Jump to content
Tuts 4 You
Sign in to follow this  
mrexodia

x64dbg

Recommended Posts

mrexodia

Someone is currently porting that api to c#

you can quite easily use a c# dll with the unmanaged export 'void Start()' or 'void StartAsync()' and swig to do debugging with c# and the scriptapi

  • Like 1

Share this post


Link to post
Hatschi

nice! do you know who is porting and what the status is?

Share this post


Link to post
mrexodia

It wiil become available once its ready.

Share this post


Link to post
Hatschi

Sounds fair. Is it possible to remotely attach and place breakpoints in C# with it? I tried to implement the export functions with GetProcAddress but I don't know what to pass as DebugInfo and Callback argument. Or is the SDK not for this kind of use?

Share this post


Link to post
T-rad

@Mr. eXoDia: for plugins, is there an export/ variable to get the debug file exe name?

Share this post


Link to post
mrexodia

No, you have to register a callback and get it from there. These exports are often requested though do I'll probably add them.

Share this post


Link to post
sstrato

By using the (analyze) command and then (functionlist) the program hangs on x32 and x64.

  • Like 1

Share this post


Link to post
diskgetor

@mrexodia

hello,could you add these function:

1:add "edit  breakpoint in data window";

2:can use ollydbg;s script

3:can debug themida protected files.

future:get CV's handler.

                    thank you so.

Share this post


Link to post
mrexodia

@diskgetor

1. What do you mean exactly with 'data window', the hex dump or the memory map or something else?

2. No, I have no interest in supporting odbgscript, it is however possible to write a plugin that does.

3. You can, with ScyllaHide.

What is a CV handler?

  • Like 1

Share this post


Link to post
diskgetor

@mrexodia

x32dbg can not debug themida with scyllahide plugin in win7 32 bit,and the x32dbg can not close must kill the thread.this is the video info so,please help me check.and my debug target link:http://www.cjhf.net/software/super_recovery.exe

 

 

mrexodia.7z

Share this post


Link to post
mrexodia

@diskgetor It's unrelated to x64dbg, perhaps Themida has updated.

  • Like 1

Share this post


Link to post
diskgetor
Quote

@mrexodia

 

void fun_4371b6(int32_t ecx) {

uint32_t edi2;

void* eax3;

int32_t ebp4;

uint32_t eax5;

uint32_t eax6;

uint32_t esi7;

uint32_t eax8;

uint32_t edx9;

uint32_t ecx10;

uint32_t eax11;

uint32_t ecx12;

uint32_t eax13;

uint32_t ecx14;

void* v15;

 

while (1) {

edi2 = static_cast<uint32_t>(*(uint8_t*)((int32_t)eax3 + ebp4 + 0xf1f));

eax5 = edi2 * 0x1a85;

eax6 = (((int32_t)eax5 >> 16) + (eax5 & 0xffff) & 0xffff) + esi7;

eax8 = (((int32_t)eax6 >> 16) + (eax6 & 0xffff) & 0xffff) + (esi7 & 0xffff & 0xffff);

asm("cdq");

edx9 = (uint32_t)((int32_t)edi2 % 57);

ecx10 = (((int32_t)eax8 >> 16) + (eax8 & 0xffff) & 0xffff) + ((edx9 & 0xffff) + ((int32_t)edx9 >> 16) & 0xffff);

eax11 = edi2 * (ebp4 + 0xf1f);

ecx12 = (((int32_t)ecx10 >> 16) + (ecx10 & 0xffff) & 0xffff) + (((int32_t)eax11 >> 16) + (eax11 & 0xffff) & 0xffff);

asm("cdq");

eax13 = (ebp4 % 5 + ebp4 + 11) * esi7;

ecx14 = (((int32_t)ecx12 >> 16) + (ecx12 & 0xffff) & 0xffff) + (((int32_t)eax13 >> 16) + (eax13 & 0xffff) & 0xffff);

esi7 = ((int32_t)ecx14 >> 16) + (ecx14 & 0xffff) & 0xffff;

if ((int32_t)esi7 < (int32_t)10) {

esi7 = edi2;

}

++ebp4;

if (ebp4 >= 8)

break;

eax3 = v15;

}

}

-----------------------------------------------------------------------------------------------------------

these codes get from snowman,the   asm("cdq");  can not link  by VS2013.help thanks.

 

Share this post


Link to post
diskgetor

@mrexodia
1:
 click the register window calour is whiter.
2:
how to search commands like ollydbg?
3:
how to pase debugging like od's F12/ E/T  function?

Share this post


Link to post
kao

@mrexodia: Since you love the free publicity, would you consider adding x64dbg project to the #hacktoberfest?

  • Like 1

Share this post


Link to post
mrexodia
19 minutes ago, kao said:

@mrexodia: Since you love the free publicity, would you consider adding x64dbg project to the #hacktoberfest?

Done, 57 issues have been marked with the #Hacktoberfest label :D 

  • Like 1

Share this post


Link to post
diskgetor

@mrexodia
1 search command sequence default is HEX, can support code ASM sequence?
2.snowman bug explains the division, the remainder of a division is interpreted as a function code: __intrinsic (bug.); this is great
Example:
<stdio.h> #include
Main int ()
{
Int a;
Int b;
B = rand ();
A = b/99;
Printf ("B =%d,%d a=, B",, a);
Getchar ();
}
Reference:
Https://blogs.msdn.microsoft.com/devdev/2005/12/12/integer-division-by-constants/
3 can increase the C execution point (EIP) and right click to add the enter menu (asleep debugging) to the top of the button?
4 source code can support the F2 as well as the output of real-time debugging information: send out, stack, memory and the corresponding change permissions? (instead of the VS debugger)
5 can let the debugging engine VT se VMP to take over the shell (TMD) to run?
6 can you always start highlighting mode instead of +h?
7 think of it...
The 8 part of the content and developers ditch through no fruit

Share this post


Link to post
mrexodia

@diskgetor please open separate issues at http://issues.x64dbg.com for every feature request or bug report.

Quick answer:

1. there is an issue for it. you can search one command with ctrl+f
2. again, I did not create snowman.
3. could you give some screenshots with what you mean? It's quite vague.
4. source code debugging supports F2 and basic operations (F10, F11 to step source) I don't plan any updates for variables.
5. I don't understand what you mean.
6. No, I dislike the highlighting mode IDA has where your highlighting jumps all over the place.
7. Of what?
8. Not sure what you mean there.

Also for your other post:

1. please make a screenshot/video to explain what you mean with visual things
2. you can't
3. press F12

Share this post


Link to post
beBoss™

Would be nice if someone create a pack of the x64dbg and its plugins :)

Share this post


Link to post
mrexodia
52 minutes ago, beBoss™ said:

Would be nice if someone create a pack of the x64dbg and its plugins :)

No it would not be nice at all. You can get lots of x64dbg versions at http://snapshots.x64dbg.com and a list of plugins is available at http://plugins.x64dbg.com if any are missing feel free to update the list.

Reasoning is the same as why there are no official release versions in x64dbg, things are unstable and good care has to be put into choosing a version.

Share this post


Link to post
beBoss™

Most of the plugins have to be compiled and there is no info how to do it. And of course maybe we have to have some tools to do it, which is waste of time for some of us, nothing personal, that's why I asked for a package.

I don't have an idea how to compile most of them, sorry bout that anyway :) 

Share this post


Link to post
alorent

Is there any option to remember the size/position of the x64dbg gui when I open It? x64dbg takes my full 43 inch 4k monitor when I open It :)

Share this post


Link to post
mrexodia
22 hours ago, beBoss™ said:

Most of the plugins have to be compiled and there is no info how to do it. And of course maybe we have to have some tools to do it, which is waste of time for some of us, nothing personal, that's why I asked for a package.

I don't have an idea how to compile most of them, sorry bout that anyway :) 

Most have releases available on their github pages you could start ehere.

14 hours ago, alorent said:

Is there any option to remember the size/position of the x64dbg gui when I open It? x64dbg takes my full 43 inch 4k monitor when I open It :)

There is no option for that right now. I created an issue for it.

  • Like 1

Share this post


Link to post
BHA

@mrexodia - When I apply the patches it saves just fine, but when I try to run the newly created exe file it says it is corrupt. Any ideas?

Share this post


Link to post
Kurapica

There is one annoying GUI bug in the "Patches" form ...

To reproduce :

1 - Open the patches form

2 - Press down the mouse button over the "Import" button but don't release the mouse.

you will notice that the button returns to the "Pushed up" state, just like it refuses the mouse clicks.

This makes me click the import button several times to bring the "Open patch" dialog.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...