crystalboy Posted February 18, 2016 Share Posted February 18, 2016 On 31/1/2016 at 7:12 AM, Mr. eXoDia said: I have been thinking about how to do that for quite some time now, but do you have an idea how to do this on x64 (where the arguments are mostly passed through registers)? What about a function like collapse when RSP point to a system call? I have made a sample to make it clear. I think that can be one of the cleanest solution without wrongly show in the stack the first four parameters... Hope you will like it crystalboy 3 Link to comment
sstrato Posted March 5, 2016 Share Posted March 5, 2016 (edited) In the last (snapshot_2016-03-05_10-48.7z) breakpoints DLLs do not work. Edited March 10, 2016 by sstrato Link to comment
White Posted March 22, 2016 Share Posted March 22, 2016 two suggestions: Registers window -> copy all registers value to clipboard. (OllyDbg Feature) Stack /Dump window -> select addr 003EFE74 - 003EFEA4 . Right mouse menu -Copy - To Clipboard (OllyDbg Feature) Link to comment
mrexodia Posted March 22, 2016 Author Share Posted March 22, 2016 White issues are here https://github.com/x64dbg/x64dbg/issues/613 and here https://github.com/x64dbg/x64dbg/issues/232 Link to comment
White Posted March 22, 2016 Share Posted March 22, 2016 1 hour ago, Mr. eXoDia said: White issues are here https://github.com/x64dbg/x64dbg/issues/613 and here https://github.com/x64dbg/x64dbg/issues/232 Nice, bro. Link to comment
Hypnz Posted March 22, 2016 Share Posted March 22, 2016 Suggestion: When u make a search for a constant for example, to put a bp at all references. Link to comment
mrexodia Posted March 23, 2016 Author Share Posted March 23, 2016 @Hypnz An issue is available here https://github.com/x64dbg/x64dbg/issues/160 Greetings Link to comment
Hypnz Posted March 23, 2016 Share Posted March 23, 2016 Thanks a lot mate for your efforts!! Link to comment
sstrato Posted May 22, 2016 Share Posted May 22, 2016 String in references to press F2 to enter a breakpoint could jump to the next line, as in olly. It would be a way to introduce faster interruption point in a selection. Link to comment
mrexodia Posted May 27, 2016 Author Share Posted May 27, 2016 @sstrato I removed that feature because it annoyed the shit out of me Might be a good idea to add an option for this though... 1 Link to comment
sstrato Posted May 27, 2016 Share Posted May 27, 2016 (edited) Ok. Edited May 27, 2016 by sstrato Link to comment
REAP Posted August 18, 2016 Share Posted August 18, 2016 Hello With Olly when making a call to an API, on the stack Olly "translates" the arguments and saves you referring to MSDN. Is it possible to do the same with x64dbg? Is it possible to add icons to the shortcut bar (not sure if this is correct description). Where restart / stop / go etc. Thanks Link to comment
sstrato Posted August 25, 2016 Share Posted August 25, 2016 Crash X32 X64. crash-x32-x64.wmv Link to comment
mrexodia Posted August 25, 2016 Author Share Posted August 25, 2016 @sstrato I tried on witcher3.exe (43mb with about 150k functions) this is the log (and no hang/crash): INT3 breakpoint "entry breakpoint" at <witcher3.EntryPoint> ( 00007FF72EECA7B8 )! Starting analysis... Basic block starts in 9438ms! 0 functions from the exception directory... 1086925 basic blocks, 49649 function starts detected... Basic blocks in 13015ms! 738030/1086925 delayed blocks... 312227/738030 delayed blocks resolved (425803/1086925 still left, probably unreferenced functions) 425803/1086925 unreferenced blocks 151649 functions found! Functions in 1844ms! Function ranges in 109ms! Analysis finished! 141931 function(s) listed Could you show me your log? Link to comment
sstrato Posted August 25, 2016 Share Posted August 25, 2016 (edited) Oddly enough only hangs if "functionlist" runs from the CPU window. It has something to do with the color refreshment instructions. log-jue-ago-25 -8-29-56 2016.txt Edited August 25, 2016 by sstrato Link to comment
mrexodia Posted August 27, 2016 Author Share Posted August 27, 2016 Hm just tried, also works fine with the View -> Functions menu. Link to comment
sstrato Posted August 27, 2016 Share Posted August 27, 2016 (edited) crash.wmv Edited August 27, 2016 by sstrato Link to comment
mrexodia Posted August 28, 2016 Author Share Posted August 28, 2016 I just tried exactly your steps on the same DLL file: 2016-08-28_13-06-56.mp4 Link to comment
sstrato Posted August 28, 2016 Share Posted August 28, 2016 Well, not what else to say, I send the minidump if it helps. dump-28082016_1407130971.dmp Link to comment
mrexodia Posted August 28, 2016 Author Share Posted August 28, 2016 (edited) 4 hours ago, sstrato said: Well, not what else to say, I send the minidump if it helps. dump-28082016_1407130971.dmp It says: x64gui+3ef95 000007fe`ef2aef95 80781900 cmp byte ptr [rax+19h],0 This appears to be in capstone_gui.cpp:199 which has something to do with an std::map. The only thing I can imagine is some multi-threading gone wrong so I removed the entire map and replaced it with an array. EDIT: I also encountered the crash randomly now and the removal of the map should solve it. New snapshot should be available soon, thanks! Edited August 28, 2016 by Mr. eXoDia Link to comment
Hypnz Posted September 3, 2016 Share Posted September 3, 2016 @Mr. eXoDia At last snapshot i'm trying to debug a app at win 8.1 native not VM. I set my bp's the app breaks but the main window doesn't show the location of the break. Just the the main screen when the app loaded. Link to comment
mrexodia Posted September 3, 2016 Author Share Posted September 3, 2016 @Hypnz Could you provide a detailed guide on how to reproduce this? Link to comment
Hypnz Posted September 3, 2016 Share Posted September 3, 2016 @Mr. eXoDia Just load the app to the debugger. Put your breakpoints and run, should see the debugger breaks but main window doesn't go there. Neither responds if u double click to RIP. Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now