Exetools  

Go Back   Exetools > General > Developer Section

Notices

View Poll Results: Would you use this debugger?
Yes (mainly x32) 88 28.30%
Not at all 23 7.40%
Yes, if it gets better (please post feature suggestions) 88 28.30%
Yes (mainly x64) 112 36.01%
Voters: 311. You may not vote on this poll

Reply
 
Thread Tools Display Modes
  #211  
Old 07-23-2015, 01:35
Syoma Syoma is offline
reverse engineer
 
Join Date: May 2009
Posts: 338
Rept. Given: 35
Rept. Rcvd 77 Times in 50 Posts
Thanks Given: 15
Thanks Rcvd at 78 Times in 51 Posts
Syoma Reputation: 77
I am not olly pro, so let me ask few questions about x64dbg?
1. Minor. Does it have sync option between tabs. So, if I stopped at some EIP I can switch to memory map and see synced memory region line active, not the top one.
Example: I stopped at 18001234 switch to Memory Map and see 18000000 active and it is .text of test.dll

2. Minor. Is there an option show Export names in comments?
Example: I stopped at 18001234 and see in comments column: test.dll!DllMain

3. Major. How can I point DLL of interest, but start test.exe instead of DLLLoaderXXX.exe? I changed the command line and restarted debug, but the command line reset as well. I suppose it changes only environment data, not the .exe.

4. Crit. Extend the Q3. Is it possible to debug 64-bit DLL and use .net .exe as loader? If I try to point .exe as target x64dbg says "Use 32-bit debugger". I think it is not my case.

5. Idea. Any plans to make it interactive like IDA? Or at least split the code flow blocks with empty lines.
Reply With Quote
  #212  
Old 07-26-2015, 09:38
rcer rcer is offline
Friend
 
Join Date: Dec 2008
Posts: 163
Rept. Given: 5
Rept. Rcvd 9 Times in 8 Posts
Thanks Given: 4
Thanks Rcvd at 24 Times in 20 Posts
rcer Reputation: 9
I am trying find the encryption seeds from a 64bit daemon, and have only experience using Ollydbg, which doesn't debug x64 binaries.

So I started using x64_dbg, but this debugger does not have a field where you can input any arguments such as "-t computer-name 4 –c license.lic"

I tried

x64_dgb "C:\FullPathTo\File.exe" parm1 parm2 -3 -4 -debug


x64_dgb "C:\FullPathTo\File.exe" -t computer-name 4 –c license.lic

and using InitDebug & setcommandline, but none of these pass the arguments -t computer_name 4 -c license.lic to the debugger

Can anybody tell me how to pass on arguments to this debugger?

rgds
Reply With Quote
  #213  
Old 07-28-2015, 08:36
rcer rcer is offline
Friend
 
Join Date: Dec 2008
Posts: 163
Rept. Given: 5
Rept. Rcvd 9 Times in 8 Posts
Thanks Given: 4
Thanks Rcvd at 24 Times in 20 Posts
rcer Reputation: 9
Any help please?
Reply With Quote
  #214  
Old 07-29-2015, 04:57
NytroRST NytroRST is offline
Guest
 
Join Date: Oct 2014
Posts: 2
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
NytroRST Reputation: 0
Just tested it on x64 - Google Chrome. Immunity crashed for some reason, but this helped me a lot!
Reply With Quote
  #215  
Old 09-03-2015, 12:05
yoza's Avatar
yoza yoza is offline
Moderator
 
Join Date: Aug 2015
Location: Himalaya
Posts: 255
Rept. Given: 97
Rept. Rcvd 255 Times in 90 Posts
Thanks Given: 373
Thanks Rcvd at 1,623 Times in 218 Posts
yoza Reputation: 200-299 yoza Reputation: 200-299 yoza Reputation: 200-299
I always use your x64_dbg.
It helped me a lot! It's a great and a masterpiece creation.

Thank you mr.exodia...

Best regards,
-=yoza=-
Reply With Quote
  #216  
Old 09-03-2015, 12:12
TechLord TechLord is offline
Banned User
 
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 761
Rept. Given: 384
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 789
Thanks Rcvd at 2,022 Times in 571 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
Quote:
I always use your x64_dbg.
It helped me a lot! It's a great and a masterpiece creation.
Yes, I also use it a lot, especially on 64-bit systems along with ScyllaHide and it works like a charm !

Certainly helps a lot , with newer programs whose anti-debugging mechanisms simply check for OLLY , but don't check for this debugger

Please continue your development on this mr.exodia ...
Reply With Quote
  #217  
Old 09-22-2015, 01:55
Hero Hero is offline
VIP
 
Join Date: Jan 2005
Posts: 224
Rept. Given: 2
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 4
Thanks Rcvd at 2 Times in 2 Posts
Hero Reputation: 1
I wonder if it is possible to call a dll export when we load dll in x64dbg(similar to olly).
Does anyone know if this is possible? I were not able to find this myself.
__________________
I should look out my posts,or JMI gets mad on me!
Reply With Quote
  #218  
Old 09-22-2015, 03:08
Syoma Syoma is offline
reverse engineer
 
Join Date: May 2009
Posts: 338
Rept. Given: 35
Rept. Rcvd 77 Times in 50 Posts
Thanks Given: 15
Thanks Rcvd at 78 Times in 51 Posts
Syoma Reputation: 77
May be use "Set origin here" to change EIP after break on retn in DllMain.
Reply With Quote
  #219  
Old 09-22-2015, 07:13
mr.exodia mr.exodia is offline
Retired Moderator
 
Join Date: Nov 2011
Posts: 784
Rept. Given: 492
Rept. Rcvd 1,122 Times in 305 Posts
Thanks Given: 90
Thanks Rcvd at 711 Times in 333 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
Hello,

Syoma is right, you can do something like setting the EIP. Another method is to simply code a small DLL loader that does something like this:

Code:
#include <windows.h>

int main() {
    HINSTANCE hInst = LoadLibraryA("x32gui.dll");
    typedef int (*GUIGUIINIT)(int, char**);
    GUIGUIINIT _gui_guiinit = (GUIGUIINIT)GetProcAddress(hInst, "_gui_guiinit");
    int result = _gui_guiinit(0, nullptr);
    return 0;
}
Hope this helps,

Mr. eXoDia
Reply With Quote
The Following User Says Thank You to mr.exodia For This Useful Post:
b30wulf (09-24-2015)
  #220  
Old 09-22-2015, 17:00
Hero Hero is offline
VIP
 
Join Date: Jan 2005
Posts: 224
Rept. Given: 2
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 4
Thanks Rcvd at 2 Times in 2 Posts
Hero Reputation: 1
Quote:
Originally Posted by mr.exodia View Post
Hello,

Syoma is right, you can do something like setting the EIP. Another method is to simply code a small DLL loader that does something like this:

Code:
#include <windows.h>

int main() {
    HINSTANCE hInst = LoadLibraryA("x32gui.dll");
    typedef int (*GUIGUIINIT)(int, char**);
    GUIGUIINIT _gui_guiinit = (GUIGUIINIT)GetProcAddress(hInst, "_gui_guiinit");
    int result = _gui_guiinit(0, nullptr);
    return 0;
}
Hope this helps,

Mr. eXoDia
Hi

Thanks for reply.
These 2 ways were somehow obvious and I already have done it this way.
But I thought there may be an easy for it like olly, because it somehow a useful option for debugging DLLs.
Maybe I write its plugin my own.

Regards
__________________
I should look out my posts,or JMI gets mad on me!
Reply With Quote
The Following User Gave Reputation+1 to Hero For This Useful Post:
The Following User Says Thank You to Hero For This Useful Post:
b30wulf (09-24-2015)
  #221  
Old 09-23-2015, 07:11
mr.exodia mr.exodia is offline
Retired Moderator
 
Join Date: Nov 2011
Posts: 784
Rept. Given: 492
Rept. Rcvd 1,122 Times in 305 Posts
Thanks Given: 90
Thanks Rcvd at 711 Times in 333 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
Yea, a plugin sounds cool. Feel free to drop me a message if you need help.
Reply With Quote
  #222  
Old 10-16-2015, 16:37
deroko's Avatar
deroko deroko is offline
cr4zyserb
 
Join Date: Nov 2005
Posts: 217
Rept. Given: 13
Rept. Rcvd 30 Times in 14 Posts
Thanks Given: 7
Thanks Rcvd at 33 Times in 16 Posts
deroko Reputation: 30
Just a quick q, why not implementing python as script instead of developing own scripting language?
__________________
http://accessroot.com
Reply With Quote
The Following User Says Thank You to deroko For This Useful Post:
Storm Shadow (10-17-2015)
  #223  
Old 10-16-2015, 23:03
mr.exodia mr.exodia is offline
Retired Moderator
 
Join Date: Nov 2011
Posts: 784
Rept. Given: 492
Rept. Rcvd 1,122 Times in 305 Posts
Thanks Given: 90
Thanks Rcvd at 711 Times in 333 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
At the time it seemed more logical to do an olly script like language. Right now there is someone working on python.
Reply With Quote
The Following User Says Thank You to mr.exodia For This Useful Post:
Storm Shadow (10-17-2015)
  #224  
Old 10-18-2015, 19:32
u_f_o u_f_o is offline
Friend
 
Join Date: Feb 2005
Posts: 33
Rept. Given: 19
Rept. Rcvd 7 Times in 5 Posts
Thanks Given: 10
Thanks Rcvd at 12 Times in 9 Posts
u_f_o Reputation: 7
Quote:
Originally Posted by rcer View Post
...
Can anybody tell me how to pass on arguments to this debugger?
i need an answer too.
as i think it is impossible to pass arguments now,
but maybe are some plans to add this possibility to x64_dbg?
or advise other debugger for x64.
Reply With Quote
  #225  
Old 10-18-2015, 19:58
Syoma Syoma is offline
reverse engineer
 
Join Date: May 2009
Posts: 338
Rept. Given: 35
Rept. Rcvd 77 Times in 50 Posts
Thanks Given: 15
Thanks Rcvd at 78 Times in 51 Posts
Syoma Reputation: 77
IDA Pro is also nice for x64.
Reply With Quote
Reply

Tags
bit, debugger, x32, x64, x64_dbg

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
AdvancedScript x64dbg Plugin ahmadmansoor Developer Section 14 10-15-2019 00:35
DBG2AP - x64dbg plugin Agmcz Community Tools 1 06-15-2019 07:14
nfd - x64dbg plugin hors Community Tools 2 04-01-2018 08:18
CopyToAsm - x64dbg plugin mrfearless Community Tools 0 03-04-2018 08:36
x64dbg python Storm Shadow Developer Section 6 08-04-2017 15:29


All times are GMT +8. The time now is 17:26.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )