)
  #224  
Old 10-18-2015, 19:32
u_f_o u_f_o is offline
Friend
 
Join Date: Feb 2005
Posts: 32
Rept. Given: 19
Rept. Rcvd 7 Times in 5 Posts
Thanks Given: 6
Thanks Rcvd at 10 Times in 7 Posts
u_f_o Reputation: 7
Quote:
Originally Posted by rcer View Post
...
Can anybody tell me how to pass on arguments to this debugger?
i need an answer too.
as i think it is impossible to pass arguments now,
but maybe are some plans to add this possibility to x64_dbg?
or advise other debugger for x64.
Reply With Quote
  #225  
Old 10-18-2015, 19:58
Syoma Syoma is offline
reverse engineer
 
Join Date: May 2009
Posts: 338
Rept. Given: 35
Rept. Rcvd 77 Times in 50 Posts
Thanks Given: 15
Thanks Rcvd at 48 Times in 27 Posts
Syoma Reputation: 77
IDA Pro is also nice for x64.
Reply With Quote
Reply

Tags
bit, debugger, x32, x64, x64_dbg

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
nfd - x64dbg plugin hors Community Tools 2 04-01-2018 08:18
CopyToAsm - x64dbg plugin mrfearless Community Tools 0 03-04-2018 08:36
x64dbg - Find OEP by section hop schrodyn General Discussion 6 01-19-2018 04:31
Q: How can I get this kind of output from X64DBG? Stingered General Discussion 3 01-13-2018 07:15
x64dbg python Storm Shadow Developer Section 6 08-04-2017 15:29


All times are GMT +8. The time now is 15:50.


��ICP��05004977��
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX