Jump to content
Tuts 4 You

x64dbg


mrexodia

Recommended Posts

  • Replies 219
  • Created
  • Last Reply

Top Posters In This Topic

  • mrexodia

    81

  • sstrato

    21

  • Artic

    8

  • GIV

    7

Top Posters In This Topic

Popular Posts

Hi everyone,   Maybe some of you heard it already, but Sigma and I are working on an x32/x64 debugger for Windows for a few months now... The debugger currently has the following features:

@sstrato Thanks, I found where the issue is and a fix will be out soon.

@mrexodia: Since you love the free publicity, would you consider adding x64dbg project to the #hacktoberfest?

Posted Images

mrexodia

@converse: Both scripts and plugins are already supported. Phantom/StrongOD will never be supported though, because they use the ollydbg plugin engine.

@Aguila: Leaving out the GUI, there are a few things that need some work, just tell me if you like something:

  • more (script) commands (eg find eip,#12?3??54#, gmi/gma using TitanEngine for retrieving imagebase etc, etc)
  • commands to dump memory regions/modules (using the Scylla DLL?)
  • working on XEDParse, to support more instructions (would really help a lot)
  • plugin API needs a good look (is there more needed, apart from GUI interaction)
  • TitanEngine bugfixing (would really help a lot, there are many bugs)
  • multi-layered loop definition commands (just like the functions), check out DbgGetLoopTypeAt in the Bridge
  • optimization
  • better roadmap lol
@ahmadmansoor: Yep, we can rock :)

 

Greetings

Link to post

I think that you should delay this to somewhere in the future, because scylla has a nice memory/pe dumper, so it is not really necessary:


  • commands to dump memory regions/modules (using the Scylla DLL?)

 



 


TitanEngine bugfixing (would really help a lot, there are many bugs)



How do you know that there are many bugs? And how can we find them?


 


So it looks like fixing titanengine is still very important.


 


 


PS: Don't forget to add a Thread Viewer, I think this is also important.


 


 


Link to post
mrexodia

@Aguila: Why delay? It's useful to have this one your hands when you need it. I know it's in Scylla, but having it as scripting feature is really powerful.

Regarding the bugs: Just read some code (I kinda refactored everything this evening) and you'll see the bugs come out. The main thing needed is testing modules for everything, which is a TERRIBLE lot of work :(

An example of a bug/design flaw: TitanEngine is not thread-safe, memory breakpoints fail, GlobalAPIHandler bugs, x64 is not fully supported, the memory footprint is terrible (need to use vectors instead of static lists), it needs a MemoryRead/MemoryWrite function that covers breakpoint data, stuff like this.

Will add the thread viewer, but it will come together with a better GUI api I guess :)

Greetings

  • Like 1
Link to post
  • 4 weeks later...
mrexodia

V1.2ALPHA is out!

Changelog:

- many small crash fixes (stack overflows etc)

- many fixes regarding the Dump window

- different dump views

- bugs with valfromstring fixed (now much faster)

- latest development version of TitanEngine Community Edition (many, many, many fixes)

- simple thread view

- project design overview (x64_dbg_sceme.vsd), useful for plugin developers

- TLS callback support

- informative window title

- user preferences (eg on which events to break)

- bug with the recent file list fixed

- ignore exception ranges

- debug strings are now displayed (escaped)

- added 'xor' command

- many fixes in the script engine

- simple stack display

Download:

https://bitbucket.org/mrexodia/x64_dbg/downloads

Greetings,

Mr. eXoDia

  • Like 5
Link to post
arturo1000

This debugger is so much better every day. I try to debug a file with IDA and x64_dbg, and now is more more easy with x64_dbg. Any way to locate addresses from one offset address? I try to go in one addres in dll file and don´t know how do it.


Link to post
CodeExplorer

@Mr. eXoDia:

One of the best x64 debugger!

Some features to be added:

All Strings from exe (Az):
- please add search a string on them
- please add set breakpoint on the string address
Other features to be added:

- the ability to save changes to file

- the ability to view call stack,

Hoping you will implement at least some of these!

 

Best regards

CodeCracker

Edited by CodeCracker (see edit history)
Link to post
mrexodia

@arturo1000: glad you like it! Currently there is no way to get the VA from an offset of RVA, but it is possible to make a plugin that does this. It was added to the todo list.

@CodeCracker: thanks :) String searching has already been implemented, but in the currently release it is buggy (just start typing in the list and it will search). Breakpoint is a really good idea, will add that immediately! Sorting a StdTable (where the strings are stored in) is currently not supported, but it is also on the todo list. Same for saving patches and the callstack :)

Greetings

Edited by Mr. eXoDia (see edit history)
Link to post
Dragon Palace

any possible transfer breakpoint from OD v1.10 & OD v2.01 into X64_DBG? or say it Import breakpoint from OD.


Link to post
mrexodia

@chixiaojie: No, it's not currently possible and it will never be directly supported by x64_dbg. You can however create a plugin that makes changes to the SQLite database. I will add support for this in the bridge.@ChVL: I also found that this happens sometimes, but I cannot reproduce it correctly. I think it has something to do with TitanEngine, but it requires some more testing time.@CodeCracker: Currently I did not implement GUI-friendly stuff (like putting breakpoints in the references and other stuff), but please tell me when you find some more, it is on the ToDo list. I just had many requests for this feature.V1.4ALPHA is out (lol, kinda spamming)Changelog:
- fixed some bugs with references
- added the 'Previous (-)' and 'Next (+)' function (to get back to your previous address of interest). This has a maximum depth of 1024, but it's easy to change this to any other value, since I use dynamic arraysDownload:
https://bitbucket.org/mrexodia/x64_dbg/downloadsGreetings,Mr. eXoDia

Edited by Mr. eXoDia (see edit history)
Link to post
  • 2 weeks later...

Is "Trace" option presented into your TODO list? If no, add it please. :-)


 


Also thanks for implementing "-" button :)


 


Also found bug: "Open" windows says it's allowed to choose *.exe AND *.dll. But if you choose .dll debugger says "error starting process (invalid pe?)". Probably it should call something like loaddll.exe...


Edited by fetch (see edit history)
Link to post
  • 2 weeks later...
mrexodia

V1.5ALPHA is released!

Changelog:

- added debug privilege option (TitanEngine)

- fixed a bug with GetFileNameFromHandle ('error starting process (invalid pe?)')

- fixed a bug with attaching to an x32 process from the x64 debugger

- added 'detach' command

- added twords,dqwords,ywords and zwords

- added a menu API for plugins

- movable tabs

- detachable tabs (for example to place a tab on a second screen)

- fixed a bug with [esp]=4 (valtostring)

- fixed a lot of bugs with scripts

- removed result display of the mov instruction

- press enter on a script jump to get to the destination

- basic script syntax highlighting

- added RVA view in disassembly (double click on the address)

- double click on the opcodes to toggle breakpoints

- double click on the disassembly to assemble

- double clikc on the comments to comment

- fixed an annoying bug with searching for referenced strings

- when you use '-1' in the ExceptionRangeDialog it will use 'FFFFFFFF' instead

- better documentation

- added a simple 'find' command for scripts

- added find references to an address (ctrl+r)

Download:

http://x64dbg.com

Greetings,

Mr. eXoDia

  • Like 4
Link to post

Cool!


 


Shame about the known problems with owner draw Qt controls, otherwise having the text output look the same as Olly would be cool.


Link to post

I have a suggestion, when starting the program on the lower left corner it displays a red "Terminated" text, it should display "Ready" or "Load a file".


Link to post
  • 2 weeks later...
mrexodia

V1.6ALPHA is out!

This version is actually to be compatible with ScyllaHide, so many asked things are not yet implemented.

Changelog:

- search for menu in disassembly context menu

- 'ready' instead of 'terminated' on start

- selection API

- updated find, strref and reffind commands

- strings in the stack

- follow in dump/disasm/stack in stack context menu

- force default alignment in SDK

- section names in memory map

- bring debugger to front when paused

- fixed a bug with the '=' sign

- added a line edit window api

- updated TitanEngine (fixes some handle leaks and maybe hanging bugs)

Download:

https://sourceforge.net/projects/x64dbg/files/latest/download

Online Help:

http://mrexodia.cf/x64hlp/

Source Repository:

http://x64dbg.com

Greetings,

Mr. eXoDia

  • Like 5
Link to post
arturo1000

Day by day it make the way to become in default X64 debugger a few of Us. With the progress it have is possible do a lot of thing that in IDA is more troublesome.


  • Like 1
Link to post
  • 3 weeks later...
mrexodia

V1.7ALPHA is out!

Changelog:

- some help updates

- added version information to file

- detach using right click -> detach on the tab you want to detach

- fixed a bug when searching for strings twice (search didn't work)

- fixd a crash on loading an empty script

- fixed a potential overflow while escaping a debug string

- escape the section names from the memory map

- better pattern finder

- added command auto-completion (includes plugin commands)

- removed an annoying log message on clicking a plugin menu

- fixed bugs in GuiSelectionGet & GuiSelectionSet (thanks to ahmadmansoor)

- added commandline support (x64_dbg.exe "c:\program files\test.exe")

- fixed a bug in modbasefromname (thanks to Artic!)

- added status bar API

- added bpdll command

- fixed a bug in DeviceNameResolver

- fixed various bugs in TitanEngine

- fixed a bug with manual functions in the GUI

- added various bridge exports

Download:

https://sf.net/p/x64dbg

Greetings,

Mr. eXoDia

  • Like 2
Link to post
  • 3 weeks later...
mrexodia

V1.8ALPHA is out!

Welcome tr4ceflow to the team!

Changelog:

- added IDA-like sidebar

- color customization

- instruction tokenizing

- allow highlighting of instruction tokens (CTRL+H)

- new register view that highlights changes

- fixed a bug with detaching

- updated BeaEngine

- new database format (JSON + lz4)

- massive performance improvements

- use SHIFT for selection

- small fixes

- project code cleaup

- more API functions

Website (made by tr4ceflow):

http://x64dbg.com

Greetings,

Mr. eXoDia

Edited by Mr. eXoDia (see edit history)
  • Like 5
Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...