Jump to content
Tuts 4 You
mrexodia

x64dbg

Recommended Posts

mrexodia

@sstrato could you be more specific about the problems you mentioned? Various have been solved already in a branch.

Share this post


Link to post
Share on other sites
sstrato

In X32:
1- When the MOV instruction patch does not resolve correctly.

error-x32-1.wmv

2- When you drag a program to debug if already loaded another x32 x64 crashes, but it's no problem occurs des notes that the tab was added.

error-x32-2.wmv

In X64 if not an error is rather an aesthetic problem to patch an instruction concerning registration ds patched window shows a displacement + ip address.

x64.wmv

Share this post


Link to post
Share on other sites
GIV

I have a issue with X32 version too.


If i follow in dump a address is displayed another address.


Here is a video attached.


X32.rar

Share this post


Link to post
Share on other sites
mrexodia

@sstrato @GIV: thanks for your reports, they are all posted on http://issues.x64dbg.comand will be looked into.


 


@GIV: could you try if you can scroll to the stack address manually from where it goes in the dump?


  • Like 1

Share this post


Link to post
Share on other sites
sstrato

Since the changes made from snapshot Build # 204 (Nov 24, 2015 1:57:45) going slow on xp x32.
Some instructions follow parcheandose x32 wrong. Error-x32-1.wmv video.

Edited by sstrato (see edit history)

Share this post


Link to post
Share on other sites
GIV
On 20.11.2015, 00:21:19, Mr. eXoDia said:

@GIV: could you try if you can scroll to the stack address manually from where it goes in the dump?

I cannot. This is a huge bug IMHO. I hope it will be fixed.

Share this post


Link to post
Share on other sites
mrexodia
10 minutes ago, GIV said:

I cannot. This is a huge bug IMHO. I hope it will be fixed.

At this point I cannot reproduce the bug, but I added it to http://issues.x64dbg.com so possibly it will be solved in the future.

  • Like 1

Share this post


Link to post
Share on other sites
GIV

Hi.

I saw that you have added the issue on the topics of the debugger.

Thanks. I hope it will be solved.

Share this post


Link to post
Share on other sites
GIV

Another issue.

I have installed and used the 64bit version on a random program to see how is behave.

If i try to run the program under the debugger the debugger crash.

Here is a video.

Quote

If i made patches to the dump without running the patches widow freeze and the program crash also.

Quote

Is the lastest snapsot of X64dbg with Scyllahide plugin and run as administrator.

Edited by GIV (see edit history)

Share this post


Link to post
Share on other sites
mrexodia

Could you try without ScyllaHide? People have been reporting weird access violations lately with it.

I will check it out when I can.

Share this post


Link to post
Share on other sites
mrexodia

I should really make some consistent location for the snapshots. SourceForge doesn't have the latest snapshot anymore. The latest can always be found on http://releases.x64dbg.com and http://jenkins.x64dbg.com anyways I will try to reproduce it but I don't have much time these days unfortunately.

Share this post


Link to post
Share on other sites
sstrato

X32dbg not work on xp.

Has ended support XP?

Edited by sstrato (see edit history)

Share this post


Link to post
Share on other sites
mrexodia

Hello,

As far as I know there are no breaking changes that involve XP support. Is it missing any imports or is there something else? XP is not officially supported and nobody tests on it do I cannot verify.

Greetings

  • Like 1

Share this post


Link to post
Share on other sites
sstrato
8 hours ago, Mr. eXoDia said:

Hello,

As far as I know there are no breaking changes that involve XP support. Is it missing any imports or is there something else? XP is not officially supported and nobody tests on it do I cannot verify.

Greetings

2015-12-22_115625.png.541acf324ed8bcd62e

Share this post


Link to post
Share on other sites
kao

Some time ago, @Mr. eXoDia switched to new Visual Studio - and it produces executables that won't run in XP. It's the same thing with ScyllaHide.

@sstrato: If you compile your own build with older VisualStudio and properly target WinXP, it should work just fine.

Share this post


Link to post
Share on other sites
mrexodia

kao: we are building with the v120_xp platform, I think someone just used the wrong API there :)

Share this post


Link to post
Share on other sites
sstrato
4 hours ago, Mr. eXoDia said:

kao: we are building with the v120_xp platform, I think someone just used the wrong API there :)

K32EnumProcessModules, K32GetMappedFileNameW, K32GetModuleFileNameExW (Kernel32.dll) No soportadas por XP.


EnumProcessModules, GetMappedFileNameW, GetModuleFileNameExW (Psapi.dll) Ok XP.

Edited by sstrato (see edit history)

Share this post


Link to post
Share on other sites
mrexodia
3 hours ago, sstrato said:

K32EnumProcessModules, K32GetMappedFileNameW, K32GetModuleFileNameExW (Kernel32.dll) No soportadas por XP.


EnumProcessModules, GetMappedFileNameW, GetModuleFileNameExW (Psapi.dll) Ok XP.

Recently someody changed a definition. Probably it can easily be fixed.

Share this post


Link to post
Share on other sites
sstrato
On 17/11/2015 at 9:02 PM, sstrato said:

In X32:
1- When the MOV instruction patch does not resolve correctly.

error-x32-1.wmv

2- When you drag a program to debug if already loaded another x32 x64 crashes, but it's no problem occurs des notes that the tab was added.

error-x32-2.wmv

In X64 if not an error is rather an aesthetic problem to patch an instruction concerning registration ds patched window shows a displacement + ip address.

x64.wmv

It is possible to solve the problems of this post. default_smile.png

Edited by sstrato (see edit history)

Share this post


Link to post
Share on other sites
mrexodia
On 26-12-2015 at 11:36 AM, sstrato said:

It is possible to solve the problems of this post. default_smile.png

#1 I think we solved it https://github.com/x64dbg/x64dbg/issues/416

#2 checked just now, it's also solved

#3 is not solved but its on the list.

The latest version is available from http://releases.x64dbg.com or http://jenkins.x64dbg.com the sourceforge repository is now deprecated so maybe you don't have the latest snapshot because of that.

Greetings

  • Like 1

Share this post


Link to post
Share on other sites
sstrato

In xp 32bit this problem persists.

2015-12-29_224214.png.2c3cf99d59fade60372015-12-29_224327.thumb.png.930d26cd2ed2

Share this post


Link to post
Share on other sites
mrexodia

@sstrato: yea, just confirmed the issue. The reason for this is that XEDParse has a bug that doesn't automatically assemble in ss mode. To solve it (for now), add the ss flag by hand.

Greetings

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...