x64dbg/x64dbg
x64dbg
/
x64dbg
1
0
Fork 0
Code Releases 5 Activity

PROJECT: updated help 

DBG: added cmp instruction
DBG: fixed branch detection (not works completely)
This commit is contained in:
mr.exodia 2014-02-10 22:44:35 +01:00
parent 82064d3636
commit abca61daec
9 changed files with 259 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
help/Jxx_IFxx.htm Normal file
View File

@ -0,0 +1,44 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Jxx/IFxx</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>Jxx/IFxx<BR></STRONG>There are various branches
that can react on the flags set by the 'cmp' (and maybe
other)&nbsp;command(s):</P>
<UL>
<LI>
<DIV>uncondentional branch &nbsp; -
<U>jmp/goto</U></DIV></LI>
<DIV>
<LI>
<DIV>branch if not equal&nbsp;&nbsp; &nbsp; -
<U>jne/ifne(q)/jnz/ifnz</U></DIV></LI>
<LI>
<DIV>branch if equal&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp; - <U>je/ife(q)/jz/ifz</U></DIV></LI>
<LI>
<DIV>branch if smaller&nbsp;&nbsp;&nbsp;&nbsp; &nbsp; -
<U>jb/ifb/jl/ifl</U></DIV></LI>
<LI>
<DIV>branch if bigger&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;
- <U>ja/ifa/jg/ifg</U></DIV></LI></DIV>
<LI>
<DIV>branch if bigger/equal&nbsp; -
<U>jbe/ifbe(q)/jle/ifle(q)</U></DIV></LI>
<LI>
<DIV>branch if smaller/equal -
<U>jae/ifae(q)/jge/ifge(q)</U></DIV></LI></UL></body>
</html>

21
help/Script_Commands.htm Normal file
View File

@ -0,0 +1,21 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Script Commands</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>Script Commands<BR></STRONG>This section
contains various commands that are only used or available in a scripting
context.</P></body>
</html>

19
help/Scripting.htm Normal file
View File

@ -0,0 +1,19 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Scripting</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>Scripting</STRONG><BR>This sections provides an overview of automating tasks with x64_dbg using
scripts.</P></body>

30
help/cmp.htm Normal file
View File

@ -0,0 +1,30 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>cmp</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>cmp<BR></STRONG>This command compares two expressions. Notice that
when you want to check for values being bigger or smaller, the comparison
arg1&gt;arg2 is made. If this evaluates to true, the $_BS_FLAG is set to 1,
meaning the value is internally bigger. So you test if arg1 is bigger/smaller than
arg2.</P>
<P><U>arguments<BR></U>&nbsp;arg1: First expression to compare.
</P>
<P>&nbsp;arg2: Second expression to compare.
</P>
<P><U>result<BR></U>This command sets the internal
variables $_EZ_FLAG and $_BS_FLAG. They are checked when a branch is
performed.
</P></body></HTML>

164
help/x64_dbg.wcp
View File

@ -96,7 +96,7 @@ Font=
DefaultTopic=Introduction.htm
[TOPICS]
TitleList=70
TitleList=74
TitleList.Title.0=Introduction
TitleList.Level.0=0
TitleList.Url.0=Introduction.htm
@ -105,7 +105,7 @@ TitleList.Status.0=0
TitleList.Keywords.0=
TitleList.ContextNumber.0=1000
TitleList.ApplyTemp.0=0
TitleList.Expanded.0=1
TitleList.Expanded.0=0
TitleList.Kind.0=0
TitleList.Title.1=Input
TitleList.Level.1=1
@ -145,7 +145,7 @@ TitleList.Status.4=0
TitleList.Keywords.4=
TitleList.ContextNumber.4=1003
TitleList.ApplyTemp.4=0
TitleList.Expanded.4=0
TitleList.Expanded.4=1
TitleList.Kind.4=0
TitleList.Title.5=Debug Control
TitleList.Level.5=1
@ -455,7 +455,7 @@ TitleList.Status.35=0
TitleList.Keywords.35=
TitleList.ContextNumber.35=1004
TitleList.ApplyTemp.35=0
TitleList.Expanded.35=0
TitleList.Expanded.35=1
TitleList.Kind.35=0
TitleList.Title.36=strlen/charcount/ccount
TitleList.Level.36=2
@ -645,7 +645,7 @@ TitleList.Status.54=0
TitleList.Keywords.54=
TitleList.ContextNumber.54=1046
TitleList.ApplyTemp.54=0
TitleList.Expanded.54=0
TitleList.Expanded.54=1
TitleList.Kind.54=0
TitleList.Title.55=StartScylla/scylla/imprec
TitleList.Level.55=2
@ -657,144 +657,184 @@ TitleList.ContextNumber.55=1047
TitleList.ApplyTemp.55=0
TitleList.Expanded.55=0
TitleList.Kind.55=0
TitleList.Title.56=Plugins
TitleList.Level.56=0
TitleList.Url.56=Plugins.htm
TitleList.Title.56=Script Commands
TitleList.Level.56=1
TitleList.Url.56=Script_Commands.htm
TitleList.Icon.56=0
TitleList.Status.56=0
TitleList.Keywords.56=
TitleList.ContextNumber.56=1050
TitleList.ContextNumber.56=1070
TitleList.ApplyTemp.56=0
TitleList.Expanded.56=0
TitleList.Expanded.56=1
TitleList.Kind.56=0
TitleList.Title.57=Exports
TitleList.Level.57=1
TitleList.Url.57=Exports.htm
TitleList.Title.57=cmp
TitleList.Level.57=2
TitleList.Url.57=cmp.htm
TitleList.Icon.57=0
TitleList.Status.57=0
TitleList.Keywords.57=
TitleList.ContextNumber.57=1051
TitleList.ContextNumber.57=1071
TitleList.ApplyTemp.57=0
TitleList.Expanded.57=0
TitleList.Kind.57=0
TitleList.Title.58=_plugin_registercallback
TitleList.Title.58=Jxx/IFxx
TitleList.Level.58=2
TitleList.Url.58=_plugin_registercallback.htm
TitleList.Url.58=Jxx_IFxx.htm
TitleList.Icon.58=0
TitleList.Status.58=0
TitleList.Keywords.58=
TitleList.ContextNumber.58=1052
TitleList.ContextNumber.58=1072
TitleList.ApplyTemp.58=0
TitleList.Expanded.58=0
TitleList.Kind.58=0
TitleList.Title.59=_plugin_unregistercallback
TitleList.Level.59=2
TitleList.Url.59=_plugin_unregistercallback.htm
TitleList.Title.59=Plugins
TitleList.Level.59=0
TitleList.Url.59=Plugins.htm
TitleList.Icon.59=0
TitleList.Status.59=0
TitleList.Keywords.59=
TitleList.ContextNumber.59=1053
TitleList.ContextNumber.59=1050
TitleList.ApplyTemp.59=0
TitleList.Expanded.59=0
TitleList.Kind.59=0
TitleList.Title.60=_plugin_registercommand
TitleList.Level.60=2
TitleList.Url.60=_plugin_registercommand.htm
TitleList.Title.60=Exports
TitleList.Level.60=1
TitleList.Url.60=Exports.htm
TitleList.Icon.60=0
TitleList.Status.60=0
TitleList.Keywords.60=
TitleList.ContextNumber.60=1054
TitleList.ContextNumber.60=1051
TitleList.ApplyTemp.60=0
TitleList.Expanded.60=0
TitleList.Kind.60=0
TitleList.Title.61=_plugin_unregistercommand
TitleList.Title.61=_plugin_registercallback
TitleList.Level.61=2
TitleList.Url.61=_plugin_unregistercommand.htm
TitleList.Url.61=_plugin_registercallback.htm
TitleList.Icon.61=0
TitleList.Status.61=0
TitleList.Keywords.61=
TitleList.ContextNumber.61=1055
TitleList.ContextNumber.61=1052
TitleList.ApplyTemp.61=0
TitleList.Expanded.61=0
TitleList.Kind.61=0
TitleList.Title.62=_plugin_logprintf
TitleList.Title.62=_plugin_unregistercallback
TitleList.Level.62=2
TitleList.Url.62=
TitleList.Url.62=_plugin_unregistercallback.htm
TitleList.Icon.62=0
TitleList.Status.62=1
TitleList.Status.62=0
TitleList.Keywords.62=
TitleList.ContextNumber.62=1056
TitleList.ContextNumber.62=1053
TitleList.ApplyTemp.62=0
TitleList.Expanded.62=0
TitleList.Kind.62=0
TitleList.Title.63=_plugin_logputs
TitleList.Title.63=_plugin_registercommand
TitleList.Level.63=2
TitleList.Url.63=
TitleList.Url.63=_plugin_registercommand.htm
TitleList.Icon.63=0
TitleList.Status.63=1
TitleList.Status.63=0
TitleList.Keywords.63=
TitleList.ContextNumber.63=1057
TitleList.ContextNumber.63=1054
TitleList.ApplyTemp.63=0
TitleList.Expanded.63=0
TitleList.Kind.63=0
TitleList.Title.64=_plugin_debugpause
TitleList.Title.64=_plugin_unregistercommand
TitleList.Level.64=2
TitleList.Url.64=
TitleList.Url.64=_plugin_unregistercommand.htm
TitleList.Icon.64=0
TitleList.Status.64=1
TitleList.Status.64=0
TitleList.Keywords.64=
TitleList.ContextNumber.64=1058
TitleList.ContextNumber.64=1055
TitleList.ApplyTemp.64=0
TitleList.Expanded.64=0
TitleList.Kind.64=0
TitleList.Title.65=Structures
TitleList.Level.65=1
TitleList.Url.65=Structures.htm
TitleList.Title.65=_plugin_logprintf
TitleList.Level.65=2
TitleList.Url.65=
TitleList.Icon.65=0
TitleList.Status.65=0
TitleList.Status.65=1
TitleList.Keywords.65=
TitleList.ContextNumber.65=1059
TitleList.ContextNumber.65=1056
TitleList.ApplyTemp.65=0
TitleList.Expanded.65=0
TitleList.Kind.65=0
TitleList.Title.66=Callbacks
TitleList.Title.66=_plugin_logputs
TitleList.Level.66=2
TitleList.Url.66=Callbacks.htm
TitleList.Url.66=
TitleList.Icon.66=0
TitleList.Status.66=0
TitleList.Status.66=1
TitleList.Keywords.66=
TitleList.ContextNumber.66=1060
TitleList.ContextNumber.66=1057
TitleList.ApplyTemp.66=0
TitleList.Expanded.66=0
TitleList.Kind.66=0
TitleList.Title.67=PLUG_INITSTRUCT
TitleList.Title.67=_plugin_debugpause
TitleList.Level.67=2
TitleList.Url.67=PLUGINIT_STRUCT.htm
TitleList.Url.67=
TitleList.Icon.67=0
TitleList.Status.67=0
TitleList.Status.67=1
TitleList.Keywords.67=
TitleList.ContextNumber.67=1061
TitleList.ContextNumber.67=1058
TitleList.ApplyTemp.67=0
TitleList.Expanded.67=0
TitleList.Kind.67=0
TitleList.Title.68=Special Thanks
TitleList.Level.68=0
TitleList.Url.68=Special_Thanks.htm
TitleList.Title.68=Structures
TitleList.Level.68=1
TitleList.Url.68=Structures.htm
TitleList.Icon.68=0
TitleList.Status.68=0
TitleList.Keywords.68=
TitleList.ContextNumber.68=1024
TitleList.ContextNumber.68=1059
TitleList.ApplyTemp.68=0
TitleList.Expanded.68=0
TitleList.Kind.68=0
TitleList.Title.69=Fixed Top Style
TitleList.Level.69=0
TitleList.Url.69=template\fixedtop.htm
TitleList.Title.69=Callbacks
TitleList.Level.69=2
TitleList.Url.69=Callbacks.htm
TitleList.Icon.69=0
TitleList.Status.69=0
TitleList.Keywords.69=
TitleList.ContextNumber.69=
TitleList.ContextNumber.69=1060
TitleList.ApplyTemp.69=0
TitleList.Expanded.69=0
TitleList.Kind.69=2
TitleList.Kind.69=0
TitleList.Title.70=PLUG_INITSTRUCT
TitleList.Level.70=2
TitleList.Url.70=PLUGINIT_STRUCT.htm
TitleList.Icon.70=0
TitleList.Status.70=0
TitleList.Keywords.70=
TitleList.ContextNumber.70=1061
TitleList.ApplyTemp.70=0
TitleList.Expanded.70=0
TitleList.Kind.70=0
TitleList.Title.71=Scripting
TitleList.Level.71=0
TitleList.Url.71=Scripting.htm
TitleList.Icon.71=0
TitleList.Status.71=0
TitleList.Keywords.71=
TitleList.ContextNumber.71=1069
TitleList.ApplyTemp.71=0
TitleList.Expanded.71=0
TitleList.Kind.71=0
TitleList.Title.72=Special Thanks
TitleList.Level.72=0
TitleList.Url.72=Special_Thanks.htm
TitleList.Icon.72=0
TitleList.Status.72=0
TitleList.Keywords.72=
TitleList.ContextNumber.72=1024
TitleList.ApplyTemp.72=0
TitleList.Expanded.72=0
TitleList.Kind.72=0
TitleList.Title.73=Fixed Top Style
TitleList.Level.73=0
TitleList.Url.73=template\fixedtop.htm
TitleList.Icon.73=0
TitleList.Status.73=0
TitleList.Keywords.73=
TitleList.ContextNumber.73=
TitleList.ApplyTemp.73=0
TitleList.Expanded.73=0
TitleList.Kind.73=2

28
x64_dbg_dbg/instruction.cpp
View File

@ -456,3 +456,31 @@ CMDRESULT cbFunctionDel(int argc, char* argv[])
dputs("function deleted!");
return STATUS_CONTINUE;
}
CMDRESULT cbInstrCmp(int argc, char* argv[])
{
if(argc<3)
{
dputs("not enough arguments!");
return STATUS_ERROR;
}
uint arg1=0;
if(!valfromstring(argv[1], &arg1, 0, 0, false, 0))
return STATUS_ERROR;
uint arg2=0;
if(!valfromstring(argv[2], &arg2, 0, 0, false, 0))
return STATUS_ERROR;
uint ezflag;
uint bsflag;
if(arg1==arg2)
ezflag=1;
else
ezflag=0;
if(arg1>arg2)
bsflag=1;
else
bsflag=0;
varset("$_EZ_FLAG", ezflag, true);
varset("$_BS_FLAG", bsflag, true);
return STATUS_CONTINUE;
}

1
x64_dbg_dbg/instruction.h
View File

@ -22,5 +22,6 @@ CMDRESULT cbSavedb(int argc, char* argv[]);
CMDRESULT cbAssemble(int argc, char* argv[]);
CMDRESULT cbFunctionAdd(int argc, char* argv[]);
CMDRESULT cbFunctionDel(int argc, char* argv[]);
CMDRESULT cbInstrCmp(int argc, char* argv[]);
#endif // _INSTRUCTIONS_H

26
x64_dbg_dbg/simplescript.cpp
View File

@ -15,20 +15,20 @@ static SCRIPTBRANCHTYPE scriptgetbranchtype(const char* text)
char newtext[MAX_SCRIPT_LINE_SIZE]="";
strcpy(newtext, text);
argformat(newtext); //format jump commands
if(!strncmp(newtext, "jmp", 3) or !strncmp(newtext, "goto", 4))
if(!strncmp(newtext, "jmp ", 4) or !strncmp(newtext, "goto ", 5))
return scriptjmp;
else if(!strncmp(newtext, "jne", 3) or !strncmp(newtext, "ifne", 4) or !strncmp(newtext, "ifneq", 5) or !strncmp(newtext, "jnz", 3) or !strncmp(newtext, "ifnz", 4))
return scriptjnejnz;
else if(!strncmp(newtext, "je", 2) or !strncmp(newtext, "ife", 3) or !strncmp(newtext, "ifeq", 4) or !strncmp(newtext, "jz", 2) or !strncmp(newtext, "ifz", 3))
return scriptjejz;
else if(!strncmp(newtext, "jb", 2) or !strncmp(newtext, "ifb", 3) or !strncmp(newtext, "jl", 2) or !strncmp(newtext, "ifl", 3))
return scriptjbjl;
else if(!strncmp(newtext, "ja", 2) or !strncmp(newtext, "ifa", 3) or !strncmp(newtext, "jg", 2) or !strncmp(newtext, "ifg", 3))
return scriptjajg;
else if(!strncmp(newtext, "jbe", 3) or !strncmp(newtext, "ifbe", 4) or !strncmp(newtext, "ifbeq", 5) or !strncmp(newtext, "jle", 3) or !strncmp(newtext, "ifle", 4) or !strncmp(newtext, "ifleq", 5))
else if(!strncmp(newtext, "jbe ", 4) or !strncmp(newtext, "ifbe ", 5) or !strncmp(newtext, "ifbeq ", 6) or !strncmp(newtext, "jle ", 4) or !strncmp(newtext, "ifle ", 5) or !strncmp(newtext, "ifleq ", 6))
return scriptjbejle;
else if(!strncmp(newtext, "jae", 3) or !strncmp(newtext, "ifae", 4) or !strncmp(newtext, "ifaeq", 5) or !strncmp(newtext, "jge", 3) or !strncmp(newtext, "ifge", 4) or !strncmp(newtext, "ifgeq", 5))
else if(!strncmp(newtext, "jae ", 4) or !strncmp(newtext, "ifae ", 5) or !strncmp(newtext, "ifaeq ", 6) or !strncmp(newtext, "jge ", 4) or !strncmp(newtext, "ifge ", 5) or !strncmp(newtext, "ifgeq ", 6))
return scriptjaejge;
else if(!strncmp(newtext, "jne ", 4) or !strncmp(newtext, "ifne ", 5) or !strncmp(newtext, "ifneq ", 6) or !strncmp(newtext, "jnz ", 4) or !strncmp(newtext, "ifnz ", 5))
return scriptjnejnz;
else if(!strncmp(newtext, "je ", 3) or !strncmp(newtext, "ife ", 4) or !strncmp(newtext, "ifeq ", 5) or !strncmp(newtext, "jz ", 3) or !strncmp(newtext, "ifz ", 4))
return scriptjejz;
else if(!strncmp(newtext, "jb ", 3) or !strncmp(newtext, "ifb ", 4) or !strncmp(newtext, "jl ", 3) or !strncmp(newtext, "ifl ", 4))
return scriptjbjl;
else if(!strncmp(newtext, "ja ", 3) or !strncmp(newtext, "ifa ", 4) or !strncmp(newtext, "jg ", 3) or !strncmp(newtext, "ifg ", 4))
return scriptjajg;
return scriptnobranch;
}
@ -232,12 +232,12 @@ static bool scriptinternalbptoggle(int line) //internal breakpoint
static CMDRESULT scriptinternalcmdexec(const char* command)
{
dprintf("scriptinternalcmdexec(%s)\n", command);
if(!strcmp(command, "ret"))
if(!strcmp(command, "ret")) //script finished
{
GuiScriptMessage("Script finished!");
return STATUS_EXIT;
}
else if(!strcmp(command, "invalid"))
else if(!strcmp(command, "invalid")) //invalid command for testing
return STATUS_ERROR;
return STATUS_CONTINUE;
}

1
x64_dbg_dbg/x64_dbg.cpp
View File

@ -87,6 +87,7 @@ static void registercommands()
cmdnew(cmd, "functionadd\1func", cbFunctionAdd, true); //function
cmdnew(cmd, "functiondel\1funcc", cbFunctionDel, true); //function
cmdnew(cmd, "dump", cbDebugDump, true); //dump at address
cmdnew(cmd, "cmp", cbInstrCmp, false); //compare
}
static bool cbCommandProvider(char* cmd, int maxlen)