May 24, 201510 yr Thanks a lot for you quick support ... it's greatly appreciated For old friends there is always room for priority management So, some teenagers still have respect for elders I thought it was only a custom of the past Thanks again mate! Best Regards, Tony [EDIT] Just tried with x64 version and HOME key is working flawlessly while BOTTOM key, weirdly, always goes to (end_address - <const>) where <const> differs based on window height But, given I got this feature implemented climbing the request queue ... it's already fantastic. Thanks again Tony Edited May 25, 201510 yr by tonyweb
May 28, 201510 yr This is a great debugger, It was hard to find a good 64 bit debugger. For a newbie like me whos only started doing this stuff for1 month managed to do a 64-bit crkme and patch it using your debugger. I had to use your latest snapshot version as the full releasewould get confused on breakpoints. The only issue I had was I had to use olly debug to find my way in the code (32bit code first) I particularly miss the ">" jump spots in the marginsto trace the code backwards. Edited May 28, 201510 yr by 1MegofRAM
May 28, 201510 yr Author Just tried with x64 version and HOME key is working flawlessly while BOTTOM key, weirdly, always goes to (end_address - <const>) where <const> differs based on window height But, given I got this feature implemented climbing the request queue ... it's already fantastic. Yea, there are problems with when you try to follow an address that is too far at the end, it will not display so I decided to solve it like this until I properly fix it. This is a great debugger, It was hard to find a good 64 bit debugger. For a newbie like me whos only started doing this stuff for 1 month managed to do a 64-bit crkme and patch it using your debugger. I had to use your latest snapshot version as the full release would get confused on breakpoints. The only issue I had was I had to use olly debug to find my way in the code (32bit code first) I particularly miss the ">" jump spots in the margins to trace the code backwards. Always use the latest snapshots. Releases are just another snapshot where the number changes. Nothing more. The branch analysis is done partially with the view on the left, but I understand it's confusing. You can also use Ctrl+R in a region to find all references to that region. Another thing you can do is use 'Ctrl+H' and click something (number/register/whatever) to track occurrences (it will underline in red). Hope this helps, Mr. eXoDia Edited May 28, 201510 yr by Mr. eXoDia
June 7, 201510 yr In the last snapshot to use decompile ( Snowman ) both x32 and x64 are hung .Using Yara , after running a program ( x32, x64) , are in memory strings (unicode , text, etc.) which can be put hardware breakpoints you Acces to restart the program but these positions memory does not exist until the program is run and run this does not stop at the breakpoints . In Olly yes. it would be interesting to stop at these breakpoints , (sorry for the bad English , traducio with google ) .
June 7, 201510 yr Author In the last snapshot to use decompile ( Snowman ) both x32 and x64 are hung . Using Yara , after running a program ( x32, x64) , are in memory strings (unicode , text, etc.) which can be put hardware breakpoints you Acces to restart the program but these positions memory does not exist until the program is run and run this does not stop at the breakpoints . In Olly yes. it would be interesting to stop at these breakpoints , (sorry for the bad English , traducio with google ) . Yea, snowman was broken. Just use snowman.dll from the previous snapshot (will fix it later today). Memory addresses have no meaning when there is no module assigned to them, so that is why they are not saved. In the future I might add virtual module support, which would solve this problem. @Mr.exodia I'd like x64dbg patch operates as ollydbg. It doesn't? Look at this video and tell me what you are missing. https://mega.co.nz/#!mwQygJAL!byQQdPshPHGRW8fHcXTFDb1actJ2uEYejuwkeArv_gk
June 7, 201510 yr It would nice to have resource strings i.e. push 65 etc to automatically analysed and appear in the CPU window (I don't know how hard it would be to code). Olly 2.01 has a plugin called resource refs that does a similar thing except it does it in a new window, it has the source code with it.
June 8, 201510 yr X32dbg References in the dropdown menu is not displayed ( by pressing the right mouse button ) . It makes that the calculator does not work as it should . Edited June 8, 201510 yr by sstrato
June 8, 201510 yr Author It would nice to have resource strings i.e. push 65 etc to automatically analysed and appear in the CPU window (I don't know how hard it would be to code). Olly 2.01 has a plugin called resource refs that does a similar thing except it does it in a new window, it has the source code with it. I don't really see how that could be done in a generic way. '65' is a small constant that could be used for anything so it would be weird to show a random string. Maybe I'll export the reference search interface so people could make a plugin for that. X32dbg References in the dropdown menu is not displayed ( by pressing the right mouse button ) . It makes that the calculator does not work as it should . I don't think I understand what you mean. References are here And what do you mean with the calculator part? Maybe it is easier to make a video or screenshot
June 9, 201510 yr video.rar Menu references Only x32dbg. x64dbg ok. Edited June 9, 201510 yr by sstrato
June 9, 201510 yr Author @sstrato: I believe I fixed the first bug (it was really weird) and I definitely fixed the bug with the CalculatorDialog! A new snapshot will be available soon By the way, how do you run x64dbg on Windows XP?
June 22, 201510 yr Author Video_error.rar Hi, I solved this problem. The latest snapshot should not longer have this bug, thanks for the report! Greetings Edited June 22, 201510 yr by Mr. eXoDia
June 22, 201510 yr i noticed this too, thought it was only for the session. have you fixed the problem with the strings we talked about?
June 25, 201510 yr Author have you fixed the problem with the strings we talked about? Don't believe I did... I did solve some problems, but honestly I forgot exactly what the problem was I'll attend to it later. Tomorrow I have (hopyfully) my last exam for this year
June 29, 201510 yr Don't believe I did... I did solve some problems, but honestly I forgot exactly what the problem was I'll attend to it later. Tomorrow I have (hopyfully) my last exam for this year yeah we tried that other night at skype and you said you had an idea, but it wasnt working in the end, hmm write me a pm here, because skype is broken, need to install again. it was a problem with the string search, i think the target is added in the pm already. good luck with your exam!
June 30, 201510 yr i am exploring a target with blowfish and other crypto code parts, in IDA i found the code parts, but i am not able to find them in x64dbg. i imported the MAP file from IDA, but it does not copy the remark for the crypto parts. would be really cool if somebody could write something like a signature plugin? or is there an other way to find the code parts? maybe importing something from IDA?
July 5, 201510 yr Author you should export the comments (not sure if IDA can do that though). you can also try IDALdr to load signatures.
July 14, 201510 yr Author restored xp support + added virtual module support syntax: virtualmod "security.dll",base[,size]size is optional, auto calculated to the page size of base... sections + exports + entry point are loaded when found in the memory PE header.
July 31, 201510 yr Is incomplete in recent snapshot the (string references). Example:Before ("Demo").After ("Dem"). Edited August 1, 201510 yr by sstrato
Create an account or sign in to comment