Jump to content
Tuts 4 You

x64dbg


mrexodia

Recommended Posts

mrexodia

@sstrato could you be more specific about the problems you mentioned? Various have been solved already in a branch.

Link to post
  • Replies 220
  • Created
  • Last Reply

Top Posters In This Topic

  • mrexodia

    81

  • sstrato

    21

  • Artic

    8

  • GIV

    7

Top Posters In This Topic

Popular Posts

Hi everyone,   Maybe some of you heard it already, but Sigma and I are working on an x32/x64 debugger for Windows for a few months now... The debugger currently has the following features:

@sstrato Thanks, I found where the issue is and a fix will be out soon.

@mrexodia: Since you love the free publicity, would you consider adding x64dbg project to the #hacktoberfest?

Posted Images

In X32:
1- When the MOV instruction patch does not resolve correctly.

error-x32-1.wmv

2- When you drag a program to debug if already loaded another x32 x64 crashes, but it's no problem occurs des notes that the tab was added.

error-x32-2.wmv

In X64 if not an error is rather an aesthetic problem to patch an instruction concerning registration ds patched window shows a displacement + ip address.

x64.wmv

Link to post
  • 2 weeks later...
On 20.11.2015, 00:21:19, Mr. eXoDia said:

@GIV: could you try if you can scroll to the stack address manually from where it goes in the dump?

I cannot. This is a huge bug IMHO. I hope it will be fixed.

Link to post

Another issue.

I have installed and used the 64bit version on a random program to see how is behave.

If i try to run the program under the debugger the debugger crash.

Here is a video.

Quote

If i made patches to the dump without running the patches widow freeze and the program crash also.

Quote

Is the lastest snapsot of X64dbg with Scyllahide plugin and run as administrator.

Edited by GIV (see edit history)
Link to post
mrexodia

Could you try without ScyllaHide? People have been reporting weird access violations lately with it.

I will check it out when I can.

Link to post
  • 2 weeks later...
mrexodia

Hello,

As far as I know there are no breaking changes that involve XP support. Is it missing any imports or is there something else? XP is not officially supported and nobody tests on it do I cannot verify.

Greetings

  • Like 1
Link to post
8 hours ago, Mr. eXoDia said:

Hello,

As far as I know there are no breaking changes that involve XP support. Is it missing any imports or is there something else? XP is not officially supported and nobody tests on it do I cannot verify.

Greetings

2015-12-22_115625.png.541acf324ed8bcd62e

Link to post

Some time ago, @Mr. eXoDia switched to new Visual Studio - and it produces executables that won't run in XP. It's the same thing with ScyllaHide.

@sstrato: If you compile your own build with older VisualStudio and properly target WinXP, it should work just fine.

Link to post
4 hours ago, Mr. eXoDia said:

kao: we are building with the v120_xp platform, I think someone just used the wrong API there :)

K32EnumProcessModules, K32GetMappedFileNameW, K32GetModuleFileNameExW (Kernel32.dll) No soportadas por XP.


EnumProcessModules, GetMappedFileNameW, GetModuleFileNameExW (Psapi.dll) Ok XP.

Edited by sstrato (see edit history)
Link to post
mrexodia
3 hours ago, sstrato said:

K32EnumProcessModules, K32GetMappedFileNameW, K32GetModuleFileNameExW (Kernel32.dll) No soportadas por XP.


EnumProcessModules, GetMappedFileNameW, GetModuleFileNameExW (Psapi.dll) Ok XP.

Recently someody changed a definition. Probably it can easily be fixed.

Link to post
On 17/11/2015 at 9:02 PM, sstrato said:

In X32:
1- When the MOV instruction patch does not resolve correctly.

error-x32-1.wmv

2- When you drag a program to debug if already loaded another x32 x64 crashes, but it's no problem occurs des notes that the tab was added.

error-x32-2.wmv

In X64 if not an error is rather an aesthetic problem to patch an instruction concerning registration ds patched window shows a displacement + ip address.

x64.wmv

It is possible to solve the problems of this post. default_smile.png

Edited by sstrato (see edit history)
Link to post
mrexodia
On 26-12-2015 at 11:36 AM, sstrato said:

It is possible to solve the problems of this post. default_smile.png

#1 I think we solved it https://github.com/x64dbg/x64dbg/issues/416

#2 checked just now, it's also solved

#3 is not solved but its on the list.

The latest version is available from http://releases.x64dbg.com or http://jenkins.x64dbg.com the sourceforge repository is now deprecated so maybe you don't have the latest snapshot because of that.

Greetings

  • Like 1
Link to post
mrexodia

@sstrato: yea, just confirmed the issue. The reason for this is that XEDParse has a bug that doesn't automatically assemble in ss mode. To solve it (for now), add the ss flag by hand.

Greetings

  • Like 1
Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...