Jump to content
Tuts 4 You

Exceptions and Entry Points

Artic

By Artic
in x64dbg

Recommended Posts

Artic

Artic

Posted
Posted

working fine here after setting a few exceptions. is there a way to let the dbg app only BP on the EP of the app itself? because it BP on every dll which is loaded - takes alot F9 to get there to the full loaded app.


 


looking forward to some plugins.


you consider to let us patch the app on the fly? like we can with olly?!


  • Like 1
Link to comment
RaMMicHaeL

RaMMicHaeL

Posted
Posted

Good start, well done!


 


The first thing I've stumbled upon is the inability to pass an exception to the debugged program - Shift+F7/F8/F9 in OllyDbg.


Is it lurking somewhere, or is it not implemented yet?


  • Like 1
Link to comment
mrexodia

mrexodia

Posted
Posted

working fine here after setting a few exceptions. is there a way to let the dbg app only BP on the EP of the app itself? because it BP on every dll which is loaded - takes alot F9 to get there to the full loaded app.

 

looking forward to some plugins.

you consider to let us patch the app on the fly? like we can with olly?!

Currently the debugger breaks on system breakpoint + app entry point automatically, I will add a few options so you can customize this further.

static void cbLoadDll(LOAD_DLL_DEBUG_INFO* LoadDll){    void* base=LoadDll->lpBaseOfDll;    char DLLDebugFileName[deflen]="";    if(!GetMappedFileNameA(fdProcessInfo->hProcess, base, DLLDebugFileName, deflen))        strcpy(DLLDebugFileName, "??? (GetMappedFileName failed)");    else        DevicePathToPath(DLLDebugFileName, DLLDebugFileName, deflen);    dprintf("DLL Loaded: "fhex" %s\n", base, DLLDebugFileName);    SymLoadModuleEx(fdProcessInfo->hProcess, LoadDll->hFile, DLLDebugFileName, 0, (DWORD64)base, 0, 0, 0);    IMAGEHLP_MODULE64 modInfo;    memset(&modInfo, 0, sizeof(modInfo));    modInfo.SizeOfStruct=sizeof(IMAGEHLP_MODULE64);    if(SymGetModuleInfo64(fdProcessInfo->hProcess, (DWORD64)base, &modInfo))        modload((uint)base, modInfo.ImageSize, modInfo.ImageName);    bpenumall(0);    char modname[256]="";    if(modnamefromaddr((uint)base, modname, true))        bpenumall(cbSetModuleBreakpoints, modname);    //TODO: plugin callback    PLUG_CB_LOADDLL callbackInfo;    callbackInfo.LoadDll=LoadDll;    callbackInfo.modInfo=&modInfo;    callbackInfo.modname=modname;    plugincbcall(CB_LOADDLL, &callbackInfo);}
As you can (or cannot) see here, the debugger will not break when a DLL is loaded, probably you mean exceptions(?)

Good start, well done!

 

The first thing I've stumbled upon is the inability to pass an exception to the debugged program - Shift+F7/F8/F9 in OllyDbg.

Is it lurking somewhere, or is it not implemented yet?

You're right. Currently these commands are not yet implemented, they will be implemented soon.

Thanks for the feedback both!

Greetings

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...