Jump to content
Tuts 4 You

Feature suggestions


mrexodia

Recommended Posts

mrexodia

@sstrato: Maybe they are never hit?


 


Thanks for the string references report. I will look into it :)


Link to post
  • Replies 180
  • Created
  • Last Reply

Top Posters In This Topic

  • mrexodia

    68

  • sstrato

    44

  • Artic

    14

  • Hypnz

    7

Top Posters In This Topic

Popular Posts

What about a function like collapse when RSP point to a system call? I have made a sample to make it clear. I think that can be one of the cleanest solution without wrongly show in the stack the

Search constant in the CPU window does not work. Possible solution change order of parameters in line CPUDisassembly.cpp: original: DbgCmdExec(QString("findref %1, %2, 0, %3").arg(addrT

Yea, there are problems with when you try to follow an address that is too far at the end, it will not display so I decided to solve it like this until I properly fix it.   Always use the late

Posted Images

mrexodia

@av999: sure, but do you have an example for this? I think it makes more sense to fix the log option instead of disabling it :)


Link to post

@Mr. eXoDia: hi, can you explain how to find pattern in memory? I mean, not only in a one  section, but all together, like in ollydbg.


Link to post

@Mr. eXoDia: when I start application I can Change Command line, for example,  program.exe -debug, but when I click button Restart, command line became  program.exe. Is it possible to save Command Line "program.exe -debug" even after debugger restarts?


Link to post
  • 2 weeks later...
  • 2 months later...
  • 1 month later...

stack search maybe?
improved HEX Dump search, sometimes i know it has to be in the dump, but i cant find it, a hex dump search would really help me.

Link to post
mrexodia

@Artic The hex dump search is fully implemented. Just hit ctrl+b and search away. Stack search is a good idea. I will try to implement that later.

Link to post
On 1/12/2016 at 1:09 PM, Mr. eXoDia said:

@Artic The hex dump search is fully implemented. Just hit ctrl+b and search away. Stack search is a good idea. I will try to implement that later.

awsome, i always forget about how to hex search and thats its there.
another idea, is to maybe list all comments you done in the CPU window (the disasm window).

an option to maybe turn of searching in the other modules, as i always know that it has to be in that module.

Link to post
mrexodia

You can list all comments by clicking the appropriate icon in the top menu bar. For now it is not possible to restrict your search to one module, but you can sort by address so you can kind of do that already. I will add the module name in there so you can sort by module.

Searching (hex search) only searches in the page you are in. If you want to search all memory use ctrl+b in the memory map.

  • Like 1
Link to post
  • 2 weeks later...

I know you have this on TODO, but here's a friendly reminder :D

Stack Window with Parameters shown like in Olly:

DM3RcHN.png

Would be lovely!

Edited by 0xNOP (see edit history)
  • Like 2
Link to post
mrexodia

@0xNOP: I have been thinking about how to do that for quite some time now, but do you have an idea how to do this on x64 (where the arguments are mostly passed through registers)? CreateProcessW on x64 would look something like:

   [rsp] call to CreateProcessW from X
   (rcx) ModuleFileName = X
   (rdx) CommandLine = X
    (r8) pProcessSecurity = X
    (r9) pThreadSecurity = X
 [rsp+8] InheritHandles = X
[rsp+10] CreationFlags = X
[rsp+18] pEnvironment = X
[rsp+20] CurrentDir = X
[rsp+28] pStartupInfo = X
[rsp+30] pProcessInfo = X

However, I'm against placing them on the stack (because they are not actually on the stack). Do you have an idea what to do with this?

  • Like 1
Link to post
  • 3 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...