x64dbg

[mrexodia]

Hi everyone,
 
Maybe some of you heard it already, but Sigma and I are working on an x32/x64 debugger for Windows for a few months now... The debugger currently has the following features:

• variables, currently command-based only
• basic calculations, can be used in the goto window and in the register edit window. Example: var*@401000+(.45^4A)
• software breakpoints (INT3, LONG INT3, UD2), currently command-only (just type 'bp addr')
• hardware breakpoints (access, write, execute), also command-only
• stepping (over, into, out, n instructions), can be done with buttons/shortcuts
• memory allocation/deallocation inside the debuggee
• quickly access API adresses (bp GetProcAddress)
• syntax highlighting, currently not customizable
• simple memory map (just addr+size+module+protection basically)

The debugger has an easy GUI, for which we looked a lot at Olly
 

 
Debug engine is TitanEngine, disassembler BeaEngine, icons are from various sources (see About dialog). We use QT for the GUI part.
 
If you have a suggestion, a bug report, need more info, want to contribute, just post here or send me a private message.
 
The latest public build + source can always be found on http://x64dbg.com (click 'Source'->'bin_public') to download the latest build. For now, you can also download the first 'alpha' here
 
We would love to hear from you!
 
Greetings,
 
Mr. eXoDia & Sigma

Edited December 30, 2015 by Mr. eXoDia

[Dragon Palace]

mayby name to eXoDia's x86 & x64 debugger fells better, what do you think so?

Edited October 28, 2013 by chixiaojie

[Artic]

@mr exodia - where should i look for the helpfile? its included int he bin_release folder?

yes it takes all time - already a dope debugger.

one cant imagine how long it takes to write something like a debugger. 

 

keep it up!

[mrexodia]

New release available in public_bin.

Changelog:

- added Scylla 'plugin' (start scylla with the current process/dll you have loaded)

- fixed many GUI bugs (redraw bugs etc), by Sigma

- fixed this disassembly bug with truncated QWORDS

Download in the repo

Greetings

[mrexodia]

Fully cleaned up the repo, added many features & fixed the bug from cyberbob.

 

Versioning is still kind of odd, but the next release will be 0.2alpha

 

[This is a new version of this repository. The old version can be found ][here: https://bitbucket.org/mrexodia/x64_dbg_old                       ]This is a x64/x32 debugger that is currently in active development.The debugger has (currently) three parts:- DBG- GUI- BridgeDBG is the debugging part of the debugger. It handles debugging (usingTitanEngine) and will provide data for the GUI.GUI is the graphical part of the debugger. It is built on top of Qt and itprovides the user interaction, the dump window (not yet implemented), thedisassembly, the register window, the memory map view, the log view etc.Bridge is the communication library for the DBG and GUI part (and maybe inthe future more parts). The bridge can be used to work on new features,without having to update the code of the other parts.Right now the debugger supports the following features:- variables (with regard to the upcoming script feature)- basic calculations (var*@401000+.45^4A)- hide debugger (very basic)- software breakpoints (INT3, LONG INT3, UD2)- memory breakpoints (read, write, execute)- hardware breakpoints (access, write, execute)- stepping (into, over, n instructions)- rtr (return from function)- memory allocation/deallocation in the debuggee- quickly accessing API addresses (GetProcAddress->76E13620)- highlighting (not yet customizable, but really helpful)- memory map- basic module labeling- import reconstruction (plugin using Scylla)- drag&drop files- goto window- register/flags view with editing support- quite fast working in really big code pages (tested up to 5GB)- GUI hotkeys- dynamic jump arrow (just like OllyDbg)Known bugs are:- hardware breakpoints do not work properly on x64 (TitanEngine bug)- sometimes the disassembly view is not updated (click anywhere to solve)- ??? (please report)The debugger core is based on TitanEngine (an updated version,https://bitbucket.org/mrexodia/titanengine-update)Disassembly powered by BeaEngine (http://beaengine.org/).The icon is taken from VisualPharm (http://www.visualpharm.com/)Special thanks:- acidflash- Ahmadmansoor- EXETools community- Tuts4You communityGreetings,Mr. eXoDia & Sigma

[mrexodia]

Updated to v0.2Alpha:

- GUI hotkeys

- user databases for labels/comments/breakpoints (*.dd64 or *.dd32 files)

- easy context menu in disassembly (to set breakpoints etc)

- many bugfixes

- edit: symbol support (especially for cyberbob)

Greetings,

Mr. eXoDia & Sigma

PS Please report bugs if you find any, we will fix it as soon as we can.

PS2 Plugin support is coming after we consider the disassembly view 'stable'

Edited November 19, 2013 by Mr. eXoDia

[Artic]

in which folder on the bitbucket page i should look for this update?

 

thanks!

Edited November 20, 2013 by Artic

[mrexodia]

Hi,

Sorry.. I didnt tell. It in the downloads tab

[mrexodia]

Hi everybody,

Today a small release (V0.03ALPHA) with the following important changes:

- fixed many bugs

- more context menu options (you can now select a HWBP to replace when DRX is full)

- bookmarks (ctrl+d)

- plugin support

- user database is stable, so your labels+comments+bookmarks+breakpoints are saved automatically

Download here: https://bitbucket.org/mrexodia/x64_dbg/downloads

Greetings,

Mr. eXoDia & Sigma

PS If you have questions (about plugin support) or want to contribute in some way, feel free to contact me

[mrexodia]

Quick release v0.4alpha

Changelog:

- fixed many, many bugs

- added function analysis (currently manual, select some data, press SHIFT+F)

- attach attach feature (little problems when you close x64_dbg, but works)

- pageup/pagedown in disassembly

- string detection (very basic, no support for UNICODE yet)

- ??? probably some more improvements, check BitBucket for a full changelog

We are working on the dump/stack windows, but as Sigma is offline for some time now already I decided to do a quick release in between. Hopefully there will be a dump+stack window in the next release...

Detach feature currently has problems, so it will not work. Probably this has to do with TitanEngine and it's DebugLoop function, but more investigation is required.

Focus on the DBG side of the project will be adding support for loop highlighting, also manual and a good API that allows creation of analysis plugins.

Screenshot:

Happy new year everyone!

Mr. eXoDia

Edited December 28, 2013 by Mr. eXoDia

[Hellsp@wn]

very good! but need more functionality

- dump (follow, edit and ect)

- stack (esp/ebp follow, edit and ect)

- memory map (search, edit and ect)

Edited January 10, 2014 by Hellsp@wn

[mrexodia]

v0.5alpha out!

Main improvements:

- draft implementation of hex dump (by Sigma)

- bugfixes

- generates crash dumps on crash

Download: https://bitbucket.org/mrexodia/x64_dbg/downloads

Next on the todo list are: scripting support, working dump, improved plugin support

Greetings

[mrexodia]

V0.6ALPHA Released!

Changelog:

- scripting support (using the debug commands)

Just post here when you need a certain script command, I know other stuff isn't finished yet, but I'm waiting for Sigma to come back online so we can continue with the HEX dump etc.

Download:

https://bitbucket.org/mrexodia/x64_dbg/downloads

Greetings,

Mr. eXoDia

[mrexodia]

V0.7ALPHA Released!

Changelog:

- many fixes with the scripting support

- added many general purpose commands (see help)

- added some script commands (msg and msgyn)

Download:

https://bitbucket.org/mrexodia/x64_dbg/downloads

Greetings,

Mr. eXoDia

[Loki]

Awesome - this x64 version doesnt crash anymore

Edited February 13, 2014 by Loki

[mrexodia]

@Loki: great to hear that! this version should crash even less, because it's thread-safe...

We are working hard on the features requested, they are all on the todo list.

V0.8ALPHA Released!

Changelog:

- DBG: fixed a bug when stopping the currently debugged file

- DBG: fixed a problem with the output symbols

- DBG: undecorated symbol names

- DBG: resolved issue #34 (no more random crashes)

- DBG: added step until return (thanks to RaMMicHaeL for the suggestion)

- GUI: updated breakpoint view to display label+comment

- DBG: fixed a small bug in DebugDisableBPX

- DBG: breakpoint list contains module names without extension

- BRIDGE: changed BridgeAlloc to use WINAPI

- DBG: changed emalloc to use WINAPI

- GUI: added GPUStack files

- GUI: Fixed a display bug in the disassembly

Download:

https://bitbucket.org/mrexodia/x64_dbg/downloads

Greetings,

Mr. eXoDia

[White]

Hi,Mr. eXoDia

 

There is a crashdump.Just add a lebal operation,include a pic.

 

crashdumps.rar

[mrexodia]

@White: thanks for your report! it should be fixed now

V0.9ALPHA Released:

- added symbol viewer

- fixed many memory leaks and random crashes (hopefully the random crashes will stay away now)

- added recent file list (thanks to durazell!)

- everything compiled with MSVC2010, also fixed some crashes, don't know why, create a fresh installation

- simple tabbed layout (will be extended later)

Download:

https://bitbucket.org/mrexodia/x64_dbg/downloads

Greetings,

Mr. eXoDia

Edited February 19, 2014 by Mr. eXoDia

[White]

Hi,Mr.eXoDia.

 

I found two another problems.

 

One is about hardware breakpoint,I set a harware breakpint in the CPU window,it cannot be deleted in the BreakPoint window,and there is also no VA address and Module name in that list.Software breakpoint does not.

The other is Expression.I drag the "test.exe" file to x32_dbg,and its IB is 0x00401000,but if I enter a high address like 00900000abcd,it still shows correct .

 

Edited February 19, 2014 by White、、

[Hellsp@wn]

nice!  i already unpack themida x64. but very necessary working memory dump window 

Edited February 22, 2014 by Hellsp@wn

[mrexodia]

V1.0ALPHA Released!

 

Changelog:

- better symbol searching

- draft of the reference window (currently only manually adding references using the commands 'refinit' and 'refadd addr,label'

- Sigma fixed the dump window! (dump using the 'dump addr' command)

- small bugfixes

 

Download:

https://bitbucket.org/mrexodia/x64_dbg/downloads

 

Greetings,

 

Mr. eXoDia

 

PS We are still looking for more developers who have some time left to work on this project, please contact me.

[Artic]

@Hellsp@wn: Will be fixed in the next release probably.

@Artic: The GUI part is done, which means there is a searchable list programmable through a simple API, but I have to create a more stable (and especially faster) disassembling translation engine, which will take quite some time. I already got string search working, but it took 20 minutes to search ntdll.dll's code section

Greetings

lol 20 mins 

awesome, just give it time, it should work perfect smooth and stable.

[mrexodia]

v1.1ALPHA Is out (just release 11)

Changelog:

- simple stack view (no interaction yet, sorry)

- small bugfixes

Download:

https://bitbucket.org/mrexodia/x64_dbg/downloads

Greetings,

Mr. eXoDia

PS Just a small snapshot of this weekend, hopefully there will be some context menus later this week.

[converse]

@Mr. eXoDia

in the future will support both scripts and plugins as Strong, Phantom?

[Aguila]

@Mr. eXoDia

 

I think I have some free time left. Maybe I could help somehow. I don't know anything about Qt and I don't want to learn it to be honest. So I could do anything except GUI/Qt development. Tell me if you have some "job" for me.