x64dbg

[mrexodia]

Someone is currently porting that api to c#

you can quite easily use a c# dll with the unmanaged export 'void Start()' or 'void StartAsync()' and swig to do debugging with c# and the scriptapi

[Hatschi]

nice! do you know who is porting and what the status is?

[mrexodia]

It wiil become available once its ready.

[Hatschi]

Sounds fair. Is it possible to remotely attach and place breakpoints in C# with it? I tried to implement the export functions with GetProcAddress but I don't know what to pass as DebugInfo and Callback argument. Or is the SDK not for this kind of use?

[T-rad]

@Mr. eXoDia: for plugins, is there an export/ variable to get the debug file exe name?

[mrexodia]

No, you have to register a callback and get it from there. These exports are often requested though do I'll probably add them.

[sstrato]

By using the (analyze) command and then (functionlist) the program hangs on x32 and x64.

[diskgetor]

@mrexodia

hello,could you add these function:

1:add "edit  breakpoint in data window";

2:can use ollydbg;s script

3:can debug themida protected files.

future:get CV's handler.

                    thank you so.

[mrexodia]

@diskgetor

1. What do you mean exactly with 'data window', the hex dump or the memory map or something else?

2. No, I have no interest in supporting odbgscript, it is however possible to write a plugin that does.

3. You can, with ScyllaHide.

What is a CV handler?

[diskgetor]

@mrexodia

x32dbg can not debug themida with scyllahide plugin in win7 32 bit,and the x32dbg can not close must kill the thread.this is the video info so,please help me check.and my debug target link:http://www.cjhf.net/software/super_recovery.exe

 

 

mrexodia.7z

[mrexodia]

@diskgetor It's unrelated to x64dbg, perhaps Themida has updated.

[diskgetor]

Quote

@mrexodia

 

void fun_4371b6(int32_t ecx) {

uint32_t edi2;

void* eax3;

int32_t ebp4;

uint32_t eax5;

uint32_t eax6;

uint32_t esi7;

uint32_t eax8;

uint32_t edx9;

uint32_t ecx10;

uint32_t eax11;

uint32_t ecx12;

uint32_t eax13;

uint32_t ecx14;

void* v15;

 

while (1) {

edi2 = static_cast<uint32_t>(*(uint8_t*)((int32_t)eax3 + ebp4 + 0xf1f));

eax5 = edi2 * 0x1a85;

eax6 = (((int32_t)eax5 >> 16) + (eax5 & 0xffff) & 0xffff) + esi7;

eax8 = (((int32_t)eax6 >> 16) + (eax6 & 0xffff) & 0xffff) + (esi7 & 0xffff & 0xffff);

asm("cdq");

edx9 = (uint32_t)((int32_t)edi2 % 57);

ecx10 = (((int32_t)eax8 >> 16) + (eax8 & 0xffff) & 0xffff) + ((edx9 & 0xffff) + ((int32_t)edx9 >> 16) & 0xffff);

eax11 = edi2 * (ebp4 + 0xf1f);

ecx12 = (((int32_t)ecx10 >> 16) + (ecx10 & 0xffff) & 0xffff) + (((int32_t)eax11 >> 16) + (eax11 & 0xffff) & 0xffff);

asm("cdq");

eax13 = (ebp4 % 5 + ebp4 + 11) * esi7;

ecx14 = (((int32_t)ecx12 >> 16) + (ecx12 & 0xffff) & 0xffff) + (((int32_t)eax13 >> 16) + (eax13 & 0xffff) & 0xffff);

esi7 = ((int32_t)ecx14 >> 16) + (ecx14 & 0xffff) & 0xffff;

if ((int32_t)esi7 < (int32_t)10) {

esi7 = edi2;

}

++ebp4;

if (ebp4 >= 8)

break;

eax3 = v15;

}

}

-----------------------------------------------------------------------------------------------------------

these codes get from snowman,the   asm("cdq");  can not link  by VS2013.help thanks.

 

[mrexodia]

@diskgetor Snowman is developed here https://github.com/yegord/snowman it is only integrated in x64dbg. Open issues there.

[diskgetor]

@mrexodia
1:
 click the register window calour is whiter.
2:
how to search commands like ollydbg?
3:
how to pase debugging like od's F12/ E/T  function?

[kao]

@mrexodia: Since you love the free publicity, would you consider adding x64dbg project to the #hacktoberfest?

[mrexodia]

19 minutes ago, kao said:

@mrexodia: Since you love the free publicity, would you consider adding x64dbg project to the #hacktoberfest?

Done, 57 issues have been marked with the #Hacktoberfest label  

[diskgetor]

@mrexodia
1 search command sequence default is HEX, can support code ASM sequence?
2.snowman bug explains the division, the remainder of a division is interpreted as a function code: __intrinsic (bug.); this is great
Example：
<stdio.h> #include
Main int ()
{
Int a;
Int b;
B = rand ();
A = b/99;
Printf ("B =%d,%d a=, B",, a);
Getchar ();
}
Reference：
Https://blogs.msdn.microsoft.com/devdev/2005/12/12/integer-division-by-constants/
3 can increase the C execution point (EIP) and right click to add the enter menu (asleep debugging) to the top of the button?
4 source code can support the F2 as well as the output of real-time debugging information: send out, stack, memory and the corresponding change permissions? (instead of the VS debugger)
5 can let the debugging engine VT se VMP to take over the shell (TMD) to run?
6 can you always start highlighting mode instead of +h?
7 think of it...
The 8 part of the content and developers ditch through no fruit

[mrexodia]

@diskgetor please open separate issues at http://issues.x64dbg.com for every feature request or bug report.

Quick answer:

1. there is an issue for it. you can search one command with ctrl+f
2. again, I did not create snowman.
3. could you give some screenshots with what you mean? It's quite vague.
4. source code debugging supports F2 and basic operations (F10, F11 to step source) I don't plan any updates for variables.
5. I don't understand what you mean.
6. No, I dislike the highlighting mode IDA has where your highlighting jumps all over the place.
7. Of what?
8. Not sure what you mean there.

Also for your other post:

1. please make a screenshot/video to explain what you mean with visual things
2. you can't
3. press F12

[beBoss™]

Would be nice if someone create a pack of the x64dbg and its plugins

[mrexodia]

52 minutes ago, beBoss™ said:

Would be nice if someone create a pack of the x64dbg and its plugins

No it would not be nice at all. You can get lots of x64dbg versions at http://snapshots.x64dbg.com and a list of plugins is available at http://plugins.x64dbg.com if any are missing feel free to update the list.

Reasoning is the same as why there are no official release versions in x64dbg, things are unstable and good care has to be put into choosing a version.

[beBoss™]

Most of the plugins have to be compiled and there is no info how to do it. And of course maybe we have to have some tools to do it, which is waste of time for some of us, nothing personal, that's why I asked for a package.

I don't have an idea how to compile most of them, sorry bout that anyway  

[alorent]

Is there any option to remember the size/position of the x64dbg gui when I open It? x64dbg takes my full 43 inch 4k monitor when I open It 

[mrexodia]

22 hours ago, beBoss™ said:

Most of the plugins have to be compiled and there is no info how to do it. And of course maybe we have to have some tools to do it, which is waste of time for some of us, nothing personal, that's why I asked for a package.

I don't have an idea how to compile most of them, sorry bout that anyway  

Most have releases available on their github pages you could start ehere.

14 hours ago, alorent said:

Is there any option to remember the size/position of the x64dbg gui when I open It? x64dbg takes my full 43 inch 4k monitor when I open It 

There is no option for that right now. I created an issue for it.

[BHA]

@mrexodia - When I apply the patches it saves just fine, but when I try to run the newly created exe file it says it is corrupt. Any ideas?

[Kurapica]

There is one annoying GUI bug in the "Patches" form ...

To reproduce :

1 - Open the patches form

2 - Press down the mouse button over the "Import" button but don't release the mouse.

you will notice that the button returns to the "Pushed up" state, just like it refuses the mouse clicks.

This makes me click the import button several times to bring the "Open patch" dialog.