How to log xmm0 register when tracing?

[noonerulez]

I have breakpointed at a specific instruction and I did Trace --> Trace into. This is what I put for my log text: "0x{p:rip} {i:rip} xmm0: {xmm0}". However, I get "0x000000010003B036 cmp qword ptr ds:[rax+0x68], 0x0 xmm0: ???" as the output in the log tab. According to this, the registers in the architecture are provided. However, the FPU registers do not seem to available. Have I made a mistake?

Edited December 19, 2018 by noonerulez

[evlncrn8]

possibly because that instruction doesnt use the xmm0 register at all ?

[noonerulez]

I tried again with instructions that use xmm0 and xmm1:

Log Text: 0x{p:rip} {i:rip} xmm1: {xmm1}

0x000000010003B03D cvtsi2sd xmm0, dword ptr ds:[rax+0x70] xmm1: ???
0x000000010003B042 cvtsi2sd xmm1, dword ptr ds:[rax+0x74] xmm1: ???
0x000000010003B047 divsd xmm0, xmm1 xmm1: ???

[kao]

I looked at the document you linked to - and it never says that XMM registers are available. From a quick look at a slightly dated copy of source code, log and script functionality doesn't have access to FPU/MMX/XMM/SSE/etc registers.

You can easily check that in the command window. Try entering "rax" or "cax" - you'll get the correct value. "_if", "_zf", etc. gets correct flag value. Anything FPU-related just gets you an error "unknown expression"

[noonerulez]

Hmm, the document does say "All registers (of all sizes) can be used as variables."

Here is my issue: I am trying to reverse how a FPS game calculates the "mouse sensitivity" when the gun is zoomed in based off a different value called the "zoom sensitivity". It reads the "zoom sensitivity", does several stuff (one of which is the calculation of the new "mouse sensitivity"), and eventually writes the new "mouse sensitivity" into a memory address. I have the address when the game reads the "zoom sensitivity" (start address) and I have the address when the game writes the new "mouse sensitivity" (end address) but I am trying to find the address in between the start address and the end address when the game actually calculates the new mouse sensitivity. My idea was to break at the start address and trace until xmm0 is 17.00 (which is the new mouse sensitivity). However, it looks like this is not an option. Any advice on how I can proceed? Should I just animate through the code?

[kao]

"It's open source, dude, why don't you fix it yourself?"   Perhaps that sounds snarky - but in my experience that sums up the attitude of many of the x64dbg fanboys.

(I tried to add xmm0 support myself but getting the value was not working as expected. Didn't try very hard, though.)

 

Your other options are probably to file a bug in x64dbg bug tracker or switch to windbg for this particular task - it really supports all registers. Or hope that @mrexodia notices this thread and helps you out.

 

 

[noonerulez]

It turns out that Cheat Engine's debugger supports all registers too via its "Break and trace instructions" option.

[mrexodia]

Currently the issue is that in x64dbg all values are 32/64 bit integers. The whole expression/formatting system is based around that and as such it is quite difficult to add (proper) support for things like xmm and fpu registers without a major overhaul unfortunately. It is possible to write a plugin that will allow you to do "{xmm1@sse.float32()}" and "xmm1@sse.float64()", but this doesn't feel right to me to add to x64dbg itself... I will see if I can find some time to make a proof of concept plugin and if I do I will post it here.