mrexodia Posted September 4, 2016 Posted September 4, 2016 The second weekly digest is up, check it out if you are interested in x64dbg development! http://x64dbg.com/blog/2016/09/04/weekly-digest-2.html 6
Teddy Rogers Posted September 5, 2016 Posted September 5, 2016 Mentioned in lasts weeks digest, GleeBug looks like it certainly has an interesting future once completed and merged in to x64dbg. Other than the big performance gains over TitanEngine are there any other planned improvements? Ted.
mrexodia Posted September 5, 2016 Author Posted September 5, 2016 Yes! GleeBug will (eventually) fully support WOW64 debugging and child process debugging. It also includes fine-grained memory breakpoints and a well-tested PE parser, but the main reason for it is performance and the fact that maintaining TitanEngine is an absolute pain
mrexodia Posted September 11, 2016 Author Posted September 11, 2016 http://x64dbg.com/blog/2016/09/11/weekly-digest-3.html 4
mrexodia Posted September 25, 2016 Author Posted September 25, 2016 http://x64dbg.com/blog/2016/09/25/weekly-digest-5.html 2
mrexodia Posted October 2, 2016 Author Posted October 2, 2016 http://x64dbg.com/blog/2016/10/02/weekly-digest-6.html 1
mrexodia Posted October 23, 2016 Author Posted October 23, 2016 http://x64dbg.com/blog/2016/10/23/weekly-digest-9.html
Teddy Rogers Posted October 24, 2016 Posted October 24, 2016 I'm not sure if you want to duplicate your digest, to save you from posting every week you may be able to get the Blog to auto update the entries here? Ted.
mrexodia Posted October 25, 2016 Author Posted October 25, 2016 Well the hidden goal is obviously to get more visitors to the blog for the ad revenue but do you mean republish the post content or post links on the blog?
Teddy Rogers Posted October 31, 2016 Posted October 31, 2016 I was predominantly thinking of the links, which ever works and suits you best. I understand the concern with the traffic... Ted.
mrexodia Posted October 31, 2016 Author Posted October 31, 2016 I will look into the blog and how it best fits in the workflow. Next post is out also: http://x64dbg.com/blog/2016/10/30/weekly-digest-10.html
mrexodia Posted November 27, 2016 Author Posted November 27, 2016 http://x64dbg.com/blog/2016/11/27/weekly-digest-14.html Quote Weekly digest 14 27 Nov 2016, by mrexodia This is already number fourteen of the weekly digests! It will highlight the things that happened to and around x64dbg this week. Types There has been quite a lot of progress on the type system in the last few months, but it has now (sort of) come together and you can really start using it. Currently you can get types in the following ways: Add them with commands; Load them from JSON; Load simple C++ headers. If you want to show a structure (as seen below) you first have to load/parse the types and then you can ‘visit’ the type with an (optional) address to lay it over linear memory. Pointers are supported but the VisitType command has to be used with an explicit pointer depth to expand pointers. This took all my time for the week, which is why this post is very short. The technical details are interesting though. The built-in type system has no/limited support for dynamic types (variable array sizes are not supported). This was needed to keep the structures simple and get started quickly. The GUI however is designed to be more generic and the API is much simpler. typedef struct _TYPEDESCRIPTOR { bool expanded; //is the type node expanded? bool reverse; //big endian? const char* name; //type name (int b) duint addr; //virtual address duint offset; //offset to addr for the actual location int id; //type id int size; //sizeof(type) TYPETOSTRING callback; //convert to string void* userdata; //user data } TYPEDESCRIPTOR; BRIDGE_IMPEXP void* GuiTypeAddNode(void* parent, const TYPEDESCRIPTOR* type); BRIDGE_IMPEXP bool GuiTypeClear(); You can directly build the tree and a callback is provided to convert a TYPEDESCRIPTOR to a string value to display, which allows for great flexibility. Some possible use cases would be: Parse types with clang and show them in the GUI; Support Binary Templates; Support Kaitai Struct. In the future I want to add often-used types to a database and ship that with x64dbg. There will (eventually) be a blogpost describing everything in detail, but if you are interested you should come and talk to me on Telegram. Fix log links and show suspected call stack frame In pull request #1282, torusrxxx added an alternative view for the callstack (without using the dbghelp StackWalk function) that might help in certain situations with displaying possible return values. The hyperlink in the logs of x32dbg are now also working again! Finished layered loop implementation You can now add (layered) loop markers with the loopadd command (undocumented). The API for plugins is DbgLoopAdd. Fixed ‘cannot get module filename’ Various people had issues with x64dbg showing ‘Cannot get module filename’ or ‘GetModuleFileNameExW failed’. These should now be fixed. In addition you can now properly debug executables from a (VirtualBox) network share on Windows XP (and older versions of Windows 7). Allow for more customization You can now customize more details of the graph, which allows for some nice themes. See Solarized Dark by Storm Shadow. There have also been various fixes with some color options not behaving correctly. Usual things That has been about it for this week again. If you have any questions, contact us on Telegram, Gitter or IRC. If you want to see the changes in more detail, check the commit log. You can always get the latest release of x64dbg here. If you are interested in contributing, check out this page. Finally, if someone is interested in hiring me to work on x64dbg more, please contact me! 1
kittmaster Posted April 6, 2017 Posted April 6, 2017 Quote Finally, if someone is interested in hiring me to work on x64dbg more, please contact me! The only suggestion I would add is to add some default keyboard hotkeys like in the references area, Control Home should move to the top line, Control end to the bottom, those are are basic windows functions that IMO should be present. This is a an amazing tool, I am really enjoying and kind of inspires me to pick it up again. Thank you for your incredible efforts.
mrexodia Posted April 8, 2017 Author Posted April 8, 2017 @kittmaster Open issue at http://issues.x64dbg.com 1
CodeExplorer Posted April 8, 2017 Posted April 8, 2017 @mrexodia: I have a suggestion which I think it would be great: follow call/jump address destination on code windows! Maybe is already there but I don't know it!
fearless Posted April 8, 2017 Posted April 8, 2017 You can use enter and + and - to navigate call and jumps = plus there is also a preview tooltip of the destination if its not in the current view. Here is a gif showing an example of it (keystrokes shown at the bottom when they occur) 3
CodeExplorer Posted April 17, 2017 Posted April 17, 2017 + doesn't work, - works ok (go back button after entering something. I've found "Follow in Dissasembler" option, it works for following calls/jumps!
fearless Posted April 17, 2017 Posted April 17, 2017 + will work if you have used return to follow a call/jmp, then use - to step back, the + will retrace the logic of the return keystroke in that sense
GMasterGreatee Posted April 19, 2017 Posted April 19, 2017 If you are using the button shown below, try Shift + '+'
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now