Jump to content
Tuts 4 You
Sign in to follow this  
mrexodia

Feature suggestions

Recommended Posts

tonyweb

Thanks a lot for you quick support ... it's greatly appreciated :)


 


For old friends there is always room for priority management :P

So, some teenagers still have respect for elders :P


I thought it was only a custom of the past :D


 


Thanks again mate!


 


Best Regards,


Tony


 


[EDIT]


Just tried with x64 version and HOME key is working flawlessly while BOTTOM key, weirdly, always goes to (end_address - <const>) where <const> differs based on window height :P   But, given I got this feature implemented climbing the request queue ... it's already fantastic.


 


Thanks again :)


Tony

Edited by tonyweb (see edit history)

Share this post


Link to post
1MegofRAM

This is a great debugger, It was hard to find a good 64 bit debugger. For a newbie like me whos only started doing this stuff for


1 month managed to do a 64-bit crkme  and patch it using your debugger. I had to use your latest snapshot version as the full release


would get confused on breakpoints.


 


The only issue I had was I had to use olly debug to find my way in the code (32bit code first) I particularly miss the ">" jump spots in the margins


to trace the code backwards.


Edited by 1MegofRAM (see edit history)

Share this post


Link to post
mrexodia

Just tried with x64 version and HOME key is working flawlessly while BOTTOM key, weirdly, always goes to (end_address - <const>) where <const> differs based on window height :P   But, given I got this feature implemented climbing the request queue ... it's already fantastic.

 

Yea, there are problems with when you try to follow an address that is too far at the end, it will not display so I decided to solve it like this until I properly fix it.

 

This is a great debugger, It was hard to find a good 64 bit debugger. For a newbie like me whos only started doing this stuff for

1 month managed to do a 64-bit crkme  and patch it using your debugger. I had to use your latest snapshot version as the full release

would get confused on breakpoints.

 

The only issue I had was I had to use olly debug to find my way in the code (32bit code first) I particularly miss the ">" jump spots in the margins

to trace the code backwards.

Always use the latest snapshots. Releases are just another snapshot where the number changes. Nothing more.

The branch analysis is done partially with the view on the left, but I understand it's confusing. You can also use Ctrl+R in a region to find all references to that region. Another thing you can do is use 'Ctrl+H' and click something (number/register/whatever) to track occurrences (it will underline in red).

Hope this helps,

Mr. eXoDia

Edited by Mr. eXoDia (see edit history)
  • Like 2

Share this post


Link to post
sstrato

In the last snapshot to use decompile ( Snowman ) both x32 and x64 are hung .Using Yara , after running a program ( x32, x64) , are in memory strings (unicode , text, etc.) which can be put hardware breakpoints you Acces to restart the program but these positions memory does not exist until the program is run and run this does not stop at the breakpoints . In Olly yes. it would be interesting to stop at these breakpoints , (sorry for the bad English , traducio with google ) .

Share this post


Link to post
Hypnz

@Mr.exodia I'd like x64dbg patch operates as ollydbg.


Share this post


Link to post
mrexodia

In the last snapshot to use decompile ( Snowman ) both x32 and x64 are hung .

Using Yara , after running a program ( x32, x64) , are in memory strings (unicode , text, etc.) which can be put hardware breakpoints you Acces to restart the program but these positions memory does not exist until the program is run and run this does not stop at the breakpoints . In Olly yes. it would be interesting to stop at these breakpoints , (sorry for the bad English , traducio with google ) .

Yea, snowman was broken. Just use snowman.dll from the previous snapshot (will fix it later today).

Memory addresses have no meaning when there is no module assigned to them, so that is why they are not saved. In the future I might add virtual module support, which would solve this problem. 

 

@Mr.exodia I'd like x64dbg patch operates as ollydbg.

It doesn't? Look at this video and tell me what you are missing. https://mega.co.nz/#!mwQygJAL!byQQdPshPHGRW8fHcXTFDb1actJ2uEYejuwkeArv_gk

Share this post


Link to post
Hypnz

Oh nice :)  I used previous version and i thought missing something :) Sorry


Share this post


Link to post
1MegofRAM

It would nice to have resource strings i.e. push 65 etc to automatically analysed and appear in the CPU window (I don't know how hard it would be to code).


 


Olly 2.01 has a plugin called resource refs that does a similar thing except it does it in a new window, it has the source code with it.


Share this post


Link to post
sstrato

X32dbg References in the dropdown menu is not displayed ( by pressing the right mouse button ) .


 


It makes that the calculator does not work as it should .


Edited by sstrato (see edit history)

Share this post


Link to post
mrexodia

It would nice to have resource strings i.e. push 65 etc to automatically analysed and appear in the CPU window (I don't know how hard it would be to code).

 

Olly 2.01 has a plugin called resource refs that does a similar thing except it does it in a new window, it has the source code with it.

 

I don't really see how that could be done in a generic way. '65' is a small constant that could be used for anything so it would be weird to show a random string. Maybe I'll export the reference search interface so people could make a plugin for that.

X32dbg References in the dropdown menu is not displayed ( by pressing the right mouse button ) .

 

It makes that the calculator does not work as it should .

I don't think I understand what you mean. References are here

whuEbNZ.pngfq4r2Mb.png

And what do you mean with the calculator part? Maybe it is easier to make a video or screenshot :)

  • Like 1

Share this post


Link to post
mrexodia

@sstrato: I believe I fixed the first bug (it was really weird) and I definitely fixed the bug with the CalculatorDialog! A new snapshot will be available soon :)

By the way, how do you run x64dbg on Windows XP?

Share this post


Link to post
mrexodia

Hi,

I solved this problem. The latest snapshot should not longer have this bug, thanks for the report!

Greetings

Edited by Mr. eXoDia (see edit history)
  • Like 2

Share this post


Link to post
Artic

i noticed this too, thought it was only for the session.


 


have you fixed the problem with the strings we talked about?


Share this post


Link to post
mrexodia

have you fixed the problem with the strings we talked about?

Don't believe I did... I did solve some problems, but honestly I forgot exactly what the problem was :) I'll attend to it later. Tomorrow I have (hopyfully) my last exam for this year :)

  • Like 1

Share this post


Link to post
Artic

Don't believe I did... I did solve some problems, but honestly I forgot exactly what the problem was :) I'll attend to it later. Tomorrow I have (hopyfully) my last exam for this year :)

yeah we tried that other night at skype and you said you had an idea, but it wasnt working in the end, hmm write me a pm here, because skype is broken, need to install again.

 

it was a problem with the string search, i think the target is added in the pm already.

 

good luck with your exam!

Share this post


Link to post
Artic

i am exploring a target with blowfish and other crypto code parts, in IDA i found the code parts, but i am not able to find them in x64dbg. :(


i imported the MAP file from IDA, but it does not copy the remark for the crypto parts. 


 


would be really cool if somebody could write something like a signature plugin?


 


or is there an other way to find the code parts? maybe importing something from IDA?


Share this post


Link to post
mrexodia

you should export the comments (not sure if IDA can do that though). you can also try IDALdr to load signatures.

Share this post


Link to post
sstrato

When the virtual support module.


Share this post


Link to post
mrexodia

restored xp support + added virtual module support

syntax:

virtualmod "security.dll",base[,size]
size is optional, auto calculated to the page size of base... sections + exports + entry point are loaded when found in the memory PE header.
  • Like 1

Share this post


Link to post
sstrato

video.rar


 


What should I do to stop at the video breackpoints.


  • Like 1

Share this post


Link to post
sstrato

Is incomplete in recent snapshot the (string references).

 

Example:
Before ("Demo").
After ("Dem").

Edited by sstrato (see edit history)
  • Like 1

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...