tonyweb Posted May 24, 2015 Posted May 24, 2015 (edited) Thanks a lot for you quick support ... it's greatly appreciated For old friends there is always room for priority management So, some teenagers still have respect for elders I thought it was only a custom of the past Thanks again mate! Best Regards, Tony [EDIT] Just tried with x64 version and HOME key is working flawlessly while BOTTOM key, weirdly, always goes to (end_address - <const>) where <const> differs based on window height But, given I got this feature implemented climbing the request queue ... it's already fantastic. Thanks again Tony Edited May 25, 2015 by tonyweb
1MegofRAM Posted May 28, 2015 Posted May 28, 2015 (edited) This is a great debugger, It was hard to find a good 64 bit debugger. For a newbie like me whos only started doing this stuff for1 month managed to do a 64-bit crkme and patch it using your debugger. I had to use your latest snapshot version as the full releasewould get confused on breakpoints. The only issue I had was I had to use olly debug to find my way in the code (32bit code first) I particularly miss the ">" jump spots in the marginsto trace the code backwards. Edited May 28, 2015 by 1MegofRAM
mrexodia Posted May 28, 2015 Author Posted May 28, 2015 (edited) Just tried with x64 version and HOME key is working flawlessly while BOTTOM key, weirdly, always goes to (end_address - <const>) where <const> differs based on window height But, given I got this feature implemented climbing the request queue ... it's already fantastic. Yea, there are problems with when you try to follow an address that is too far at the end, it will not display so I decided to solve it like this until I properly fix it. This is a great debugger, It was hard to find a good 64 bit debugger. For a newbie like me whos only started doing this stuff for 1 month managed to do a 64-bit crkme and patch it using your debugger. I had to use your latest snapshot version as the full release would get confused on breakpoints. The only issue I had was I had to use olly debug to find my way in the code (32bit code first) I particularly miss the ">" jump spots in the margins to trace the code backwards. Always use the latest snapshots. Releases are just another snapshot where the number changes. Nothing more. The branch analysis is done partially with the view on the left, but I understand it's confusing. You can also use Ctrl+R in a region to find all references to that region. Another thing you can do is use 'Ctrl+H' and click something (number/register/whatever) to track occurrences (it will underline in red). Hope this helps, Mr. eXoDia Edited May 28, 2015 by Mr. eXoDia 2
sstrato Posted June 7, 2015 Posted June 7, 2015 In the last snapshot to use decompile ( Snowman ) both x32 and x64 are hung .Using Yara , after running a program ( x32, x64) , are in memory strings (unicode , text, etc.) which can be put hardware breakpoints you Acces to restart the program but these positions memory does not exist until the program is run and run this does not stop at the breakpoints . In Olly yes. it would be interesting to stop at these breakpoints , (sorry for the bad English , traducio with google ) .
mrexodia Posted June 7, 2015 Author Posted June 7, 2015 In the last snapshot to use decompile ( Snowman ) both x32 and x64 are hung . Using Yara , after running a program ( x32, x64) , are in memory strings (unicode , text, etc.) which can be put hardware breakpoints you Acces to restart the program but these positions memory does not exist until the program is run and run this does not stop at the breakpoints . In Olly yes. it would be interesting to stop at these breakpoints , (sorry for the bad English , traducio with google ) . Yea, snowman was broken. Just use snowman.dll from the previous snapshot (will fix it later today). Memory addresses have no meaning when there is no module assigned to them, so that is why they are not saved. In the future I might add virtual module support, which would solve this problem. @Mr.exodia I'd like x64dbg patch operates as ollydbg. It doesn't? Look at this video and tell me what you are missing. https://mega.co.nz/#!mwQygJAL!byQQdPshPHGRW8fHcXTFDb1actJ2uEYejuwkeArv_gk
Hypnz Posted June 7, 2015 Posted June 7, 2015 Oh nice I used previous version and i thought missing something Sorry
1MegofRAM Posted June 7, 2015 Posted June 7, 2015 It would nice to have resource strings i.e. push 65 etc to automatically analysed and appear in the CPU window (I don't know how hard it would be to code). Olly 2.01 has a plugin called resource refs that does a similar thing except it does it in a new window, it has the source code with it.
sstrato Posted June 8, 2015 Posted June 8, 2015 (edited) X32dbg References in the dropdown menu is not displayed ( by pressing the right mouse button ) . It makes that the calculator does not work as it should . Edited June 8, 2015 by sstrato
mrexodia Posted June 8, 2015 Author Posted June 8, 2015 It would nice to have resource strings i.e. push 65 etc to automatically analysed and appear in the CPU window (I don't know how hard it would be to code). Olly 2.01 has a plugin called resource refs that does a similar thing except it does it in a new window, it has the source code with it. I don't really see how that could be done in a generic way. '65' is a small constant that could be used for anything so it would be weird to show a random string. Maybe I'll export the reference search interface so people could make a plugin for that. X32dbg References in the dropdown menu is not displayed ( by pressing the right mouse button ) . It makes that the calculator does not work as it should . I don't think I understand what you mean. References are here And what do you mean with the calculator part? Maybe it is easier to make a video or screenshot 1
sstrato Posted June 9, 2015 Posted June 9, 2015 (edited) video.rar Menu references Only x32dbg. x64dbg ok. Edited June 9, 2015 by sstrato
sstrato Posted June 9, 2015 Posted June 9, 2015 (edited) Video_final.rar Edited June 9, 2015 by sstrato
mrexodia Posted June 9, 2015 Author Posted June 9, 2015 @sstrato: I believe I fixed the first bug (it was really weird) and I definitely fixed the bug with the CalculatorDialog! A new snapshot will be available soon By the way, how do you run x64dbg on Windows XP?
sstrato Posted June 10, 2015 Posted June 10, 2015 (edited) Video_fault.rar Edited June 18, 2015 by sstrato 1
mrexodia Posted June 22, 2015 Author Posted June 22, 2015 (edited) Video_error.rar Hi, I solved this problem. The latest snapshot should not longer have this bug, thanks for the report! Greetings Edited June 22, 2015 by Mr. eXoDia 2
Artic Posted June 22, 2015 Posted June 22, 2015 i noticed this too, thought it was only for the session. have you fixed the problem with the strings we talked about?
mrexodia Posted June 25, 2015 Author Posted June 25, 2015 have you fixed the problem with the strings we talked about? Don't believe I did... I did solve some problems, but honestly I forgot exactly what the problem was I'll attend to it later. Tomorrow I have (hopyfully) my last exam for this year 1
Artic Posted June 29, 2015 Posted June 29, 2015 Don't believe I did... I did solve some problems, but honestly I forgot exactly what the problem was I'll attend to it later. Tomorrow I have (hopyfully) my last exam for this year yeah we tried that other night at skype and you said you had an idea, but it wasnt working in the end, hmm write me a pm here, because skype is broken, need to install again. it was a problem with the string search, i think the target is added in the pm already. good luck with your exam!
Artic Posted June 30, 2015 Posted June 30, 2015 i am exploring a target with blowfish and other crypto code parts, in IDA i found the code parts, but i am not able to find them in x64dbg. i imported the MAP file from IDA, but it does not copy the remark for the crypto parts. would be really cool if somebody could write something like a signature plugin? or is there an other way to find the code parts? maybe importing something from IDA?
mrexodia Posted July 5, 2015 Author Posted July 5, 2015 you should export the comments (not sure if IDA can do that though). you can also try IDALdr to load signatures.
mrexodia Posted July 14, 2015 Author Posted July 14, 2015 restored xp support + added virtual module support syntax: virtualmod "security.dll",base[,size]size is optional, auto calculated to the page size of base... sections + exports + entry point are loaded when found in the memory PE header. 1
sstrato Posted July 14, 2015 Posted July 14, 2015 video.rar What should I do to stop at the video breackpoints. 1
sstrato Posted July 31, 2015 Posted July 31, 2015 (edited) Is incomplete in recent snapshot the (string references). Example:Before ("Demo").After ("Dem"). Edited August 1, 2015 by sstrato 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now