Thanks a lot for you quick support ... it's greatly appreciated

 

For old friends there is always room for priority management

So, some teenagers still have respect for elders

I thought it was only a custom of the past

 

Thanks again mate!

 

Best Regards,

Tony

 

[EDIT]

Just tried with x64 version and HOME key is working flawlessly while BOTTOM key, weirdly, always goes to (end_address - <const>) where <const> differs based on window height    But, given I got this feature implemented climbing the request queue ... it's already fantastic.

 

Thanks again

Tony

Edited May 25, 201510 yr by tonyweb

This is a great debugger, It was hard to find a good 64 bit debugger. For a newbie like me whos only started doing this stuff for

1 month managed to do a 64-bit crkme  and patch it using your debugger. I had to use your latest snapshot version as the full release

would get confused on breakpoints.

 

The only issue I had was I had to use olly debug to find my way in the code (32bit code first) I particularly miss the ">" jump spots in the margins

to trace the code backwards.

Edited May 28, 201510 yr by 1MegofRAM

Just tried with x64 version and HOME key is working flawlessly while BOTTOM key, weirdly, always goes to (end_address - <const>) where <const> differs based on window height    But, given I got this feature implemented climbing the request queue ... it's already fantastic.

 

Yea, there are problems with when you try to follow an address that is too far at the end, it will not display so I decided to solve it like this until I properly fix it.

 

This is a great debugger, It was hard to find a good 64 bit debugger. For a newbie like me whos only started doing this stuff for

1 month managed to do a 64-bit crkme  and patch it using your debugger. I had to use your latest snapshot version as the full release

would get confused on breakpoints.

 

The only issue I had was I had to use olly debug to find my way in the code (32bit code first) I particularly miss the ">" jump spots in the margins

to trace the code backwards.

Always use the latest snapshots. Releases are just another snapshot where the number changes. Nothing more.

The branch analysis is done partially with the view on the left, but I understand it's confusing. You can also use Ctrl+R in a region to find all references to that region. Another thing you can do is use 'Ctrl+H' and click something (number/register/whatever) to track occurrences (it will underline in red).

Hope this helps,

Mr. eXoDia

Edited May 28, 201510 yr by Mr. eXoDia

In the last snapshot to use decompile ( Snowman ) both x32 and x64 are hung .Using Yara , after running a program ( x32, x64) , are in memory strings (unicode , text, etc.) which can be put hardware breakpoints you Acces to restart the program but these positions memory does not exist until the program is run and run this does not stop at the breakpoints . In Olly yes. it would be interesting to stop at these breakpoints , (sorry for the bad English , traducio with google ) .

@Mr.exodia I'd like x64dbg patch operates as ollydbg.

In the last snapshot to use decompile ( Snowman ) both x32 and x64 are hung .

Using Yara , after running a program ( x32, x64) , are in memory strings (unicode , text, etc.) which can be put hardware breakpoints you Acces to restart the program but these positions memory does not exist until the program is run and run this does not stop at the breakpoints . In Olly yes. it would be interesting to stop at these breakpoints , (sorry for the bad English , traducio with google ) .

Yea, snowman was broken. Just use snowman.dll from the previous snapshot (will fix it later today).

Memory addresses have no meaning when there is no module assigned to them, so that is why they are not saved. In the future I might add virtual module support, which would solve this problem. 

 

@Mr.exodia I'd like x64dbg patch operates as ollydbg.

It doesn't? Look at this video and tell me what you are missing. https://mega.co.nz/#!mwQygJAL!byQQdPshPHGRW8fHcXTFDb1actJ2uEYejuwkeArv_gk

Oh nice  I used previous version and i thought missing something Sorry

It would nice to have resource strings i.e. push 65 etc to automatically analysed and appear in the CPU window (I don't know how hard it would be to code).

 

Olly 2.01 has a plugin called resource refs that does a similar thing except it does it in a new window, it has the source code with it.

X32dbg References in the dropdown menu is not displayed ( by pressing the right mouse button ) .

 

It makes that the calculator does not work as it should .

Edited June 8, 201510 yr by sstrato

It would nice to have resource strings i.e. push 65 etc to automatically analysed and appear in the CPU window (I don't know how hard it would be to code).

 

Olly 2.01 has a plugin called resource refs that does a similar thing except it does it in a new window, it has the source code with it.

 

I don't really see how that could be done in a generic way. '65' is a small constant that could be used for anything so it would be weird to show a random string. Maybe I'll export the reference search interface so people could make a plugin for that.

X32dbg References in the dropdown menu is not displayed ( by pressing the right mouse button ) .

 

It makes that the calculator does not work as it should .

I don't think I understand what you mean. References are here

And what do you mean with the calculator part? Maybe it is easier to make a video or screenshot

video.rar

 

Menu references Only x32dbg. x64dbg ok.

Edited June 9, 201510 yr by sstrato

Video_final.rar

Edited June 9, 201510 yr by sstrato

Video_previous.rar

@sstrato: I believe I fixed the first bug (it was really weird) and I definitely fixed the bug with the CalculatorDialog! A new snapshot will be available soon

By the way, how do you run x64dbg on Windows XP?

Video_fault.rar

Edited June 18, 201510 yr by sstrato

Video_error.rar

Hi,

I solved this problem. The latest snapshot should not longer have this bug, thanks for the report!

Greetings

Edited June 22, 201510 yr by Mr. eXoDia

i noticed this too, thought it was only for the session.

 

have you fixed the problem with the strings we talked about?

have you fixed the problem with the strings we talked about?

Don't believe I did... I did solve some problems, but honestly I forgot exactly what the problem was I'll attend to it later. Tomorrow I have (hopyfully) my last exam for this year

Don't believe I did... I did solve some problems, but honestly I forgot exactly what the problem was I'll attend to it later. Tomorrow I have (hopyfully) my last exam for this year

yeah we tried that other night at skype and you said you had an idea, but it wasnt working in the end, hmm write me a pm here, because skype is broken, need to install again.

 

it was a problem with the string search, i think the target is added in the pm already.

 

good luck with your exam!

i am exploring a target with blowfish and other crypto code parts, in IDA i found the code parts, but i am not able to find them in x64dbg.

i imported the MAP file from IDA, but it does not copy the remark for the crypto parts. 

 

would be really cool if somebody could write something like a signature plugin?

 

or is there an other way to find the code parts? maybe importing something from IDA?

you should export the comments (not sure if IDA can do that though). you can also try IDALdr to load signatures.

When the virtual support module.

restored xp support + added virtual module support

syntax:

virtualmod "security.dll",base[,size]

size is optional, auto calculated to the page size of base... sections + exports + entry point are loaded when found in the memory PE header.

video.rar

 

What should I do to stop at the video breackpoints.

Is incomplete in recent snapshot the (string references).

 

Example:
Before ("Demo").
After ("Dem").

Edited August 1, 201510 yr by sstrato