x64dbg

[White]

@Mr.eXoDia

yep,later I just change 019 to 020,and got it.

[mrexodia]

v2.1

- plugin directory will be created automatically for a more obvious reason to put plugins there

- find command is now implemented

- you can now copy selection in the disassembly

- middle mouse in dump copies the currently selected address

- fixed an issue with segments being incorrectly disassembled in the assemble dialog

- double click on address in dump/stack will enable relative view

- fixed a crash with very big commands

- fixed a performance issue in AppearanceDialog

- threaded calls to resolveExpression for a smoother user experience in the goto/value dialog

- fixed resizing columns

- fixed scroll bar in memory map

- alternative memory map view

- horizontal scroll bar now implemented

- fixed a bug with highlighting tokens

- infobox with follow in dump menu and string/character/label recognition

- follow in dump context menu

- attach dialog + detach option in menu

- automatically stop debugging when trying to attach/initialize when still in a session

- fixed selection bugs in the dump/stack

- allow selection in the stack everywhere, not just in the data

- resolved some memory leaks

- JIT Debugger support

- select first module when opening the patch dialog

- fixed API resolving

- status bar messages instead of message boxes when saving settings

- donation button in help

- added calculator to help menu (fully supports expressions used in the command bar)

- fixed deleting disabled breakpoints

- option to download symbols from the microsoft symbol store

- allow to enable/disable hardware/memory breakpoints

- fixed hardware breakpoints (they wouldn't restore)

- fixed function end drawing on instructions with 2 or more bytes

- differentiate between system and attach breakpoint in options

- check file architecture before debugging (now x32 DLLs wont load in x64_dbg)

- added option to display autocomments only on CIP

- launcher (start launcher.exe to register shell extension)

- thread switching + more in the threads tab

- fixed double click events

- fixed a bug with signed/unsigned values in WordEditDialog

- fixed various interface bugs in the table view

- allow customize shortcuts

- updated credits

- updated help

- added CB_WINEVENT_GLOBAL callback

- fixed possible crashes with string conversion

Website:

http://x64dbg.com

Greetings,

Mr. eXoDia

[Deniskore]

Can you add auto completion for functions to expression window?

Edited August 10, 2014 by Deniskore

[mrexodia]

@Deniscore: I looked into this. It's possible, but it will double the memory usage of x64dbg because it has to store all the exports/symbols twice. If you have a lot of memory I will make an option to enable this.

Greetings

[Steller]

Two things i have noticed.

 

(1) I can't change the height of the column and so i can't read all the information.

 

(2) If the mousecursor is on this area you can't scroll.

 

 

Sugestion:

It would be nice if you seperate the different references (Strings, Intermodular Calls...) so you must not search ever and ever again.

If you follow a jump,call...it would be nice if you can jump back to the previouse position like in Web-Browsers.

 

Question:

Is it possible to save a project with comments, breakpoints and stuff?

 

[cypher]

With -/+ you can go up/down calls/jmps

Comments/labels/break points are saved already

[tutsdzzb]

i think it doesn't support  Unicode Path...

eg Simplified Chinese: "C:\DZ破解计算器.ExE" --When i open the file, the Dbg show 'File dose not exist'

 

[FILIPOVIC]

qt framework is the best

[setrst]

is download.x64dbg.com down or it just me?

can someone share a link for 2.1 alpha?

 

Thanks.

 

Edit: I've found it: http://rsload.net/noload/files/054/rsload.net.x64.dbg.v2.1.Alpha.zip

Edited August 20, 2014 by setrst

[mrexodia]

The official link is here, I don't provide support for other links.

http://sourceforge.net/projects/x64dbg/

Greetings

[f4ckvirus]

great work

[mrexodia]

V2.2ALPHA is out!

Because I started a Bachelor Computer Science I didn't implement all requested features for this version, they are still on the ToDo list though and when I have more time I will try to implement them.

Changelog:

- better JIT Debugger information in the GUI

- JIT commands in the help

- Fixed various TitanEngine bugs

- resolved a crash when calling plugin callbacks

- remove plugins from the internal list on unloading (resolved another crash)

- fixed a bug in SearchListView with searching (strings would disappear)

- do not draw CIP when running

- fixed a bug with copying single byte commands

- fixed the launcher (crashes with compatibility mode)

- move detach command to file menu (+ new icon)

- HW BP on [RSP] is now back (thanks to DragonLoft!)

- show if a jump is going to execute or not in the InfoBox

- fix: Changing a label from an empty value to an empty value shows an error

- breakpoint/bookmark in the symbol view

- advanced change page rights dialog

- clear threads on detach (bugfix)

- fixed a crash in AbstractTableView

- new about dialog

- search for -> command in gui

- fixed deadlock on detaching while a script was running

- fixed a bug in the DbgDisasmFastAt function

- changed some register positions

- go to thread entry option in Thread view

- save user sorting preference for the session

- fixed various possible buffer overflows and other possible bugs

- change commandline of debuggee on the fly

- select next breakpoint on enable/disable

- unicode support (UTF-8)

- register view now has scroll area

- set focus to disassembly on target load

- better scrollbars in InfoBox

- uppercase option now will not uppercase API names

- fixed a bug with duplicate recent files

- changed confusing 'memory leaks found' message

- auto move cursor on toggling BP in reference view

- performance improvement with reading settings

Website:

http://x64dbg.com

Greetings,

Mr. eXoDia

[Loki]

Good luck with the BA mate

 

I did a BA in CS, although that was 15 years ago now! Some good stuff to be learned, although I dont think you'll have many problems 

 

Study hard!

[Kurapica]

Great work

 

I wish you success in your studies.

[kao]

Good luck with the studies! Make sure it's time well spent!

[cob_258]

My first crack with debugger done  , It was verry helpful because the target uses both 32 & 64 bit libraries to check license.

 

But I have some suggestions & bug reports for future versions:

- the possibility to overwrite the loaded exe/dll with patch export

- double click on an address in stack to follow in dump

- dump window : copy to clipboard, goto previous and find references

- if it's possible to show process windows

- pause process in main thread

* I had some troubles in binary edit and memory breakpoint

-> converting from ascii to hex is valid only for printable chars.

-> breakpoint is done to the memory page instead of the selected address.

* find intermodular call fails (crash) with programs having debug database

 

  I congratulate you for the powerful string reference/symbols, searching for a string/symbol is so easy.

I wish you good luck with your studies

[mrexodia]

- the possibility to overwrite the loaded exe/dll with patch export

Patch import export is already implemented.

- double click on an address in stack to follow in dump

That would be a possibility. Currently you can right click and press 'Follow in Dump' if you want to follow stack addresses in the dump.

- dump window : copy to clipboard, goto previous and find references

Copy to clipboard is indeed a missing feature, just like goto previous. Find references was implemented in the latest snapshot.

- if it's possible to show process windows

Yea, please add it to the issues list.

- pause process in main thread

I don't quite understand this feature, could you elaborate on it?

* I had some troubles in binary edit and memory breakpoint

-> converting from ascii to hex is valid only for printable chars.

You can only convert printable characters to hex. In olly it just shows '.' for every character it cant print. This is misleading in my opinion.

-> breakpoint is done to the memory page instead of the selected address.

Indeed, memory breakpoints are set on pages of memory (0x1000 bytes minimum), not on addresses. If you want to break on memory read/write on a specific address, use hardware breakpoints.

* find intermodular call fails (crash) with programs having debug database

Yep, this should have been fixed in the latest snapshot, please try that one and if it's still crashing, please provide a more detailed guide.

 

  I congratulate you for the powerful string reference/symbols, searching for a string/symbol is so easy.

I wish you good luck with your studies

Thank you!

It would be really appreciated if you could report the issues on http://issues.x64dbg.comwith a detailed explanation of what you mean. This makes everything a lot easier to work on. Notice that some issues might have already been reported.

Greetings,

Mr. eXoDia

[cob_258]

I don't quite understand this feature, could you elaborate on it?

 

I mean when you pause a process, it's better to directly show main thread (CPU, call stack, stack ..etc)

 

 

Patch import export is already implemented.

 

The probleme is I couldn't patch the loaded PE (in my case was a dll that I had to save under another name)

 

You can only convert printable characters to hex. In olly it just shows '.' for every character it cant print. This is misleading in my opinion.

 

the problem is when I want to write an ascii char between non printable chars, to save the non printable chars I need to convert the text

 

[Departure]

I must say that it is a nice gui interface, I would really like to see this continue and move forward as I do prefer this GUI interface than ollydebug with easy access tabs. I did notice that only 1 plugin works which is the Highlightfish plugin, It would be nice to see sigmaker and the other plugins work.

[SmilingWolf]

MultiASM 2.3.1 works fine at the very least on the latest snapshot, I have made extensive use of it two days ago to fix my Arma 64bit inlining code.

[mrexodia]

V2.3ALPHA is out!

Changelog:

- FPU register support

- fixed a bug with the register view not being updated when CSP changes

- fixed buffer overflows with symbol names

- better JIT debugger support

- resolved another crash in dbghelp with long symbol names

- added a separator in the HexDump every 4 bytes

- fixed bugs with printing the debug strings

- fixed SetThreadName exceptions

- you can now safely use "eax * 4 + 3" (spaces caused problems before)

- fixed a crash with very long automatic comments

- fixed all kinds of small coding bugs (coverity)

- find references in dump context menu

- find a range of references (select multiple bytes and find references to either of them)

- reload script option

- va <-> file offset conversion

- goto -> file offset

- loadlib command to inject a dll in the debuggee

- some checks with TitanEngine

- resolved crashes with threading race conditions (these are random crashes, hopefully all are solved now)

- build date in the about dialog

- fixed some bugs with the status label

- added suspend/resume all threads option

- shortcut files are now resolved correctly

- resolved stack overflow (even less crashes!)

- changes the mulhi operator from '$' to '`' (nobody knew this operator existed right?)

- access module rva's by doing "[module]:$[rva]"

- skip an instruction using Ctrl+F8 (useful for INT3 breakpoints you placed yourself)

- mov dest, #DATA# works now

- more responsive GUI (less redrawing hopefully)

- faster and more responsive mouse wheel scrolling

- fixed possible freezes on Windows XP

- debug strings are not printed twice anymore

- automatic comments have a different (customizable) color

- double click in the dump starts binary edit

- double click in the stack starts modify value

- access a module entry point using "[module]:entry"

- more crazy input possibilities (such as "kernel32.GetProcAddress" working finally)

- "Follow Entry Point in Disassembler" in symbols view

- "Copy File Path" in symbols view

- you can customize the color of INT3 instructions (filling)

- fixed a bug with copying the wrong number of instructions in the disassembler

- tabbed reference view

- fixed some bugs in TitanEngine

Website:

http://x64dbg.com

Greetings,

Mr. eXoDia

[Siarogak]

Debug->Change command line 

is it possible to save command line after application restarts ?

[mrexodia]

Debug->Change command line 

is it possible to save command line after application restarts ?

Right now this is not a feature, but I guess it would be possible...

Please add an issue on http://issues.x64dbg.com

[mrexodia]

V2.4ALPHA Released!

Changelog:

- resolved a crash when scrolling up in the dump

- resolved reference view not following in disasm correctly

- resolved losing settings

- fixed a crash with a critical section initialized multiple times

- added secret option to disable database compression

- various ui improvements

- allow 'jmp short'

- fixed hardware breakpoints

- disasm/dump/stack plugin menu api

- display the number of bytes selected and the module in dump

- added topmost option

- fixed TLS callbacks on DLLs

- show reference count in reference window

- fixed possible buffer overflows

- added a close all button in the reference view to close all tabs

- fixed a bug with a non-refreshed memory map on start

- report bug button

- update hex when editing ascii/unicode in HexEditDialog

- settings dialog now scales

- fixed importing patches

- thread-safe dbghelp access (could fix some crashes)

- Yara pattern finding support

- resolved an issue where toggling patches did not toggle the actual bytes

- data copy dialog in various formats (C byte/word/dword/string/unicode)

- dynamic 'Find references to' menu in disassembler (auto-detects constants)

- added find references option to the dump (also works with a range selection)

- show what was searched for in reference tab title

- RegEx support in SearchListView

Download:

http://snapshots.x64dbg.com

Donate:

http://donate.x64dbg.com

Greetings,

Mr. eXoDia

[AlphaBeta55]

Mr. eXoDia,

First I want to say thank you very much for such a good idea and a wonderful work.

I just found about X64_dbg by chance 2 days ago, yesterday I saw you uploaded a new snapshot, I gave it a try it and it's working fine for me, I tired to compile the git head version and the process went smooth as expected.

I'm very impressed and I see x64_dbg has a good potential over others I tried in the past. I am trying now to learn more about it's internal and see where I can contribute , I saw the issue tracker hopefully I can reproduce some of the issues and it will be my first step to know more about how it works internally.

Thank you again for the Wiki, the help file, and the website and all the work you guys did.

I have couple questions, please tell me if there is another forum or post where you discuss, issues, features, design decisions..etc, I will appreciate it so much

Thank you and have a nice day

 

 

Edited April 3, 2015 by AlphaBeta55