Jump to content
Tuts 4 You
Sign in to follow this  
mrexodia

x64dbg

Recommended Posts

sstrato

In x32 and x64 navigation keys up and down do not work in the window references and the window symbols.

In X32 when patched in some directions out the window.

2015-12-31_122351.png.1b77c5efd435440b33
The instruction is patched correctly.

 

 

Edited by sstrato (see edit history)

Share this post


Link to post
mrexodia
On 30 December 2015 at 9:40 PM, sstrato said:

In x32 and x64 navigation keys up and down do not work in the window references and the window symbols.

In X32 when patched in some directions out the window.

2015-12-31_122351.png.1b77c5efd435440b33
The instruction is patched correctly.

 

 

Thanks for the report. I will look into it. This warning message is meant to help you if you try to assemble "jmp x" where x is not pointing to a valid memory location or a memory location that is marked as non-executable. This behavior has been fixed and a new snapshot should be available soon.

  • Like 2

Share this post


Link to post
Hypnz

Hi. Newest snapshot have issues with breakpoints. Sometimes doesn't break. Anyone can confirm this?

Share this post


Link to post
sstrato

From this update do not work properly ((#373 (05-mar-2016 13:03:43) (DBG: implemented caching (lookup in the memory map))).

Edited by sstrato (see edit history)

Share this post


Link to post
mrexodia

@sstrato What is not working exactly?

Share this post


Link to post
sstrato

the first time you run the program breakpoints work properly if recharging the program and rerun the breakpoints of the libraries do not work. If you revert back cache modification work (tested).

Share this post


Link to post
mrexodia

Okay, thank you very much! I disabled caching for most part now, there might still be some issues with disassembling in newly allocated pages but this was expected behavior.

Share this post


Link to post
sstrato

From esta big update (#204 (24-nov-2015 1:57:45)) it is impossible to erase the HBP placed in memory (Outside libraries and program), without parecece grave But it is annoying. Anyway they are inactive and can not be used.

Edited by sstrato (see edit history)

Share this post


Link to post
mrexodia

@sstrato Confirmed and fixed those issue(s). Thanks a lot for the report! Now 'inactive' breakpoints are shown in a GUI and you should be able to manipulate them normally (enable/delete).

  • Like 1

Share this post


Link to post
sstrato
9 hours ago, Mr. eXoDia said:

@sstrato Confirmed and fixed those issue(s). Thanks a lot for the report! Now 'inactive' breakpoints are shown in a GUI and you should be able to manipulate them normally (enable/delete).

They seem to work fine now, thanks great job.

Share this post


Link to post
Hypnz

Yeah they are working fine :) thx mr.exodia :)

 

Share this post


Link to post
sstrato

You can highlight Regex search again.

Normal search:

normal.png.efd2d5817d8bda5b327ef9cdc6d3b

Regex search:

Regex.png.9693b860cf60a7a8f153694ced0850

Share this post


Link to post
Cthulhux

Hi,

just registered to say "Thank you!" for x64dbg. :)

And I already have a small feature request: Maybe the strings from a file should be cached somewhere so they are not "processed" again every time I want to start a string search?

Share this post


Link to post
mrexodia
On 4/8/2016 at 10:06 PM, Cthulhux said:

Hi,

just registered to say "Thank you!" for x64dbg. :)

And I already have a small feature request: Maybe the strings from a file should be cached somewhere so they are not "processed" again every time I want to start a string search?

If you search for strings you can go back to the reference tab and see your old results there.

Share this post


Link to post
sstrato

Unable to save patch introduced at the end of the file without code area.
Example:

no-patch.wmv

Share this post


Link to post
mrexodia

@sstrato are you sure there is space free there? A bug was found in the RVA <-> Offset conversion but most executables simply don't have space after the 'NOP' that you saw as last instruction.

Share this post


Link to post
sstrato
1 hour ago, Mr. eXoDia said:

@sstrato are you sure there is space free there? A bug was found in the RVA <-> Offset conversion but most executables simply don't have space after the 'NOP' that you saw as last instruction.

If there is free space. Tested with several executables, all with free space at the end of the section of the .text section. OllyDbg if allowed.

Share this post


Link to post
sstrato

It works very well, thank you.

Share this post


Link to post
Artic

the string search is working a bit slower in the last version from 1. May, it hangs at a percentage.
i do most of the time search for strings in one module, maybe it is normal, but i remember in a build from April, it was much faster.

Share this post


Link to post
mak

Does anybody have any contact with the author? It would be cool to ask him to publish the source code in order to someone could make a script editor for x64DBG debugger? OllySubScript сommands can be added to the list, removing completely the same lines from the list does not work, there is only forcible manner. x64DBG_SubScript - Generally it would be useful to users.

Share this post


Link to post
GNIREENIGNE

Thank you for making this program.

Share this post


Link to post
Hatschi

Can someone provide SDK examples in C# ?

Share this post


Link to post
kao

@Hatschi: considering that you can't create unmanaged exported functions in C# without extra hacks (like https://www.nuget.org/packages/UnmanagedExports ), people are quite unlikely to port SDK to C#. ;) 
But if you wish to do that yourself, that might be a pretty cool weekend project..

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...