Logging or Save output to user on script of x64_dbg.

[pyutic]

Hello guys, Now I made script of x64_dbg.

I wish that I develope script which log trace log. but I cannot implement for log anything on script API.

Is there any script API for that doing, logging or saving? For my wish, Should I develop feature as plug-in?

I found API, refinit/refadd, but It is not enough to me

Edited April 16, 2015 by pyutic

[mrexodia]

Luckily for you there is a log command (currently undocumented). Download one of the latest snapshots from http://snapshots.x64dbg.com and use the log command like this: 

log "This is {0}, {s1}, {0}", 1234, rax

Saw rax points to the string "test123" then the log output would be: 

This is 1234, test123, 1234

There are more formats, see here for an overview: https://github.com/x64dbg/x64dbg/blob/master/x64_dbg_dbg/stringformat.cpp#L62

The command is still work in progress, which is why it wasn't documented yet, but during my tests it worked great!

Edited April 16, 2015 by Mr. eXoDia

[ahmadmansoor]

what u trying to do exactly ??.

give us an example what u want to log ,what the structure of log .

u need to save to file ,load from file !!! .

please explain more- more details  .

BR

[av999]

I did not understand

What is 1234?

Where is the link https://github.com/x...gformat.cpp#L62?

 

It may be too early to ask?

[mrexodia]

1234 is a number. It will be put in place of the {0}. The link is still there, it points to the file that handles the logging.

[Query Jobs]

Good

[Antitrack]

I have an additional problem: A trivial script does not work as I suppose it should.

Here the mini-script:

bc
bphwc
bp 14ad641e3
test:
log "rax: " , rax
erun
pause

The result in the log is:

rax:               (empty here instead of content of RAX)

1) How do I get the script to do what I want, i.e. log content of RAX  at memory location 14ad....etc.?

2) The disassembler knows that the content of [RAX] is exename.GetCommandLineW ; can I somehow log this knowledge of the disassembler too?

 

[Antitrack]

Oh sorry, it must be :  log "rax: {0}", rax              ; then it logs RAX, but not padded with Zeros like I used to have it on OllyDbg.

Anyway, I have another feature request,  a feature that Olly has, but X64dbg doesn't seem to have : I need a log of everything the current command did, in Ollydbg-style, like this:

 

00E410D6 Main     JMP     NEAR EAX
00E8A272 Main     ADD     DWORD PTR DS:[ESI+34], 11
00E8A276 Main     SUB     DWORD PTR DS:[ESI+34], -0A
00E8A27A Main     MOV     ECX, DF7FEFC1                     ; ECX=DF7FEFC1
00E8A27F Main     CMP     ECX, 1F9C57A2
00E8A285 Main     SBB     ECX, EC56B3A1                     ; ECX=F3293C20
00E8A28B Main     JMP     hc.00EB686E
00EB686E Main     XOR     ECX, DWORD PTR DS:[ESI+ECX+CD6C414]; ECX=F22F0910
00EB6875 Main     XOR     ECX, F3293C20                     ; ECX=01063530
00EB687B Main     MOV     EBX, 288A0477                     ; EBX=288A0477
00EB6880 Main     ROR     EBX, 1E                           ; EBX=A22811DC
00EB6883 Main     ADC     EBX, 7DD7EE30                     ; EBX=2000000D
00EB6889 Main     XOR     EBX, DWORD PTR DS:[ECX+EBX*8 73]  ; EBX=430000F3
00EB688D Main     XOR     EBX, 2000000D                     ; EBX=630000FE
00EB6893 Main     AND     EBX, FFFFFFFF
00EB6899 Main     SBB     EBX, 637400                       ; EBX=629C8CFE
00EB689F Main     BSWAP   EBX                               ; EBX=FE8C9C62
00EB68A1 Main     ADD     EBX, 0BC0E46                      ; EBX=FF48AAA8
00EB68A7 Main     TEST    EBX, FFFFFFFF
00EB68AD Main     ADC     EBX, 0B1C74A                      ; EBX=FFFA71F2
00EB68B3 Main     ROR     EBX, 5                            ; EBX=97FFD38F
00EB68B6 Main     PUSHFD

I.e. logging and disassembling of every instruction for quite a while, including log of current changes that were made to the registers....

Is this possible with x64dbg and if so, how?

 

 

Edited March 5, 2016 by Antitrack
typo