Command to display data in "Dump" panel and INT3 feature

[alorent]

Hi,

I have been ready lots of the documentation and feature request but I have not found it. Sorry if this feature is already available and I missed it.

1) Is there any command to display the content of a specific address? Something like "d eax", "d 0x401000", etc.

2) I can see that there is an option to bypass INT3 instructions. I place few of them in my source code to debug my code, but it's a bit painful that I have to "manually" trace/skip each INT3. Is there any way to make x64dbg to behave like OllyDbg or WinDbg? For example, I put four INT3 instructions, and I just want to press "GO" in each INT3 as I'm interested in stopping in the last INT3 of my source code. At the moment, I have to press "GO", then F8 (to skip the INT3), press "GO" again, press F8 to skip the next INT3, press "GO" again, etc. You can see that it's painful being changing from the GO key to the F8 key alternatively to go to my expected (last) INT3 in my source code.

Thanks!

 

[mrexodia]

1 try "[0x401000]" see http://help.x64dbg.com (read the introduction section)

2 you can use the 'skip next instruction' command. INT3 commands throw an exception and swallowing that per default is bad behavior in my opinion. there are also various stepping options available that you can try.

[alorent]

Thanks mrexodia.

 

1) I have tried "[0x401000]" in the lower "Command" editbox but the dump content is not updated to display the required address.Should I enter it in a different place?

 

2) I understand your arguments about swallowing INT3 instructions. This is totally understandable for reversing an application, but if you want to use x64dbg to debug your own (mostly) assembly code, then you know that you manually insert few INT3 along specific functions in your source code to stop in different locations while trying to find a bug in your application. For this scenario, being "skipping" instructions is quite painful as it delays a lot the debugging (due to being changing from GO to SKIP actions repeatedly till you get to the wanted INT3 location)

If you add this feature (maybe like an extra option that can be set by the user?) that will be great for common assembly programmers 

 

Thanks for this great software! 

[mrexodia]

As for the first point, check out the GUI section of the manual. The command you're probably looking for is "dump 401000". With [401000] it will dereference a pointer with the value 401000 and dump at that location.

For the second point there should be an option specifically for skipping int3 instructions I will verify the behavior for that.

Edited November 2, 2016 by mrexodia

[mrexodia]

Okay, if you enable the Engine | Skip INT3 Stepping option you can use INT3 as a usual breakpoint. It only works for normal step in (F7), step over (F8) and run (F9) it doesn't work for the options that have to do with exception manipulation, but feel free to send a pull request if you want it on other options too. You need the latest release (or wait a day or two for a snapshot to come out).

Edited November 2, 2016 by mrexodia

[alorent]

Thanks mrexodia!

I already tried the "Skip INT3 Stepping" option and that option works great when pressing F8/F7, but when I press "run" (F9) it produces a 0x80000003 exception. That is, the F9 command is not "ignoring" the INT3.

I have tried also with latest available snapshot ( snapshot_2016-10-31_23-29.zip )

Is there a bug with "Skip INT3 Stepping" and F9 key?

Thanks!

[mrexodia]

There is no bug. Before last night 3am it wasn't fixed. Try http://releases.x64dbg.com

[alorent]

Thanks! It works perfectly now!!! 

I love this debugger!