From a8f70ccc0193a0b5ab48de1fa28ad2c881bce2d4 Mon Sep 17 00:00:00 2001 From: mrexodia Date: Wed, 25 May 2016 11:10:12 +0200 Subject: [PATCH] PROJECT: updated help --- help/Calculations.htm | 80 +++++++++++++++++++------------- help/InitDebug_initdbg_init.htm | 2 +- help/Input.htm | 29 ++++++------ help/Jxx_IFxx.htm | 2 +- help/cmp.htm | 8 ++-- help/functionclear.htm | 33 +++++++++++++ help/log.htm | 12 ++--- help/test.htm | 2 +- help/x64_dbg.wcp | Bin 89934 -> 90806 bytes src/dbg/x64_dbg.cpp | 11 ++++- 10 files changed, 118 insertions(+), 61 deletions(-) create mode 100644 help/functionclear.htm diff --git a/help/Calculations.htm b/help/Calculations.htm index 437689dd..706a6ff4 100644 --- a/help/Calculations.htm +++ b/help/Calculations.htm @@ -6,9 +6,9 @@ @@ -19,34 +19,52 @@ html,body { operations, just type an expression in the command window and the result will be displayed in the console. Apart from calculations, it allows quick variable changes using a C-like syntax.

-

Operators
You can use the -following operators in your expression. They are processed in the following order:

-

0:negative - : Negative numbers can be prefixed by a -'-' sign.

-

1:brackets: '(' and ')' Brackets are -resolved first, there is no need for a terminating bracket, unless you want to -use one.

-

2:not: '~' The not operator can be used before a -number of a variable, like in C.

-

3:muliplication/devision: '*' = regular -multiplication (signed/unsigned), '`' = get the higher part of the -multiplication, '/' = regular devision (signed/unsigned, devide by zero=error) -and '%' = get the modulo (remainder) of the devision.

-

4:addition/substraction: '+' and '-'

-

5:shift: '<' = shift left (shl for unsigned, -sal for signed), '>' = shift right (shr for unsigned, sar for signed).

-

6:and: '&' Just the regular AND operation like -in C.

-

7:xor: '^' Just the regular XOR operation like in -C.

-

8:or: '|' Just the regular OR operation like in -C.

-

Quick-Assigning
Changing memory, a +

Operators
You can use the following operators in your expression. +They are processed in the following order (source):

+

1:parentheses/brackets: (1+2), [1+6] have +priority over other operations.

+

2:unary minus/binary not/logical not: -1 (negative 1), ~1 (binary not of 1), !0 +(logical not of 0).

+

+3:multiplication/division: +2*3 (regular multiplication), 2`3 (gets high part of the +multiplication), 6/3 (regular division), 5%3 (modulo/remainder of +the division).

+

4:addition/subtraction: +1+3 (addition), 5-2 + (subtraction).

+

5:left/right +shift1<<2 (shift left, shl for unsigned, sal for +signed), 10>>1 (shift right, shl +for unsigned, sal for signed).

+

6:smaller (equal)/bigger (equal): 4<10, 3>6, +1<=2, 6>=7 (resolves to 1 if true, + 0 if false).

+

7:equal/not equal: 1==1, 2!=6 + (resolves to 1 if true, 0 if +false).

+

8:binary and: 12&2 + (regular binary +and).

+

9:binary xor: 2^1 + (regular binary +xor).

+

10:binary or: 2|8 + (regular binary +or).

+

11:logical and: 0&&3 + (resolves to 1 if true, 0 if +false).

+

12:logical or: 0||3 + (resolves to 1 if true, 0 if +false).

+

Quick-Assigning
Changing memory, a variable, register or flag can be easily done using a C-like syntax:

-

a?=b: '?' can be any mathematical operation. 'a' -can be any register, flag, variable or memory location. 'b' can be anything that is recognized as a mathmatical -input.

-

a++/a--: 'a' can be any register, flag, variable or memory +

a?= b: '?' can be any non-logical operator. +'a' can be any register, flag, variable or memory location. 'b' can be anything that is recognized as an +expression.

+

a++/a--: 'a' can be any register, flag, variable or memory location.

\ No newline at end of file diff --git a/help/InitDebug_initdbg_init.htm b/help/InitDebug_initdbg_init.htm index 90124b17..a0937074 100644 --- a/help/InitDebug_initdbg_init.htm +++ b/help/InitDebug_initdbg_init.htm @@ -20,7 +20,7 @@ the executable (do some basic checks), set breakpoints on TLS callbacks (if present), set a breakpoint at the process entry point and break at the system breakpoint before giving back control to the user.

-

arguments
  arg1 : Path to the executable file to debug. If no full path is given, the GetCurrentDirectory API will be +

arguments
  arg1: Path to the executable file to debug. If no full path is given, the GetCurrentDirectory API will be called to retrieve a full path. Use quotation marks to include spaces in your path. diff --git a/help/Input.htm b/help/Input.htm index 1a71dc77..24573cac 100644 --- a/help/Input.htm +++ b/help/Input.htm @@ -25,26 +25,25 @@ Variables optionally start with a $ and can only store one DWORD (QWORD on x64).

registers: All registers (of all sizes) can be used as variables.

-

memory locations: You can read from a memory location by using one of the -following expressions:
[addr]    - read a +

memory locations: +You can read/write from/to a memory location by using one of the +following expressions:
[addr]     - read a DWORD/QWORD, depending on the -architecture.
n:[addr]  - read n bytes -from.
REMARKS:
- n is the amount of bytes to read, this can be anything -smaller than 4 on x32 and smaller than 8 on x64 when specified, otherwise - - - - - there will be an error.

-

flags: Debug -flags (interpreted as integer) can be used as input. Flags are prefixed with a -'!' following the flag name. Valid flags are: !cf, !pf, !af, !zf, !sf, !tf, !if, -!df, !of, !rf, !vm, !ac, !vif, !vip and !id.

+architecture.
n:[addr]   - read n bytes from.
seg:[addr] - +read a DWORD/QWORD from a +segment.
REMARKS:
- n is the amount of bytes to read, this can be anything +smaller than 4 on x32 and smaller than 8 on x64 when specified, otherwise there +will be an error.
- seg + can be gs, es, cs, fs, ds, ss. Only fs and gs have an effect.

+

flags: Debug flags +(interpreted as integer) can be used as input. Flags are prefixed with an '_' +followed by the flag name. Valid flags are: _cf, _pf, _af, _zf, _sf, _tf, _if, +_df, _of, _rf, _vm, _ac, _vif, _vip and _id.

numbers: All numbers are interpreted as hex by default. If you want to be sure, you can use the "x" prefix or the "0x" prefix. Decimal numbers can be used by prefixing the number with a "." (.123=7B).

-

basic calculations: See "Calculations" for more information.

+

expressions: See "Expressions" for more information.

Module Data:

  1. diff --git a/help/Jxx_IFxx.htm b/help/Jxx_IFxx.htm index 8d535bed..ffd5c248 100644 --- a/help/Jxx_IFxx.htm +++ b/help/Jxx_IFxx.htm @@ -20,7 +20,7 @@ that can react on the flags set by the 'cmp' (and maybe other) command(s):

    • -
      uncondentional branch   - +
      unconditional branch    - jmp/goto
    • diff --git a/help/cmp.htm b/help/cmp.htm index 9cf6be6e..d32e8373 100644 --- a/help/cmp.htm +++ b/help/cmp.htm @@ -15,10 +15,10 @@ html,body { -

      cmp
      This command compares two expressions. Notice that -when you want to check for values being bigger or smaller, the comparison -arg1>arg2 is made. If this evaluates to true, the $_BS_FLAG is set to 1, -meaning the value is internally bigger. So you test if arg1 is bigger/smaller than +

      cmp
       This command compares two expressions. Notice +that when you want to check for values being bigger or smaller, the +comparison arg1>arg2 is made. If this evaluates to true, the $_BS_FLAG is set to +1, meaning the value is bigger. So you test if arg1 is bigger/smaller than arg2.

      arguments
       arg1: First expression to compare.

      diff --git a/help/functionclear.htm b/help/functionclear.htm new file mode 100644 index 00000000..4ca0d597 --- /dev/null +++ b/help/functionclear.htm @@ -0,0 +1,33 @@ + + + +functionclear + + + + + + + +

      + +functionclear +
      + +      Delete all functions in all modules. +

      +

      + + arguments + +
      +This command has no arguments.

      +

      result
       This command does not +set any result variables.

      + \ No newline at end of file diff --git a/help/log.htm b/help/log.htm index 974246fa..e27a59a8 100644 --- a/help/log.htm +++ b/help/log.htm @@ -19,12 +19,12 @@ html,body {

      arguments
      [arg1]: Format string (see down for more information). When not specified, a newline will be logged.

      [argN]: Data for the format string.

      -

      format string
      A format string like "Info 1: -{0}, Info 2: {1}\n Info 3:{2}". In place of {n} the n-th argument after the -format string is inserted. You can specify how to format the inserted data by -prepending a format type: "{s0}" logs a string. Other types are: "d" (log as -signed decimal), "u" (log as unsigned decimal), "p" (log as 0x????????), "s" -(log the string at the address specified).
      You can print a "{" by escaping it +

      format string
      + A format string like "Info 1: {0}, Info 2: {1}\n Info 3:{2}". In +place of {n} the n-th argument after the format string is inserted. You can +specify how to format the inserted data by prepending a format type: "{s:0}" logs +a string. Other types are: "d" (log as signed decimal), "u" (log +as unsigned decimal), "p" (log as ????????).
      You can print a "{" by escaping it like "{{". Same for "{". "\n" inserts a newline.

      result
      This command does not set any result variables.

      diff --git a/help/test.htm b/help/test.htm index de7d637a..daa9acc1 100644 --- a/help/test.htm +++ b/help/test.htm @@ -20,6 +20,6 @@ value.

      arguments
        arg1: Value to test.

        arg2: Tester.

      result
      This command sets the internal variables $_EZ_FLAG -and $_BS_FLAG. $_EZ_FLAG is set to 1 when arg1&arg2= = 0. $_BS_FLAG is +and $_BS_FLAG. $_EZ_FLAG is set to 1 when arg1 & arg2 == 0. $_BS_FLAG is always set to 0.

      \ No newline at end of file diff --git a/help/x64_dbg.wcp b/help/x64_dbg.wcp index 885895eaf845fdbe537874632eae29005e0debf2..e1be7e236ba1f02ac55dd7ad7876073ec0ccfb60 100644 GIT binary patch delta 851 zcmZ`%yG{a85Iu@uLL?SO3oDF9Z7{wq%oYlwg%2Y5NYt2Bc9lc~5%JN``2$-}8vnp# zjfI7Yg{?K6UtvS#nR{6T6SE1-otg8vbLaET|MKB~vIBEF$f1BV;>h3(7E=5#s>nbH zLHtv99y)qMElB6WH#mPtwkzWE>UY0^jxm3XeV7=dmc+uHK#aP!Ru=rgU%c+nxIB@z zYX%+yWlfi)-6FpX&T)c+I;BZ*i&siAf5*tcw5qHy&am&42m|Bw%VkJfWX{W^XfDsw zBxY2{BG00cL-sdY#wy8dMKo2X+H4~Ca#6xc%8Y@Dh6$6BV$jRQ*(D;)Ik9ov=-9;) zV{JJ}v&%VLD+@w?#?q7`PhkU5elh`>N{(|e_@E|^)PshZu@Pp6R4C{?ZuOSe`BYhU zG|Mm0Vj3&tkUme^JB#50F{Y}?D_CURYg(N!*4Z;wf0HEpOd^WRT6CV^>4cHuEprcI z6uRVnr76v{o|QIX(L$OP1FdJhKPIadv7W^>MSV^_*(zcD9fY2rC%($sElqaHx)Sbw zcXhTq&($F}++Fj9mT;Uf-SBNWYU93A)v4 G>HY^z>z(-k delta 72 zcmV-O0Js0P#Rbm31+ZoYvt|dH2D54q`~j1eCM2_p68Zy^=oT20j>#mmz7|#kmo`=b e8j~Pw46`~K;=z+d)*6%0)eMsu+#a)F+*XEKBOd$! diff --git a/src/dbg/x64_dbg.cpp b/src/dbg/x64_dbg.cpp index 59342b65..faea59c9 100644 --- a/src/dbg/x64_dbg.cpp +++ b/src/dbg/x64_dbg.cpp @@ -88,9 +88,12 @@ static void registercommands() dbgcmdnew("eSingleStep\1esstep\1esst", cbDebugeSingleStep, true); //SingleStep arg1:count + skip first chance exceptions dbgcmdnew("StepOut\1rtr", cbDebugRtr, true); //rtr dbgcmdnew("eStepOut\1ertr", cbDebugeRtr, true); //rtr + skip first chance exceptions + dbgcmdnew("DebugContinue\1con", cbDebugContinue, true); //set continue status + dbgcmdnew("LibrarianSetBreakPoint\1bpdll", cbDebugBpDll, true); //set dll breakpoint dbgcmdnew("LibrarianRemoveBreakPoint\1bcdll", cbDebugBcDll, true); //remove dll breakpoint + dbgcmdnew("switchthread\1threadswitch", cbDebugSwitchthread, true); //switch thread dbgcmdnew("suspendthread\1threadsuspend", cbDebugSuspendthread, true); //suspend thread dbgcmdnew("resumethread\1threadresume", cbDebugResumethread, true); //resume thread @@ -98,16 +101,19 @@ static void registercommands() dbgcmdnew("suspendallthreads\1threadsuspendall", cbDebugSuspendAllThreads, true); //suspend all threads dbgcmdnew("resumeallthreads\1threadresumeall", cbDebugResumeAllThreads, true); //resume all threads dbgcmdnew("setthreadpriority\1setprioritythread\1threadsetpriority", cbDebugSetPriority, true); //set thread priority + dbgcmdnew("symdownload\1downloadsym", cbDebugDownloadSymbol, true); //download symbols + dbgcmdnew("setjit\1jitset", cbDebugSetJIT, false); //set JIT dbgcmdnew("getjit\1jitget", cbDebugGetJIT, false); //get JIT dbgcmdnew("getjitauto\1jitgetauto", cbDebugGetJITAuto, false); //get JIT Auto dbgcmdnew("setjitauto\1jitsetauto", cbDebugSetJITAuto, false); //set JIT Auto + dbgcmdnew("getcmdline\1getcommandline", cbDebugGetCmdline, true); //Get CmdLine dbgcmdnew("setcmdline\1setcommandline", cbDebugSetCmdline, true); //Set CmdLine + dbgcmdnew("loadlib", cbDebugLoadLib, true); //Load DLL dbgcmdnew("skip", cbDebugSkip, true); //skip one instruction - dbgcmdnew("setfreezestack", cbDebugSetfreezestack, false); //freeze the stack from auto updates //breakpoints dbgcmdnew("bplist", cbDebugBplist, true); //breakpoint list @@ -172,6 +178,7 @@ static void registercommands() dbgcmdnew("refadd", cbInstrRefadd, false); dbgcmdnew("asm", cbInstrAssemble, true); //assemble instruction dbgcmdnew("sleep", cbInstrSleep, false); //Sleep + dbgcmdnew("setfreezestack", cbDebugSetfreezestack, false); //freeze the stack from auto updates //user database dbgcmdnew("cmt\1cmtset\1commentset", cbInstrCmt, true); //set/edit comment @@ -188,6 +195,7 @@ static void registercommands() dbgcmdnew("labellist", cbInstrLabelList, true); //list labels dbgcmdnew("bookmarklist", cbInstrBookmarkList, true); //list bookmarks dbgcmdnew("functionlist", cbInstrFunctionList, true); //list functions + dbgcmdnew("functionclear", cbInstrFunctionClear, false); //delete all functions //memory operations dbgcmdnew("alloc", cbDebugAlloc, true); //allocate memory @@ -257,7 +265,6 @@ static void registercommands() dbgcmdnew("setmaxfindresult\1findsetmaxresult", cbInstrSetMaxFindResult, false); //set the maximum number of occurences found dbgcmdnew("savedata", cbInstrSavedata, true); //save data to disk dbgcmdnew("scriptdll\1dllscript", cbScriptDll, false); //execute a script DLL - dbgcmdnew("functionclear", cbInstrFunctionClear, false); //delete all functions } static bool cbCommandProvider(char* cmd, int maxlen)