February 18, 20169 yr On 31/1/2016 at 7:12 AM, Mr. eXoDia said: I have been thinking about how to do that for quite some time now, but do you have an idea how to do this on x64 (where the arguments are mostly passed through registers)? What about a function like collapse when RSP point to a system call? I have made a sample to make it clear. I think that can be one of the cleanest solution without wrongly show in the stack the first four parameters... Hope you will like it crystalboy
March 5, 20169 yr In the last (snapshot_2016-03-05_10-48.7z) breakpoints DLLs do not work. Edited March 10, 20169 yr by sstrato
March 22, 20169 yr two suggestions: Registers window -> copy all registers value to clipboard. (OllyDbg Feature) Stack /Dump window -> select addr 003EFE74 - 003EFEA4 . Right mouse menu -Copy - To Clipboard (OllyDbg Feature)
March 22, 20169 yr Author White issues are here https://github.com/x64dbg/x64dbg/issues/613 and here https://github.com/x64dbg/x64dbg/issues/232
March 22, 20169 yr 1 hour ago, Mr. eXoDia said: White issues are here https://github.com/x64dbg/x64dbg/issues/613 and here https://github.com/x64dbg/x64dbg/issues/232 Nice, bro.
March 22, 20169 yr Suggestion: When u make a search for a constant for example, to put a bp at all references.
March 23, 20169 yr Author @Hypnz An issue is available here https://github.com/x64dbg/x64dbg/issues/160 Greetings
May 22, 20169 yr String in references to press F2 to enter a breakpoint could jump to the next line, as in olly. It would be a way to introduce faster interruption point in a selection.
May 27, 20169 yr Author @sstrato I removed that feature because it annoyed the shit out of me Might be a good idea to add an option for this though...
August 18, 20169 yr Hello With Olly when making a call to an API, on the stack Olly "translates" the arguments and saves you referring to MSDN. Is it possible to do the same with x64dbg? Is it possible to add icons to the shortcut bar (not sure if this is correct description). Where restart / stop / go etc. Thanks
August 25, 20169 yr Author @sstrato I tried on witcher3.exe (43mb with about 150k functions) this is the log (and no hang/crash): INT3 breakpoint "entry breakpoint" at <witcher3.EntryPoint> ( 00007FF72EECA7B8 )! Starting analysis... Basic block starts in 9438ms! 0 functions from the exception directory... 1086925 basic blocks, 49649 function starts detected... Basic blocks in 13015ms! 738030/1086925 delayed blocks... 312227/738030 delayed blocks resolved (425803/1086925 still left, probably unreferenced functions) 425803/1086925 unreferenced blocks 151649 functions found! Functions in 1844ms! Function ranges in 109ms! Analysis finished! 141931 function(s) listed Could you show me your log?
August 25, 20169 yr Oddly enough only hangs if "functionlist" runs from the CPU window. It has something to do with the color refreshment instructions. log-jue-ago-25 -8-29-56 2016.txt Edited August 25, 20169 yr by sstrato
August 28, 20169 yr Author I just tried exactly your steps on the same DLL file: 2016-08-28_13-06-56.mp4
August 28, 20169 yr Well, not what else to say, I send the minidump if it helps. dump-28082016_1407130971.dmp
August 28, 20169 yr Author 4 hours ago, sstrato said: Well, not what else to say, I send the minidump if it helps. dump-28082016_1407130971.dmp It says: x64gui+3ef95 000007fe`ef2aef95 80781900 cmp byte ptr [rax+19h],0 This appears to be in capstone_gui.cpp:199 which has something to do with an std::map. The only thing I can imagine is some multi-threading gone wrong so I removed the entire map and replaced it with an array. EDIT: I also encountered the crash randomly now and the removal of the map should solve it. New snapshot should be available soon, thanks! Edited August 28, 20169 yr by Mr. eXoDia
September 3, 20169 yr @Mr. eXoDia At last snapshot i'm trying to debug a app at win 8.1 native not VM. I set my bp's the app breaks but the main window doesn't show the location of the break. Just the the main screen when the app loaded.
September 3, 20169 yr @Mr. eXoDia Just load the app to the debugger. Put your breakpoints and run, should see the debugger breaks but main window doesn't go there. Neither responds if u double click to RIP.
Create an account or sign in to comment