|
Hi, I've tried the debugger and it's pretty good, just one thing to comment, can you make the 64 bits version can load 32 bits application under wow64? (like windbg64) It will be very usefull for making apps that works on x86 over x64 or viceversa (heavens gate).
Regards |
Quote:
Greetings |
Actually this would be nice feature, but also to be able to switch between modes while debugging (eg. to continue to x64 from wow64 syscall stub for example) :)
|
@deroko: I do plan on adding WOW64 debugging later on.
|
...tha main thing is to not lose the spirit! Two years and still the work goes on, that is a good sign. And I like the clean and simple GUI also ;)
|
@mr.exodia: adding follow in dump in dump window would be kick ass feature :)
|
@deroko: I already added that: http://prntscr.com/7twiny
|
I know, and I'm grateful for that one :) Would be also nice when you select dword/qowrd in dump to have also Follow in Dump DWORD like in olly :) if you got keep track of this history and go forward/back with +- that would be even better :)
Here is what I mean : http://prntscr.com/7u31gr |
@deroko: sorry, I was a little tired when I read your question. My mistake! I will add what you propose today :)
History will take more time. It is quite hard to do with the current code, but I will figure something out once I feel more like it. Greetings |
Thank you :) this would be one of the features I was missing :D
|
I am not olly pro, so let me ask few questions about x64dbg?
1. Minor. Does it have sync option between tabs. So, if I stopped at some EIP I can switch to memory map and see synced memory region line active, not the top one. Example: I stopped at 18001234 switch to Memory Map and see 18000000 active and it is .text of test.dll 2. Minor. Is there an option show Export names in comments? Example: I stopped at 18001234 and see in comments column: test.dll!DllMain 3. Major. How can I point DLL of interest, but start test.exe instead of DLLLoaderXXX.exe? I changed the command line and restarted debug, but the command line reset as well. I suppose it changes only environment data, not the .exe. 4. Crit. Extend the Q3. Is it possible to debug 64-bit DLL and use .net .exe as loader? If I try to point .exe as target x64dbg says "Use 32-bit debugger". I think it is not my case. 5. Idea. Any plans to make it interactive like IDA? Or at least split the code flow blocks with empty lines. |
I am trying find the encryption seeds from a 64bit daemon, and have only experience using Ollydbg, which doesn't debug x64 binaries.
So I started using x64_dbg, but this debugger does not have a field where you can input any arguments such as "-t computer-name 4 –c license.lic" I tried x64_dgb "C:\FullPathTo\File.exe" parm1 parm2 -3 -4 -debug x64_dgb "C:\FullPathTo\File.exe" -t computer-name 4 –c license.lic and using InitDebug & setcommandline, but none of these pass the arguments -t computer_name 4 -c license.lic to the debugger Can anybody tell me how to pass on arguments to this debugger? rgds |
Any help please?
|
Just tested it on x64 - Google Chrome. Immunity crashed for some reason, but this helped me a lot!
|
I always use your x64_dbg.
It helped me a lot! It's a great and a masterpiece creation. Thank you mr.exodia... Best regards, -=yoza=- |
Quote:
Certainly helps a lot , with newer programs whose anti-debugging mechanisms simply check for OLLY , but don't check for this debugger :) Please continue your development on this mr.exodia ... |
I wonder if it is possible to call a dll export when we load dll in x64dbg(similar to olly).
Does anyone know if this is possible? I were not able to find this myself. |
May be use "Set origin here" to change EIP after break on retn in DllMain.
|
Hello,
Syoma is right, you can do something like setting the EIP. Another method is to simply code a small DLL loader that does something like this: Code:
#include <windows.h>Mr. eXoDia |
Quote:
Thanks for reply. These 2 ways were somehow obvious and I already have done it this way. But I thought there may be an easy for it like olly, because it somehow a useful option for debugging DLLs. Maybe I write its plugin my own. Regards |
Yea, a plugin sounds cool. Feel free to drop me a message if you need help.
|
Just a quick q, why not implementing python as script instead of developing own scripting language? :)
|
At the time it seemed more logical to do an olly script like language. Right now there is someone working on python.
|
Quote:
as i think it is impossible to pass arguments now, but maybe are some plans to add this possibility to x64_dbg? or advise other debugger for x64. |
IDA Pro is also nice for x64.
|
I don't wanna be rude here but the question about passing arguments has been answered in this thread multiple times :)
Also check out the FAQ before you ask questions : http://faq.x64dbg.com |
excuse me for my carelessness.
thank you for your patience and link. |
Version 25 is out.
eXoDia added the search in memory feature. :) |
Quote:
It seems that OllyDbg 64 is dead; but hopefully we have x64_Dbg |
Quote:
A debugger on X64 from Oleh will be a good competitor alo. |
I agree with GIV. But x64dbg is open source so it gives space for expansion for advance programmers to make their private builds, to others a chance to learn debugging mechanism, and its regularly updating and getting better, so olly for now is still better choice for 32bit systems, mor or less because of its code analysis feature and wide range of plugins for noob and medium level users.
PS. My vote goes to x64dbg. For sure in a near feature it will overcome olly |
As for the function analysis (no stack/arguments yet) there is a nice command to try:
'anal' Greetings |
There are 16 pages gone n i dont wanna check one by one if its said or not
From last couple of days i am playing with it seems ok to be before it was scary I miss stack trace it doesnot show main modules calls like olly when we pause it any progress in it After that i found analysis ofcourse cant see any calls in subroutine from where it is getting called N yup last thing is that cant we enter call without any BP on it cus sometimes i dont get BP but i know the code is excuting assuming 32bit patch on olly assuming atleast close on x64 now i click enter on call444balbla but it dont enter untill BP comes and u press f7 i had to find those hexes from hex editors n manually patched it. Anyway it is going good n i appreciate exodia work +1 cus last time i tried alpha 21 i guess seems progress slowly but steady ;) |
Anal is command haha nice command i will try ;) oh man cant stop laughing ;)
|
@Jasi: Call stack is indeed broken. It will be fixed soon hopefully (still working on merging Nukem's branch). The second issue is kind of hard to understand for me. Could you make a video and upload it somewhere please?
Thank you. |
By second i mean taking example with olly
now when you load 32bit execu. in olly then on subroutines you find $ sign which means its another subrountine entry point and when you press right click and you can see the all calls which are pointing to this subroutine thats what x64dbg lacks hope its clear now like i never know when new subroutine starts i assume its starts from PUSH BLA BLA i assume not clear though until we trace it |
Hello,
Thanks for your feedback. For now you can find references to a subroutine by using Ctrl+R on the entry point of the call. Greetings |
just used this today (find refs) and it works perfect.
i love my x64dbg so much, thanks for all the work on this project. |
I love this debugger, it works great & it's good looking...
But more important it's open source and I learned a lot from the sources. I've used it to reverse a few programs and learn unpacking! |
it's very cool, it's my main debugger on x64
|
| All times are GMT +8. The time now is 05:18. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX