From 2aac3c2de9932d3abf7df5f672e8a0d87ae9174c Mon Sep 17 00:00:00 2001 From: SmilingWolf Date: Mon, 8 Dec 2014 02:04:00 +0100 Subject: [PATCH 01/18] (Re)implemented loadlib using inline asm: save the current context, allocate a memory page in the debugged process' context, assemble a CALL LoadLibraryA there, execute it and then free the memory and restore the previous context. --- x64_dbg_dbg/debugger.h | 1 + x64_dbg_dbg/debugger_commands.cpp | 85 ++++++++++++++++++++++++++++++- x64_dbg_dbg/debugger_commands.h | 1 + x64_dbg_dbg/x64_dbg.cpp | 1 + 4 files changed, 87 insertions(+), 1 deletion(-) diff --git a/x64_dbg_dbg/debugger.h b/x64_dbg_dbg/debugger.h index acd69db0..3d523383 100644 --- a/x64_dbg_dbg/debugger.h +++ b/x64_dbg_dbg/debugger.h @@ -109,6 +109,7 @@ void cbSystemBreakpoint(void* ExceptionData); void cbMemoryBreakpoint(void* ExceptionAddress); void cbHardwareBreakpoint(void* ExceptionAddress); void cbUserBreakpoint(); +void cbLoadLibBPX(); void cbLibrarianBreakpoint(void* lpData); DWORD WINAPI threadDebugLoop(void* lpParameter); bool cbDeleteAllBreakpoints(const BREAKPOINT* bp); diff --git a/x64_dbg_dbg/debugger_commands.cpp b/x64_dbg_dbg/debugger_commands.cpp index 2dd466d2..83dc5e0b 100644 --- a/x64_dbg_dbg/debugger_commands.cpp +++ b/x64_dbg_dbg/debugger_commands.cpp @@ -9,8 +9,12 @@ #include "plugin_loader.h" #include "simplescript.h" #include "symbolinfo.h" +#include "assemble.h" static bool bScyllaLoaded = false; +CONTEXT backupctx = { 0 }; +LPVOID DLLNameMem; +LPVOID ASMAddr; CMDRESULT cbDebugInit(int argc, char* argv[]) { @@ -1764,6 +1768,85 @@ CMDRESULT cbDebugSetPageRights(int argc, char* argv[]) return STATUS_CONTINUE; } +CMDRESULT cbDebugLoadLib(int argc, char* argv[]) +{ + if(argc < 2) + { + dprintf("Error: you must specify the name of the DLL to load\n"); + return STATUS_ERROR; + } + + DLLNameMem = VirtualAllocEx(fdProcessInfo->hProcess, NULL, strlen(argv[1]) + 1, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); + ASMAddr = VirtualAllocEx(fdProcessInfo->hProcess, NULL, 0x1000, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE); + + if(!DLLNameMem || !ASMAddr) + { + dprintf("Error: couldn't allocate memory"); + return STATUS_ERROR; + } + + if(!WriteProcessMemory(fdProcessInfo->hProcess, DLLNameMem, argv[1], strlen(argv[1]), NULL)) + { + dprintf("Error: couldn't write process memory"); + return STATUS_ERROR; + } + + int size = 0; + int counter = 0; + uint LoadLibraryA = 0; + char command[50] = ""; + char error[256] = ""; + + backupctx.ContextFlags = CONTEXT_FULL; + GetThreadContext(fdProcessInfo->hThread, &backupctx); + + valfromstring("kernel32:LoadLibraryA", &LoadLibraryA, false); + + // Arch specific asm code +#ifdef _WIN64 + sprintf(command, "mov rcx, "fhex, DLLNameMem); +#else + sprintf(command, "push "fhex, DLLNameMem); +#endif // _WIN64 + + assembleat((uint)ASMAddr, command, &size, error, true); + counter += size; + sprintf(command, "call "fhex, LoadLibraryA); + assembleat((uint)ASMAddr + counter, command, &size, error, true); + counter += size; + + SetContextDataEx(fdProcessInfo->hThread, UE_CIP, (uint)ASMAddr); + SetBPX((uint)ASMAddr + counter, UE_SINGLESHOOT | UE_BREAKPOINT_TYPE_INT3, (void*)cbLoadLibBPX); + + unlock(WAITID_RUN); + + return STATUS_CONTINUE; +} + +void cbLoadLibBPX() +{ + uint LibAddr = 0; +#ifdef _WIN64 + LibAddr = GetContextDataEx(fdProcessInfo->hThread, UE_RAX); +#else + LibAddr = GetContextDataEx(fdProcessInfo->hThread, UE_EAX); +#endif + varset("$result", LibAddr, false); + SetThreadContext(fdProcessInfo->hThread, &backupctx); + VirtualFreeEx(fdProcessInfo->hProcess, DLLNameMem, 0, MEM_RELEASE); + VirtualFreeEx(fdProcessInfo->hProcess, ASMAddr, 0, MEM_RELEASE); + //update GUI + GuiSetDebugState(paused); + DebugUpdateGui(GetContextDataEx(hActiveThread, UE_CIP), true); + //lock + lock(WAITID_RUN); + SetForegroundWindow(GuiGetWindowHandle()); + PLUG_CB_PAUSEDEBUG pauseInfo; + pauseInfo.reserved = 0; + plugincbcall(CB_PAUSEDEBUG, &pauseInfo); + wait(WAITID_RUN); +} + void showcommandlineerror(cmdline_error_t* cmdline_error) { bool unkown = false; @@ -1868,4 +1951,4 @@ CMDRESULT cbDebugSetCmdline(int argc, char* argv[]) dprintf("New command line: %s\n", argv[1]); return STATUS_CONTINUE; -} \ No newline at end of file +} diff --git a/x64_dbg_dbg/debugger_commands.h b/x64_dbg_dbg/debugger_commands.h index 01134198..8537f55a 100644 --- a/x64_dbg_dbg/debugger_commands.h +++ b/x64_dbg_dbg/debugger_commands.h @@ -53,6 +53,7 @@ CMDRESULT cbDebugKillthread(int argc, char* argv[]); CMDRESULT cbDebugSetPriority(int argc, char* argv[]); CMDRESULT cbDebugGetCmdline(int argc, char* argv[]); CMDRESULT cbDebugSetCmdline(int argc, char* argv[]); +CMDRESULT cbDebugLoadLib(int argc, char* argv[]); CMDRESULT cbDebugEnableHardwareBreakpoint(int argc, char* argv[]); CMDRESULT cbDebugDisableHardwareBreakpoint(int argc, char* argv[]); CMDRESULT cbDebugEnableMemoryBreakpoint(int argc, char* argv[]); diff --git a/x64_dbg_dbg/x64_dbg.cpp b/x64_dbg_dbg/x64_dbg.cpp index 9913f4d9..6d204972 100644 --- a/x64_dbg_dbg/x64_dbg.cpp +++ b/x64_dbg_dbg/x64_dbg.cpp @@ -82,6 +82,7 @@ static void registercommands() dbgcmdnew("setjitauto\1jitsetauto", cbDebugSetJITAuto, false); //set JIT Auto dbgcmdnew("getcmdline\1getcommandline", cbDebugGetCmdline, true); //Get CmdLine dbgcmdnew("setcmdline\1setcommandline", cbDebugSetCmdline, true); //Set CmdLine + dbgcmdnew("loadlib", cbDebugLoadLib, true); //Load DLL //breakpoints dbgcmdnew("bplist", cbDebugBplist, true); //breakpoint list From 5f3082793c9bc7204740ccbe88fec8e901368be0 Mon Sep 17 00:00:00 2001 From: SmilingWolf Date: Mon, 8 Dec 2014 10:30:33 +0100 Subject: [PATCH 02/18] Add documentation about loadlib command. Some documentation fixes (mostly aesthetics). --- help/DebugContinue_con.htm | 3 ++- help/DeleteBPX_bpc_bc.htm | 3 ++- help/DeleteHardwareBreakpoint_bphc_bphwc.htm | 1 + help/DeleteMemoryBPX_membpc_bpmc.htm | 1 + help/DetachDebugger_detach.htm | 1 + help/DisableHardwareBreakpoint_bphd_bphwd.htm | 2 +- help/EnableBPX_bpe_be.htm | 3 ++- help/EnableMemoryBreakpoint_membpe_bpme.htm | 2 +- help/Fill_memset.htm | 1 + help/General_Purpose.htm | 2 +- help/HideDebugger_dbh_hide.htm | 1 + help/InitDebug_initdbg_init.htm | 5 ++-- help/Introduction.htm | 3 ++- help/Jxx_IFxx.htm | 3 ++- help/LibrarianRemoveBreakPoint_bcdll.htm | 3 ++- help/LibrarianSetBreakPoint_bpdll.htm | 1 + help/PLUGINIT_STRUCT.htm | 3 ++- help/PLUG_SETUPSTRUCT.htm | 3 ++- help/Script_Commands.htm | 1 + help/Scripting.htm | 3 ++- help/SetBPXOptions_bptype.htm | 3 ++- help/SetHardwareBreakpoint_bph_bphws.htm | 3 ++- help/SetMemoryBPX_membp_bpm.htm | 2 +- help/SingleStep.htm | 3 ++- help/StepInto.htm | 1 + help/StepOver.htm | 3 ++- help/Variables.htm | 3 ++- help/alloc.htm | 3 ++- help/and.htm | 3 ++- help/asm.htm | 3 ++- help/bookmark_bookmarkset.htm | 3 ++- help/bookmarkc_bookmarkdel.htm | 3 ++- help/bookmarklist.htm | 1 + help/bplist.htm | 3 ++- help/call.htm | 3 ++- help/chd.htm | 3 ++- help/cmt_cmtset_commentset.htm | 3 ++- help/cmtc_cmtdel_commentdel.htm | 1 + help/commentlist.htm | 1 + help/dec.htm | 1 + help/disasm_dis_d.htm | 3 ++- help/div.htm | 3 ++- help/eSingleStep_esstep_esst.htm | 3 ++- help/eStepInto_esti.htm | 2 +- help/eStepOver_estep_esto_est.htm | 1 + help/erun_ego_er_eg.htm | 2 +- help/find.htm | 3 ++- help/findall.htm | 1 + help/free.htm | 1 + help/functiondel_funcc.htm | 4 ++-- help/functionlist.htm | 4 ++-- help/getcommandline_getcmdline.htm | 8 +++---- help/getjit_jitget.htm | 2 +- help/getjitauto_jitgetauto.htm | 2 +- help/getpagerights_getrightspage.htm | 2 +- help/gpa.htm | 4 ++-- help/inc.htm | 1 + help/invalid.htm | 3 ++- help/labellist.htm | 1 + help/lbl_lblset_labelset.htm | 3 ++- help/loadlib.htm | 22 ++++++++++++++++++ help/modcallfind.htm | 1 + help/mov_set.htm | 3 ++- help/msg.htm | 3 ++- help/msgyn.htm | 3 ++- help/mul.htm | 1 + help/neg.htm | 1 + help/not.htm | 1 + help/or.htm | 1 + help/pause.htm | 2 +- help/pause_script.htm | 1 + help/plugin_debugpause.htm | 4 ++-- help/plugin_logputs.htm | 3 ++- help/plugin_registercommand.htm | 3 ++- help/plugin_unregistercommand.htm | 7 ++---- help/refadd.htm | 3 ++- help/reffindrange_findrefrange_refrange.htm | 2 +- help/refinit.htm | 1 + help/ret.htm | 1 + help/rol.htm | 1 + help/ror.htm | 1 + help/rtr.htm | 3 ++- help/run_go_r_g.htm | 1 + help/savedb_dbsave.htm | 2 +- help/scriptload.htm | 3 ++- help/sdump.htm | 4 ++-- help/setcommandline_setcmdline.htm | 2 +- help/shl.htm | 1 + help/shr.htm | 1 + help/sleep.htm | 1 + help/strlen_charcount_ccount.htm | 3 ++- help/sub.htm | 1 + help/suspendthread_threadsuspend.htm | 3 +-- help/switchthread_threadswitch.htm | 3 ++- help/test.htm | 3 ++- help/var_varnew.htm | 3 ++- help/vardel.htm | 3 ++- help/varlist.htm | 3 ++- help/x64_dbg.wcp | Bin 83876 -> 84402 bytes 99 files changed, 172 insertions(+), 80 deletions(-) create mode 100644 help/loadlib.htm diff --git a/help/DebugContinue_con.htm b/help/DebugContinue_con.htm index 5d175700..bd64d002 100644 --- a/help/DebugContinue_con.htm +++ b/help/DebugContinue_con.htm @@ -26,4 +26,5 @@ swallowed.

This command does not set any result variables. -

\ No newline at end of file +

+ diff --git a/help/DeleteBPX_bpc_bc.htm b/help/DeleteBPX_bpc_bc.htm index d550e4bf..a2eae481 100644 --- a/help/DeleteBPX_bpc_bc.htm +++ b/help/DeleteBPX_bpc_bc.htm @@ -20,4 +20,5 @@ breakpoint set using the SetBPX command.

arguments
[arg1]: Name or address of the breakpoint to delete. If this argument is not specified, all breakpoints will be deleted.

result
This command does not set any result variables.

-

 

\ No newline at end of file + + \ No newline at end of file diff --git a/help/DeleteHardwareBreakpoint_bphc_bphwc.htm b/help/DeleteHardwareBreakpoint_bphc_bphwc.htm index f823a530..e330cf27 100644 --- a/help/DeleteHardwareBreakpoint_bphc_bphwc.htm +++ b/help/DeleteHardwareBreakpoint_bphc_bphwc.htm @@ -21,3 +21,4 @@ SetHardwareBreakpoint command.

this argument is not specified, all hardware breakpoints will be deleted.

result
This command does not set any result variables.

+ \ No newline at end of file diff --git a/help/DeleteMemoryBPX_membpc_bpmc.htm b/help/DeleteMemoryBPX_membpc_bpmc.htm index bc0c4ae9..d836d319 100644 --- a/help/DeleteMemoryBPX_membpc_bpmc.htm +++ b/help/DeleteMemoryBPX_membpc_bpmc.htm @@ -37,3 +37,4 @@ result
This command does not set any result variables.

+ \ No newline at end of file diff --git a/help/DetachDebugger_detach.htm b/help/DetachDebugger_detach.htm index 366bb87d..1a01ba24 100644 --- a/help/DetachDebugger_detach.htm +++ b/help/DetachDebugger_detach.htm @@ -20,3 +20,4 @@ process.

arguments
This command has no arguments.

result
This command does not set any result variables.

+ diff --git a/help/DisableHardwareBreakpoint_bphd_bphwd.htm b/help/DisableHardwareBreakpoint_bphd_bphwd.htm index 84a69590..ca370b80 100644 --- a/help/DisableHardwareBreakpoint_bphd_bphwd.htm +++ b/help/DisableHardwareBreakpoint_bphd_bphwd.htm @@ -19,5 +19,5 @@ html,body {

arguments
[arg1]: Address of the hardware breakpoint to disable. If this argument is not specified, all hardware breakpoints will be disabled.

result
This command does not set any result variables.

-

 

+ \ No newline at end of file diff --git a/help/EnableBPX_bpe_be.htm b/help/EnableBPX_bpe_be.htm index 1a19d52a..da3ebafd 100644 --- a/help/EnableBPX_bpe_be.htm +++ b/help/EnableBPX_bpe_be.htm @@ -22,4 +22,5 @@ command.

argument is not specified, all breakpoints will be enabled.

result
This command does not set any result -variables.

\ No newline at end of file +variables.

+ \ No newline at end of file diff --git a/help/EnableMemoryBreakpoint_membpe_bpme.htm b/help/EnableMemoryBreakpoint_membpe_bpme.htm index df6e9fbd..24f0856a 100644 --- a/help/EnableMemoryBreakpoint_membpe_bpme.htm +++ b/help/EnableMemoryBreakpoint_membpe_bpme.htm @@ -27,5 +27,5 @@ argument is not specified, all memory breakpoints will be enabled.

result
This command does not set any result variables.

-

 

+ \ No newline at end of file diff --git a/help/Fill_memset.htm b/help/Fill_memset.htm index 9c524bbe..1dbe3491 100644 --- a/help/Fill_memset.htm +++ b/help/Fill_memset.htm @@ -23,3 +23,4 @@ debuggee to a specified byte.

page is used.

result
This command does not set any result variables.

+ \ No newline at end of file diff --git a/help/General_Purpose.htm b/help/General_Purpose.htm index 09e5561d..e4c21e30 100644 --- a/help/General_Purpose.htm +++ b/help/General_Purpose.htm @@ -17,5 +17,5 @@ html,body {

General Purpose
This section contains various commands that are used for calculations etc.

-

 

+ \ No newline at end of file diff --git a/help/HideDebugger_dbh_hide.htm b/help/HideDebugger_dbh_hide.htm index 5da209ad..5b3fdac6 100644 --- a/help/HideDebugger_dbh_hide.htm +++ b/help/HideDebugger_dbh_hide.htm @@ -29,3 +29,4 @@ result This command does not set any result variables.

+ \ No newline at end of file diff --git a/help/InitDebug_initdbg_init.htm b/help/InitDebug_initdbg_init.htm index a3e07270..90124b17 100644 --- a/help/InitDebug_initdbg_init.htm +++ b/help/InitDebug_initdbg_init.htm @@ -36,6 +36,5 @@ called to retrieve a full path. Use quotation marks to include spaces in your pa

result
 This command will give control back to the user after the system breakpoint is reached. It will set $pid and $hp/$hProcess variables. - - -

\ No newline at end of file +

+ \ No newline at end of file diff --git a/help/Introduction.htm b/help/Introduction.htm index 5ef6e3dc..263d33d8 100644 --- a/help/Introduction.htm +++ b/help/Introduction.htm @@ -29,4 +29,5 @@ the user interaction.

Bridge is the communication library for the DBG and GUI part (and maybe in
the future more parts). The bridge can be used to work on new features,
without having to update the code of -the other parts.

\ No newline at end of file +the other parts.

+ \ No newline at end of file diff --git a/help/Jxx_IFxx.htm b/help/Jxx_IFxx.htm index 59256cb7..ffd21640 100644 --- a/help/Jxx_IFxx.htm +++ b/help/Jxx_IFxx.htm @@ -45,4 +45,5 @@ other) command(s):

arguments
  arg1: The label to jump to.

result
This command does not set any result variables. -

\ No newline at end of file +

+ \ No newline at end of file diff --git a/help/LibrarianRemoveBreakPoint_bcdll.htm b/help/LibrarianRemoveBreakPoint_bcdll.htm index 70ff6560..134a43a5 100644 --- a/help/LibrarianRemoveBreakPoint_bcdll.htm +++ b/help/LibrarianRemoveBreakPoint_bcdll.htm @@ -19,4 +19,5 @@ html,body { a DLL breakpoint.

arguments
  arg1: DLL Name to remove the breakpoint from.

result
This command does not set any result variables.

-

 

+ + diff --git a/help/LibrarianSetBreakPoint_bpdll.htm b/help/LibrarianSetBreakPoint_bpdll.htm index f065b798..f85d4f47 100644 --- a/help/LibrarianSetBreakPoint_bpdll.htm +++ b/help/LibrarianSetBreakPoint_bpdll.htm @@ -25,3 +25,4 @@ specified, x64_dbg will break on both load and unload.

breakpoint will be removed after it has been hit.

result
This command does not set any result variables.

+ diff --git a/help/PLUGINIT_STRUCT.htm b/help/PLUGINIT_STRUCT.htm index ce259862..6dd997ad 100644 --- a/help/PLUGINIT_STRUCT.htm +++ b/help/PLUGINIT_STRUCT.htm @@ -30,4 +30,5 @@ PLUG_SDKVERSION define for this
    [OUT] useful for crash reports
    [OUT] char pluginName[256]; //plugin name, also useful for crash reports
-};

\ No newline at end of file +};

+ \ No newline at end of file diff --git a/help/PLUG_SETUPSTRUCT.htm b/help/PLUG_SETUPSTRUCT.htm index 712fce26..1869c0f3 100644 --- a/help/PLUG_SETUPSTRUCT.htm +++ b/help/PLUG_SETUPSTRUCT.htm @@ -25,4 +25,5 @@ the plugin. handle
    [IN] int hMenu; //plugin menu handle
- };

\ No newline at end of file +};

+ diff --git a/help/Script_Commands.htm b/help/Script_Commands.htm index ec40faa8..de12aa08 100644 --- a/help/Script_Commands.htm +++ b/help/Script_Commands.htm @@ -19,3 +19,4 @@ html,body { only used or available in a scripting context. Commands that also exist in a non-scripting context have priority.

+ \ No newline at end of file diff --git a/help/Scripting.htm b/help/Scripting.htm index 766c2298..66e42dc5 100644 --- a/help/Scripting.htm +++ b/help/Scripting.htm @@ -17,4 +17,5 @@ html,body {

Scripting
This sections provides an overview of automating tasks with x64_dbg using scripts. See Commands for a description of all possible script commands. See Introduction for an introduction to -expressions.

\ No newline at end of file +expressions.

+ \ No newline at end of file diff --git a/help/SetBPXOptions_bptype.htm b/help/SetBPXOptions_bptype.htm index 926f6873..5844731e 100644 --- a/help/SetBPXOptions_bptype.htm +++ b/help/SetBPXOptions_bptype.htm @@ -20,4 +20,5 @@ html,body { "long" (CD03) or "ud2" (0F0B). Type default type affects both NORMAL and SINGLESHOT breakpoints.

result
This command does not set any result -variables.

\ No newline at end of file +variables.

+ \ No newline at end of file diff --git a/help/SetHardwareBreakpoint_bph_bphws.htm b/help/SetHardwareBreakpoint_bph_bphws.htm index 79562cbb..058d656d 100644 --- a/help/SetHardwareBreakpoint_bph_bphws.htm +++ b/help/SetHardwareBreakpoint_bph_bphws.htm @@ -31,4 +31,5 @@ you're putting the hardware breakpoint on must be aligned to the specified size.

result
This command does not set any result -variables.

\ No newline at end of file +variables.

+ \ No newline at end of file diff --git a/help/SetMemoryBPX_membp_bpm.htm b/help/SetMemoryBPX_membp_bpm.htm index 230fbc1c..1b9f8c48 100644 --- a/help/SetMemoryBPX_membp_bpm.htm +++ b/help/SetMemoryBPX_membp_bpm.htm @@ -48,4 +48,4 @@ it's a combination of execute, read and write.
This command does not set any result variables.

-

 

\ No newline at end of file + \ No newline at end of file diff --git a/help/SingleStep.htm b/help/SingleStep.htm index afb5cab0..61199ebc 100644 --- a/help/SingleStep.htm +++ b/help/SingleStep.htm @@ -22,4 +22,5 @@ class=rvts9> [arg1]: The number of instructions to executre (this can be any valid expression). When not specified, a StepInto is performed.

result
This command does not set any result -variables.

\ No newline at end of file +variables.

+ \ No newline at end of file diff --git a/help/StepInto.htm b/help/StepInto.htm index f8532004..e30fdc1c 100644 --- a/help/StepInto.htm +++ b/help/StepInto.htm @@ -22,3 +22,4 @@ class=rvts9>This command has no arguments.

result
This command does not set any result variables.

+ \ No newline at end of file diff --git a/help/StepOver.htm b/help/StepOver.htm index 453ed2d3..8141e637 100644 --- a/help/StepOver.htm +++ b/help/StepOver.htm @@ -22,4 +22,5 @@ class=rvts9>This command has no arguments.

result
This command does not set any result -variables.

\ No newline at end of file +variables.

+ \ No newline at end of file diff --git a/help/Variables.htm b/help/Variables.htm index eea2c0fd..383cc070 100644 --- a/help/Variables.htm +++ b/help/Variables.htm @@ -35,4 +35,5 @@ Optional other result variables (N= 1-4).
$pid: Project ID of the debugged executable.
$hp/$hProcess: Debugged executable handle.
$lastalloc: Last result of the -'alloc' command.

\ No newline at end of file +'alloc' command.

+ \ No newline at end of file diff --git a/help/alloc.htm b/help/alloc.htm index aa15c424..6a4ba88b 100644 --- a/help/alloc.htm +++ b/help/alloc.htm @@ -22,4 +22,5 @@ with PAGE_EXECUTE_READWRITE protection.

allocate. When not specified, a default size of 0x1000 is used.

result
This command sets $result to the allocated memory address. It also sets the $lastalloc variable to the allocated memory address when VirtualAllocEx -succeeded.

\ No newline at end of file +succeeded.

+ \ No newline at end of file diff --git a/help/and.htm b/help/and.htm index d010fc17..ec04c650 100644 --- a/help/and.htm +++ b/help/and.htm @@ -31,4 +31,5 @@ Destination.

result
This command does not set -any result variables.

\ No newline at end of file +any result variables.

+ \ No newline at end of file diff --git a/help/asm.htm b/help/asm.htm index ceaf3cf3..97b8f5e1 100644 --- a/help/asm.htm +++ b/help/asm.htm @@ -24,4 +24,5 @@ class=rvts9>   arg2: Instruction text.

class=rvts9>[arg3]: When specified the remainder of the previous instruction will be filled with NOPs.

result
$result will be set to the assembled instruction size. 0 on -failure.

\ No newline at end of file +failure.

+ \ No newline at end of file diff --git a/help/bookmark_bookmarkset.htm b/help/bookmark_bookmarkset.htm index 5bfa612d..db7b1cc5 100644 --- a/help/bookmark_bookmarkset.htm +++ b/help/bookmark_bookmarkset.htm @@ -25,4 +25,5 @@ result
This command does not set any result -variables.

\ No newline at end of file +variables.

+ \ No newline at end of file diff --git a/help/bookmarkc_bookmarkdel.htm b/help/bookmarkc_bookmarkdel.htm index b49b0a24..aba0561c 100644 --- a/help/bookmarkc_bookmarkdel.htm +++ b/help/bookmarkc_bookmarkdel.htm @@ -20,4 +20,5 @@ bookmark.

arguments
  arg1: Address of the bookmark to delete.

result
This command does not set any result -variables.

\ No newline at end of file +variables.

+ \ No newline at end of file diff --git a/help/bookmarklist.htm b/help/bookmarklist.htm index 196a1d79..d08531eb 100644 --- a/help/bookmarklist.htm +++ b/help/bookmarklist.htm @@ -19,3 +19,4 @@ html,body {

arguments
This command has no arguments.

result
$result will be set to the number of user-defined bookmarks.

+ diff --git a/help/bplist.htm b/help/bplist.htm index c7e15acb..630b5205 100644 --- a/help/bplist.htm +++ b/help/bplist.htm @@ -32,4 +32,5 @@ the way of setting memory breakpoints.

ADDRESS is the breakpoint address, given in 32 and 64 bits for the x32 and x64 debugger respectively.

NAME is the name assigned -to the breakpoint.

\ No newline at end of file +to the breakpoint.

+ \ No newline at end of file diff --git a/help/call.htm b/help/call.htm index 4cba9ff4..9fcad0ff 100644 --- a/help/call.htm +++ b/help/call.htm @@ -25,4 +25,5 @@ to.

result
This command does not set any result variables. -

\ No newline at end of file +

+ \ No newline at end of file diff --git a/help/chd.htm b/help/chd.htm index f2c3e20c..9ca8c37d 100644 --- a/help/chd.htm +++ b/help/chd.htm @@ -20,4 +20,5 @@ html,body {

arguments
  arg1: Path of a directory to change to.

result
This command does not set any result -variables.

\ No newline at end of file +variables.

+ \ No newline at end of file diff --git a/help/cmt_cmtset_commentset.htm b/help/cmt_cmtset_commentset.htm index bcc61ab3..beb4fbf7 100644 --- a/help/cmt_cmtset_commentset.htm +++ b/help/cmt_cmtset_commentset.htm @@ -31,4 +31,5 @@ arg2: Comment text.

result
This command does not set -any result variables.

\ No newline at end of file +any result variables.

+ \ No newline at end of file diff --git a/help/cmtc_cmtdel_commentdel.htm b/help/cmtc_cmtdel_commentdel.htm index bd497db6..f5b79111 100644 --- a/help/cmtc_cmtdel_commentdel.htm +++ b/help/cmtc_cmtdel_commentdel.htm @@ -27,3 +27,4 @@ arguments
This command does not set any result variables.

+ \ No newline at end of file diff --git a/help/commentlist.htm b/help/commentlist.htm index 4851d717..bd45be03 100644 --- a/help/commentlist.htm +++ b/help/commentlist.htm @@ -20,3 +20,4 @@ comments in reference view.

arguments
This command has no arguments.

result
$result will be set to the number of user-defined comments.

+ diff --git a/help/dec.htm b/help/dec.htm index 0ac58e5a..aa95b1aa 100644 --- a/help/dec.htm +++ b/help/dec.htm @@ -21,3 +21,4 @@ value.

Destination.

result
This command does not set any result variables.

+ \ No newline at end of file diff --git a/help/disasm_dis_d.htm b/help/disasm_dis_d.htm index e35e72f4..e3ed048e 100644 --- a/help/disasm_dis_d.htm +++ b/help/disasm_dis_d.htm @@ -29,4 +29,5 @@ html,body { [arg1]: The address to disassemble at. When not specified, there will be assembled at CIP.

result
This command does not set any result -variables.

\ No newline at end of file +variables.

+ \ No newline at end of file diff --git a/help/div.htm b/help/div.htm index f515e959..5b905a66 100644 --- a/help/div.htm +++ b/help/div.htm @@ -22,4 +22,5 @@ Destination.

  arg2: Source.

result
This command does not set -any result variables.

\ No newline at end of file +any result variables.

+ \ No newline at end of file diff --git a/help/eSingleStep_esstep_esst.htm b/help/eSingleStep_esstep_esst.htm index f93080bf..6e254b5a 100644 --- a/help/eSingleStep_esstep_esst.htm +++ b/help/eSingleStep_esstep_esst.htm @@ -25,4 +25,5 @@ Trap-Flag, skipping first-chance exceptions.

class=rvts9>[arg1]: The number of instructions to executre (this can be any valid expression). When not specified, a StepInto is performed.

result
This command does not set any result variables.

-

 

+ + diff --git a/help/eStepInto_esti.htm b/help/eStepInto_esti.htm index 40d735ab..f4285def 100644 --- a/help/eStepInto_esti.htm +++ b/help/eStepInto_esti.htm @@ -32,5 +32,5 @@ arguments class=rvts9>This command has no arguments.

result
This command does not set any result variables.

-

 

+ \ No newline at end of file diff --git a/help/eStepOver_estep_esto_est.htm b/help/eStepOver_estep_esto_est.htm index 2fb76106..2c7e3e3d 100644 --- a/help/eStepOver_estep_esto_est.htm +++ b/help/eStepOver_estep_esto_est.htm @@ -33,3 +33,4 @@ class=rvts9>This command has no arguments.

result
This command does not set any result variables.

+ \ No newline at end of file diff --git a/help/erun_ego_er_eg.htm b/help/erun_ego_er_eg.htm index 15c9bc31..28e07344 100644 --- a/help/erun_ego_er_eg.htm +++ b/help/erun_ego_er_eg.htm @@ -28,5 +28,5 @@ This command has no arguments.

result
This command does not set any result variables.

-

 

+ \ No newline at end of file diff --git a/help/find.htm b/help/find.htm index 3b3e52df..6aaf3e48 100644 --- a/help/find.htm +++ b/help/find.htm @@ -28,4 +28,5 @@ The size of the data to search in.

class=rvts9>The $result variable is set to the virtual address of the address that matches the byte pattern. $result will be 0 when the pattern could not be matched.

-

 

\ No newline at end of file +

 

+ \ No newline at end of file diff --git a/help/findall.htm b/help/findall.htm index 15d94d49..820f315d 100644 --- a/help/findall.htm +++ b/help/findall.htm @@ -29,3 +29,4 @@ The size of the data to search in.

result
$result is set to the number of occurrences.

 

+ diff --git a/help/free.htm b/help/free.htm index 3dd6b288..d6948f7e 100644 --- a/help/free.htm +++ b/help/free.htm @@ -29,3 +29,4 @@ This command sets $result to 1 if VirtualFreeEx succeeded, otherwise it's set to 0. $lastalloc is set to zero when the address specified is equal to $lastalloc.

+ \ No newline at end of file diff --git a/help/functiondel_funcc.htm b/help/functiondel_funcc.htm index 4d01abf5..cbff8fdc 100644 --- a/help/functiondel_funcc.htm +++ b/help/functiondel_funcc.htm @@ -28,5 +28,5 @@ delete.


This command does not set any result variables.

-

 

- \ No newline at end of file + + \ No newline at end of file diff --git a/help/functionlist.htm b/help/functionlist.htm index 1a5ebad9..839dc1f7 100644 --- a/help/functionlist.htm +++ b/help/functionlist.htm @@ -19,5 +19,5 @@ html,body {

arguments
This command has no arguments.

result
$result will be set to the number of user-defined functions.

-

 

- \ No newline at end of file + + diff --git a/help/getcommandline_getcmdline.htm b/help/getcommandline_getcmdline.htm index fedaa228..e84b7b13 100644 --- a/help/getcommandline_getcmdline.htm +++ b/help/getcommandline_getcmdline.htm @@ -15,8 +15,8 @@ html,body { -

getcommandline[,getcmdline]
It gets the actual command line.

-

No arguments

+

getcommandline[,getcmdline]
It gets the actual command line.

+

arguments
This command has no arguments.

result
This command does not set any result variables.

-

 

- \ No newline at end of file + + \ No newline at end of file diff --git a/help/getjit_jitget.htm b/help/getjit_jitget.htm index a32f191e..ddb865d3 100644 --- a/help/getjit_jitget.htm +++ b/help/getjit_jitget.htm @@ -51,5 +51,5 @@ class=rvts9>  arg2:

x64-JIT entry.

result
This command does not set any result variables.

-

 

+ \ No newline at end of file diff --git a/help/getjitauto_jitgetauto.htm b/help/getjitauto_jitgetauto.htm index e95e69d9..c6049147 100644 --- a/help/getjitauto_jitgetauto.htm +++ b/help/getjitauto_jitgetauto.htm @@ -56,5 +56,5 @@ class=rvts9>  arg1:

result
This command does not set any result variables.

-

 

+ \ No newline at end of file diff --git a/help/getpagerights_getrightspage.htm b/help/getpagerights_getrightspage.htm index 1401871f..f7e40728 100644 --- a/help/getpagerights_getrightspage.htm +++ b/help/getpagerights_getrightspage.htm @@ -21,5 +21,5 @@ class=rvts9>  arg1: Memory Address of page (it fix the address if this arg is not the top address of a page).

result
This command does not set any result variables.

-

 

+ \ No newline at end of file diff --git a/help/gpa.htm b/help/gpa.htm index 065f330e..051e8f66 100644 --- a/help/gpa.htm +++ b/help/gpa.htm @@ -31,5 +31,5 @@ The $result variable is set to the export address. When the export is not found, $result will be set to 0. - -

\ No newline at end of file +

+ \ No newline at end of file diff --git a/help/inc.htm b/help/inc.htm index ad1f10d7..5673eb57 100644 --- a/help/inc.htm +++ b/help/inc.htm @@ -21,3 +21,4 @@ value.

Destination.

result
This command does not set any result variables.

+ \ No newline at end of file diff --git a/help/invalid.htm b/help/invalid.htm index 8835f155..30bfac99 100644 --- a/help/invalid.htm +++ b/help/invalid.htm @@ -20,4 +20,5 @@ script execution.

arguments
This command has no arguments.

result
This command does not set any result variables. -

\ No newline at end of file +

+ \ No newline at end of file diff --git a/help/labellist.htm b/help/labellist.htm index 0ce945dd..b8324778 100644 --- a/help/labellist.htm +++ b/help/labellist.htm @@ -31,3 +31,4 @@ This command has no arguments.

$result will be set to the number of user-defined labels.

 

+ diff --git a/help/lbl_lblset_labelset.htm b/help/lbl_lblset_labelset.htm index db7deb05..a53155ab 100644 --- a/help/lbl_lblset_labelset.htm +++ b/help/lbl_lblset_labelset.htm @@ -30,4 +30,5 @@ inside a module). result
This command does not set any result -variables.

\ No newline at end of file +variables.

+ \ No newline at end of file diff --git a/help/loadlib.htm b/help/loadlib.htm new file mode 100644 index 00000000..33f1d3b9 --- /dev/null +++ b/help/loadlib.htm @@ -0,0 +1,22 @@ + + + +loadlib + + + + + + + +

loadlib
Load a DLL into debugged program memory.

+

arguments
 arg1: The name of the module to load.

+

result
The $result + variable will be set to the address of the loaded library.

+ \ No newline at end of file diff --git a/help/modcallfind.htm b/help/modcallfind.htm index 1c4af290..14e170e1 100644 --- a/help/modcallfind.htm +++ b/help/modcallfind.htm @@ -29,3 +29,4 @@ result The $result variable is set to the number of inter-modular calls found.

+ diff --git a/help/mov_set.htm b/help/mov_set.htm index 3855a848..40da33d5 100644 --- a/help/mov_set.htm +++ b/help/mov_set.htm @@ -26,4 +26,5 @@ created. arg2: Value to store in the variable.

result
This command does not set any result -variables.

\ No newline at end of file +variables.

+ \ No newline at end of file diff --git a/help/msg.htm b/help/msg.htm index 3aa0d5cf..781f8795 100644 --- a/help/msg.htm +++ b/help/msg.htm @@ -19,4 +19,5 @@ html,body { box.

arguments
 arg1: Message box text.

result
This command does not set any result -variables.

\ No newline at end of file +variables.

+ diff --git a/help/msgyn.htm b/help/msgyn.htm index 4d9a4bd7..f952928b 100644 --- a/help/msgyn.htm +++ b/help/msgyn.htm @@ -23,4 +23,5 @@ answer yes or no.

result
The $result variable will be set to 1 when the -user answered yes. Otherwise it's set to 0.

\ No newline at end of file +user answered yes. Otherwise it's set to 0.

+ \ No newline at end of file diff --git a/help/mul.htm b/help/mul.htm index da4bcc4c..34bee35a 100644 --- a/help/mul.htm +++ b/help/mul.htm @@ -23,3 +23,4 @@ Destination.

arg2: Source.

result
This command does not set any result variables.

+ \ No newline at end of file diff --git a/help/neg.htm b/help/neg.htm index 14194363..9ce07591 100644 --- a/help/neg.htm +++ b/help/neg.htm @@ -21,3 +21,4 @@ value.

Destination.

result
This command does not set any result variables.

+ \ No newline at end of file diff --git a/help/not.htm b/help/not.htm index 9972d34d..2cbd5e06 100644 --- a/help/not.htm +++ b/help/not.htm @@ -21,3 +21,4 @@ value.

Destination.

result
This command does not set any result variables.

+ \ No newline at end of file diff --git a/help/or.htm b/help/or.htm index 45e4dbe9..6ff27354 100644 --- a/help/or.htm +++ b/help/or.htm @@ -23,3 +23,4 @@ Destination.

arg2: Source.

result
This command does not set any result variables.

+ \ No newline at end of file diff --git a/help/pause.htm b/help/pause.htm index 98de6735..cb7681e1 100644 --- a/help/pause.htm +++ b/help/pause.htm @@ -19,5 +19,5 @@ html,body {

arguments
This command has no arguments.

result
This command does not set any result variables.

-

 

+ \ No newline at end of file diff --git a/help/pause_script.htm b/help/pause_script.htm index a2613abe..cbf65612 100644 --- a/help/pause_script.htm +++ b/help/pause_script.htm @@ -32,3 +32,4 @@ This command has no arguments.

result
This command does not set any result variables.

+ \ No newline at end of file diff --git a/help/plugin_debugpause.htm b/help/plugin_debugpause.htm index 5fbd058d..59623e5b 100644 --- a/help/plugin_debugpause.htm +++ b/help/plugin_debugpause.htm @@ -32,5 +32,5 @@ _plugin_debugpause();

Return Values
This function does not return a value. - -

\ No newline at end of file +

+ diff --git a/help/plugin_logputs.htm b/help/plugin_logputs.htm index 03d5a2e9..79fa81f1 100644 --- a/help/plugin_logputs.htm +++ b/help/plugin_logputs.htm @@ -23,4 +23,5 @@ a single line to the log window.

text: Piece of text to put to the log window. This text can contain line breaks.

-

Return Values
This function does not return a value.

\ No newline at end of file +

Return Values
This function does not return a value.

+ diff --git a/help/plugin_registercommand.htm b/help/plugin_registercommand.htm index e4c48ca9..153f38bc 100644 --- a/help/plugin_registercommand.htm +++ b/help/plugin_registercommand.htm @@ -39,4 +39,5 @@ executed when there is no target is being debugged.

true when the command was successfully registered, make sure to check this, other plugins may have already registered the same command. -

\ No newline at end of file +

+ diff --git a/help/plugin_unregistercommand.htm b/help/plugin_unregistercommand.htm index 5db7c4f8..a4150d29 100644 --- a/help/plugin_unregistercommand.htm +++ b/help/plugin_unregistercommand.htm @@ -26,8 +26,5 @@ name
);

calling plugin.

command: Command name.

Return Values
This function returns true when the callback was -removed without problems.

-

 

- - - \ No newline at end of file +removed without problems.

+ diff --git a/help/refadd.htm b/help/refadd.htm index 87ac38da..566dce46 100644 --- a/help/refadd.htm +++ b/help/refadd.htm @@ -36,4 +36,5 @@ view. result
This command does not set any result -variables.

\ No newline at end of file +variables.

+ \ No newline at end of file diff --git a/help/reffindrange_findrefrange_refrange.htm b/help/reffindrange_findrefrange_refrange.htm index b5b832db..5dbe8141 100644 --- a/help/reffindrange_findrefrange_refrange.htm +++ b/help/reffindrange_findrefrange_refrange.htm @@ -39,5 +39,5 @@ When not specified CIP will be used. 

result
The $result variable is set to the number of references found.

-

 

+ \ No newline at end of file diff --git a/help/refinit.htm b/help/refinit.htm index 11870a3b..7a4bd793 100644 --- a/help/refinit.htm +++ b/help/refinit.htm @@ -32,3 +32,4 @@ for command usage.

This command does not set any result variables.

+ diff --git a/help/ret.htm b/help/ret.htm index f1030a6e..594d3d4d 100644 --- a/help/ret.htm +++ b/help/ret.htm @@ -23,3 +23,4 @@ call.

class=rvts9>This command has no arguments.

result
This command does not set any result variables.

+ \ No newline at end of file diff --git a/help/rol.htm b/help/rol.htm index 316b8444..6a84ff62 100644 --- a/help/rol.htm +++ b/help/rol.htm @@ -23,3 +23,4 @@ Destination.

arg2: Source.

result
This command does not set any result variables.

+ \ No newline at end of file diff --git a/help/ror.htm b/help/ror.htm index a77d6817..0e6758f0 100644 --- a/help/ror.htm +++ b/help/ror.htm @@ -23,3 +23,4 @@ Destination.

arg2: Source.

result
This command does not set any result variables.

+ \ No newline at end of file diff --git a/help/rtr.htm b/help/rtr.htm index 325e5abf..2a5ce0ec 100644 --- a/help/rtr.htm +++ b/help/rtr.htm @@ -33,4 +33,5 @@ This command has no arguments.

result
This command does not set any result -variables.

\ No newline at end of file +variables.

+ \ No newline at end of file diff --git a/help/run_go_r_g.htm b/help/run_go_r_g.htm index f4cedf85..e0100908 100644 --- a/help/run_go_r_g.htm +++ b/help/run_go_r_g.htm @@ -22,3 +22,4 @@ the program to run.


This command does not set any result variables.

+ \ No newline at end of file diff --git a/help/savedb_dbsave.htm b/help/savedb_dbsave.htm index e14fd188..1acc8bda 100644 --- a/help/savedb_dbsave.htm +++ b/help/savedb_dbsave.htm @@ -31,5 +31,5 @@ This command has no arguments. This command does not set any result variables. -

+ \ No newline at end of file diff --git a/help/scriptload.htm b/help/scriptload.htm index b23508cd..baaa80a5 100644 --- a/help/scriptload.htm +++ b/help/scriptload.htm @@ -19,4 +19,5 @@ html,body { file.

arguments
 arg1: Script file to load.

result
This command does not set any result -variables.

\ No newline at end of file +variables.

+ \ No newline at end of file diff --git a/help/sdump.htm b/help/sdump.htm index 0c808beb..f6640333 100644 --- a/help/sdump.htm +++ b/help/sdump.htm @@ -33,6 +33,6 @@ stack range).
This command does not set any result -variables.

-

 

+variables.

+ \ No newline at end of file diff --git a/help/setcommandline_setcmdline.htm b/help/setcommandline_setcmdline.htm index 82e79bf9..6b47116e 100644 --- a/help/setcommandline_setcmdline.htm +++ b/help/setcommandline_setcmdline.htm @@ -21,7 +21,7 @@ html,body { arguments -  +
diff --git a/help/shl.htm b/help/shl.htm index 3bf4b6d5..2ccd29bc 100644 --- a/help/shl.htm +++ b/help/shl.htm @@ -23,3 +23,4 @@ Destination.

arg2: Source.

result
This command does not set any result variables.

+ \ No newline at end of file diff --git a/help/shr.htm b/help/shr.htm index 13593cb4..caf4071f 100644 --- a/help/shr.htm +++ b/help/shr.htm @@ -23,3 +23,4 @@ Destination.

arg2: Source.

result
This command does not set any result variables.

+ \ No newline at end of file diff --git a/help/sleep.htm b/help/sleep.htm index 38a05b1c..9f9580b6 100644 --- a/help/sleep.htm +++ b/help/sleep.htm @@ -36,3 +36,4 @@ in mind that default input is in HEX. This command does not set any result variables.

+ \ No newline at end of file diff --git a/help/strlen_charcount_ccount.htm b/help/strlen_charcount_ccount.htm index 40aff1ab..eb9e0f90 100644 --- a/help/strlen_charcount_ccount.htm +++ b/help/strlen_charcount_ccount.htm @@ -24,4 +24,5 @@ class=rvts9>  arg1: String you want to get the length of.

result
This -command does not set any result variables.

\ No newline at end of file +command does not set any result variables.

+ \ No newline at end of file diff --git a/help/sub.htm b/help/sub.htm index 65e8b3f4..b31a92bd 100644 --- a/help/sub.htm +++ b/help/sub.htm @@ -23,3 +23,4 @@ Destination.

arg2: Source.

result
This command does not set any result variables.

+ \ No newline at end of file diff --git a/help/suspendthread_threadsuspend.htm b/help/suspendthread_threadsuspend.htm index 84b10d3f..bb1a8d79 100644 --- a/help/suspendthread_threadsuspend.htm +++ b/help/suspendthread_threadsuspend.htm @@ -21,8 +21,7 @@ thread in the debuggee.

arguments - -  +
diff --git a/help/switchthread_threadswitch.htm b/help/switchthread_threadswitch.htm index 6bd5dc52..8b19585d 100644 --- a/help/switchthread_threadswitch.htm +++ b/help/switchthread_threadswitch.htm @@ -30,4 +30,5 @@ Threads tab). When not specified, the main thread is used. 

This command does not set any result variables. -

\ No newline at end of file +

+ \ No newline at end of file diff --git a/help/test.htm b/help/test.htm index c2d4e708..3bd88e19 100644 --- a/help/test.htm +++ b/help/test.htm @@ -25,4 +25,5 @@ arg2: Tester.

the internal variables $_EZ_FLAG and $_BS_FLAG. $_EZ_FLAG is set to 1 when arg1&arg2= = 0. $_BS_FLAG is always set -to 0.

\ No newline at end of file +to 0.

+ \ No newline at end of file diff --git a/help/var_varnew.htm b/help/var_varnew.htm index 9262924d..c6ce459e 100644 --- a/help/var_varnew.htm +++ b/help/var_varnew.htm @@ -24,4 +24,5 @@ done). [arg2]: Initial variable value (see console input for details).

result
This command does not set any result -variables.

\ No newline at end of file +variables.

+ \ No newline at end of file diff --git a/help/vardel.htm b/help/vardel.htm index 8a208d65..9b26e6bb 100644 --- a/help/vardel.htm +++ b/help/vardel.htm @@ -20,4 +20,5 @@ html,body { class=rvts9>Name of the variable to delete ($ will be prepended when not present).

result
This command does not set any result -variables.

\ No newline at end of file +variables.

+ \ No newline at end of file diff --git a/help/varlist.htm b/help/varlist.htm index 8db8685b..0a63ea47 100644 --- a/help/varlist.htm +++ b/help/varlist.htm @@ -20,4 +20,5 @@ values.

arguments
[arg1]: Filter (USER, SYSTEM, READONLY).

result
This command does not set any result -variables.

\ No newline at end of file +variables.

+ \ No newline at end of file diff --git a/help/x64_dbg.wcp b/help/x64_dbg.wcp index 390969236ae42b48217bf9738d94c61e9d3b73b9..3292d1c3e2b301a772720a9230acfc716e4ae111 100644 GIT binary patch delta 4115 zcmZ8kdstLQmcL~K5(5MXA;d=yGKhee%jMFx4QUYw_7DdNK4O#@1Vkka5=12EI6ep= zCTUyjA5sPhww>OV?GS@XjEP3^F=$-Ypleviu#up{IL0V43~`LZ%(=~G=lk}L`_-vB zr_TA+sq?7o*x`8yo~?RcHXYvuPd%LDyYw+Q{~mt$+hDEUw^(>h$P)^LV&PRGA8}7j z;e(S{By#3@{Xf>FoESLg+E^U+E{n&8Ofw4R26KHB3)jR8aaa>D1vxKx(PAnZUvOYf zri{`ovnF3CMaudZq|cL3@PYvs<~jJyCzyoB`3>-%mx`hV1{(cPJ1-GE3mmX7lhL}+ zjOYc)sCrRE{Q?snzUV;JYzdu0rz^BPX{A zy5$m$D$g5Io&i^uJ2C%D3C#r-8NX+uSU4!tYQXj>72%oT|^ zze*%}F%}itnSy=sv50)tf}vGf;`*R|m4eVBLa-_y$BS$jF4Up+H)i+wCl^o0-B%TC zD<1X7q;bsZhDK10#Yj&JptsuR$3A;-&U|5qx z<9HZfGvMMH2SQ3^Tq)C{y{rURN(*2$MQC)w4CJj@jo!63l$7bvU#{|lXv~InZ6K1@ zMlgdrIBe^@XeAT<>+Gm1SMYg-6{dAMRKBjDWgXr9>khnAL3dwi)f5OTur*~WO4jS( zdY!DUcQD!Qf#wYq0km55TM>=x6VdfsJ1RFQ=-#MB>!u(Yv&XKckggD7vH8q2I_=~K zQ+=lkiZD|cU0;TKt~eb3ofG97Wt`ol?kj=(JBh`sI3J%b#FOk?N{6+$^jQpsH#>Py zECuX^Ef#1uFGSr|5lx%3(NU#^e^m|lFc9->RV}i&CSubY5>9WG(es8KbyW<Ie4I zhKLPsikjs@A@Ux@;MSW?Y^j!UqQ-)xH;t%#i{j$VR9t<_rjZ539ha_cmazrGI>KD4 zCM8zBEy3}Y4j0~5BX^(g1eAsZqv;*X5%(!nPd>PH)%Y&JH_vTNJd{nmx-X zKUVU4v1}SDc1md5VL@epm?+j-3k5!+{M}8I5(8 zvBjif1sx@C$5a&VB8br8+OD6&x~1NN$X&_Uz(v&UGT{!lQ%y-gKuioy?6x40C!_H_ z5l(J`w&7ov!}rh)>?vVuv3bt~6uzg!#XTa;esa(J5Z>5@>T(GS-w!3ZAS`-68=LlI zVc>la^xq59=mi6Q+_MDwy;^K(s=`2{j%YJl-%m#Bg$Uv&;F+f9QEs!tV=pDfJ~K}5 zO+uhuf@DiWwcUx3eG(RbV8NAr$3m>Tn?X0~zLjv*OMNb5P_|Q0U0QU8kCU z>Z#iI*J8Xg3-2^b*zH_|2hBEE_Uq93?`C8+8{u$?GzO!yS;X*%S|op1rHP}^nD=EY zhCZxAj?09u77BY;2C_bKpyNXsiw?X- z2>Lh>(Vs+E4~j%4Vaq`q20zxJ=FsT&nnOi6-I@gXuo1?CX{c$_qU&%C!Vk$rH)7yW zGO|7~qWCb?+fQtm-=;&ykIf(G@IOsXY?l#yW>iP;nQT;@lF)KSM9(Q5#-DYd?X--$XU!-*V?_7wMO;0T zih>R`XXEK&;$S#u#+Z)rsQY~?LeGmt=i|V62fWY8X!}wN+m|Icdu}NLf34zAz^QYS zu=0F5j$Tl^>ZKF$F#m@ceisy!bb7gwCkQfrbK%!`(CLJAKlQ)=v>>E&F%B6bGzrvn z-|Ngn&{uY*bJxcHuc!-NOoOd!^xO#)Fy}7L#YmR}N57KcahZD8r4p2PiFoI-T8~!q zI1`IO|78bkmlPcTFKS+wMU-C=Jy!{(LLM%4QPcmLwq2?D-^g`*UCRe!>4mVgTjm8a zmA=orov8R)M(ux_p>&H#zbf+7DO6V+S4VqZIb% zQ85M4nC)3W)v3ZQHNJQV{l$=r%j&mJ7rE3L^e&Wo0;ZgM9pFiKu|Vc%1-gklQj$cU%~}tceQxU+Zz`FD431^<|ed?2U+_3{(%3KdA28{DYD6V;y?`YCzZn38vvB)I4Zr zGdK&RExCWI!{CoH!X8SW8amG5L?8>5e%N;T8YG+Ooq9*}eKVjhwjMeQ5Vn)7n z43mfmLbg2`TZTROi80K@ix^XQgNE(qx-l%0=XfyPE-RDxSr1|sYKUp`WL7SE&^xQ| zzG^>#zwN=EQIX?G ztIeDFFa!VUX*Nq;aPqd0pIL5jh6x02<1+;P>;$sf{|vc8nn-dN$CKQ+NzCe*B4i2A z^Mf%git>QMledR44<_?_6WC0?QOjER)rmA+{0rvbvX+JN&`?&OQklFvl$;g$3vw1w zTHZC8RdZXo>WN9Dy&;Uu{yg>LSy}=R_DiPbqs$-ua#UR)H%?(bFm#9Wfk||qx5H@@ zDR-~mRR1@4W(46SJ#)A;byQ;*PoF}{TvM5gP3K!DQ{vS`5|l>~1SKbmd{5LkzHurE zbw?3nVWf&NO2rsW7#pIPpZc>E$!n*PMw%MApGe54I`LZ~JHT_M(S~a=bX!D?|_=Qy9dACA# z$~Q{uvfD@8>J^8*@$3oC?BZBwn2@K6lJbMOdpa#Yj z1FPqCdNzluMkM__D15WRp5ZNeRp$({Ri40{^#)Rzl}JF81WKzO1EG$TeF`bj5C})kFbP znM#4_NT#g=skHS<3UN235Y(g3QS5c6up}<05kU1384wf8$IT{yRnL*U{#Q(EjaHN3 z#&c}0d#Wn0;aAdVjkpE8OVje^iR nktI^z?wrUb@!BL7!tG<3qP`0OBKQj9+}}R|8-;{~ delta 3888 zcmXw64Oo;_7M{!B5{n9iMrgA{#GfA@A0MCNFb#-^#ABvNghqxVAtDkYB9WP)5h+g7 zG%s-di^g%9*oj;uB2zOmGIGsDmslg$&?PD}LNj7r*WEKiJ@fFKbH97;Ip@CjJ?CE9 z;cb7#yG=6**Gp!g=05*-@+U371C@cH7!C4!=i)TA1~x-5{1!(;df1Ei-^0Sa6IGHb z8T$=WdB;p9py6Q~QnM74EHYY_$Y|F_dM2t8@c5DkU|np7E?a^lOO2Wp!6frg{zxbS z9#J4K5lGKL(-J$1b0m~x?}GHGg7inU*!QRo-H+I@DObX-93wPKGf?=bfR?2T(f_C& zyOv3C<{FXnSOzvP6-Wl*{9`)YSZYUSo`jxdMpQhWi9L@AB!hADaUF*9)R6M(aDKT& zx)BXe6ynI^0wVHDpe(mRS|P*t2_r^Ulw$k|fuw}6Cw+0;po1yj#uNnV<6&4~!f1hn z<4^d)Tp(kaL8Ngx#tb%i6v{ZY(u5O*W#}#tNXl*xO{;X!6cPeY)}gXUBHajSbvC3` z0?82gm-yq{Y6ZQktZ)=7=r2;kP!UWr4T$Xx9Y^BNi3R#R4M3gA<0qvMh>P;5lo z+7g^tBajquq0Ap!O0~!;u_E^=1-WY{{N%39!@)8U7uNbCt4u~{sX*fjbe7uDy-q^? zQ%2O3=VM!$KvIBtgBNt`6@;y`A)rD=Wch@j$nsJQR%GL1c?!xmEJN9PJA(8gQY%c* z1!^E|@Im3m2sRr#HZDQW2CKKEQius>lj5+al5C#V!LZQ_RXf5x6_pmRJv|Qt8*SKD zE#qL71sTu8qT*=<_GctqeAesLT|w>nsodtcq# z%&ZtJISR%Xi03a#xcY(()patuYKgZmrJ(vn0oIq&(f^_y+qV;M>rBYlA)xXl5tf}Y zhF-FwqF%w_?MBEuB~;LyX{QE`dNoFO)S}2JlWs)B%Zp&xDUuAagn8lE%UYb+X+x7q zMw8LxU7=c~Dni`d@u+-RK<6tujJ<4y*{tA{$%5Qh1=PPHqvKT>qp#So-6CVmtabx* z!@S&cCBbtja5~DT`=jPn5zUY>{Hh(54HAx62;xRc3<8Xe8uY@Bq9zIb4HN788uAgr zQ($NmVcQ)98>ft#)EI26Mb$2sZiKQs6$PAt*qwnsPVx81XxU}NiM_!vzUGU9y$ULK zQ_1Yj#qe%Bn;^~MJto|E&1IoS(_Vq}T!ieiW7~WYSN56Ud_9$Eu|DvAjJ)Q9Y1RxZ zXtsJ1>9BQvJZ8LZ!m<4+OoPCOq7Y#9L9{I$c~&A06`{D_gfjDkc%N zZ<^8W3`V{)5``@y>8bdx#R|(?3Xc7msMNX;wN3%2TC;KTEj0q(+C~{CVt-;hy5DNR zwu6~yZk2KC;3CX;d!oQb-ZrDPO@mVhMFbquW5Hjno(V+Zzyk?Tw;9pez6h7w1Vp}* zgN27&2+Vf-Q@1zcN=GVgw(C*!ZU#2JGvRMxM>A%;Cm{OW6q3F$y%!7TyEd0kel3v2 zV@szA-5&%X_I(W&kfBT8_r4xS-g7zExZyP(Zbs%&Ee!Pi*wGZ6f8UPwvm%^Fno;tB zh?=8%^nIY<=23UDd}S;-K7GuD;tw-<&;u+I$3O7Fg%20O_xQx29XcD2f#W9BeM~*T$0Ck=BzPC8i2jK0p+i6MJ9$P< zm{9VG9?p*iockmVe%*E)K1rRW+lb0fm&5T1)!?V0nAVet;FDI|?osgFNh6Mbwj8~m z3M4~eIF*U~o{4=)pPBgPyP52%RVCrjhf&l3R-Jwbj#D;de=cLwUrh))vy2*4q-T;! z!jv<2qxDQC>OLoKoUX&JzY%{vrz@*B9rEHxn9um2yLSO@oUx(ptc;$&8BumlplgwU z>GfexV*ieK_@8zBRttk?P2Q_j<*Jof-y4NJWZBjyWBi;AwO`0M{dXhM`UTYX3A|jU z4mjB7aCf$jFU*$YXq5I-^z#x<_uG;8r3C9gjI0oI&dkKJ^8(5SWOSalBmFD748AnM z<3cRb21L&_sw!OSje~XIcTnwLg;~zgJ^oc5O_pKqnHUHc1f*S*QGdaXkgp}=|I_IC zlxick&W%FwMG^8KwT_E+H*Bt(AmeK@`Yws^8WbU2R!}tPbl)P<4_>5GfnBOX-@gQS zT$UgW$tb++ge_4*%D)=W`;A~361m50+M!{n6+Yj}NcqNsu)AU{gI>7xjYxfP9X08* zavbu8TjBM+4DGi~IQLB~#>qJPiiEuHobdQThUR;V=LS`=D^b_tvF}BMUsbT|ij!ZS zL;-TI(A9Hk8j61?K+lh{xIt?oM(F!hr@I5W63)GAE-^&jcMFe)Qw#7Sqy zeoTP$lLcMZB#izfLVaC>>`^D=6|`+yDPFVS#Lsl0Uz1ohXR~QZ_H`#qa@9!!#Gf0` z^-Bgue|EpQBB(SaB#bRa_Kg-q|EfUz#e$JvwdlJq7Sfm(a>i3oGd7XfvR|7lHzh=l zi^#vJfn~gfxVk?v0j2+LfX6M0e^X=?*y@Of`Q|}4_@)18vfQQ{oF)rz>ror4M%yhT z7W_{}*?%pKlNrHvTWl<28L-}VOk}en9@YPA;^7`l-CIYx7tIYeZI^M5f7M5b8UA}>^gs@=Vm{OJ?78Sc+ejyHXXmrNB+nx)L4k-oXISP zcllF7UQ=jS+DT+HG=*$PQ*%Qwo5nLIvm$uh6nNicrsctb+^2jUS986x?PWVFbK;m=(r` z-6hA1?qznK62^k~f+*(CYa$4(+;Fn{{hN*tg_FO5`^jI|eG~o`@Ro=PSK&N2iXf5h zp8#Isev#y_I)?lO$B?V>NV210DzA+qlY&_CVu&WKZ6@>K=`+bhA4A7NLxmrXA+Av4 z;hixo45Nv`{A4UE=L2ypxG{u9@{*Y>#WhOfLo><6Nzs*(K)eD>I6i>;xM!ZU<%&R4eNl$8?mB2cfLh|flag}FWjai7`bY)Bzzwbdd|)zM_vEJ{*JB0t?) zO3kUEebP|NmDw~Aq@(Nuv~(LvmdvK|oCnBbaT0UTn|>BufUc4& zO8O0$DjhTMQ9WDadO*8#AtX7doSR?V#suzH@8LXhU`DM08P0wpDx+?nRk)>@M( zd~GU)+@8Yr@t(QF5A7V5&ri-JyMZ}`TYDPe)|pCcFVCaR8Rt>{=DD<|t7$CM66;U1 zU(aLnxPO{EJG&N66r-X(xD52ZwrvO*tZg?_SXlFHBh_kWaeIm7?} From 2ea09c39bdef6c8fe20b713bce1e8354441b1900 Mon Sep 17 00:00:00 2001 From: SmilingWolf Date: Mon, 8 Dec 2014 15:48:18 +0100 Subject: [PATCH 03/18] Clear the trap flag --- x64_dbg_dbg/debugger_commands.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/x64_dbg_dbg/debugger_commands.cpp b/x64_dbg_dbg/debugger_commands.cpp index 83dc5e0b..f5ae2d74 100644 --- a/x64_dbg_dbg/debugger_commands.cpp +++ b/x64_dbg_dbg/debugger_commands.cpp @@ -1832,6 +1832,7 @@ void cbLoadLibBPX() LibAddr = GetContextDataEx(fdProcessInfo->hThread, UE_EAX); #endif varset("$result", LibAddr, false); + backupctx.EFlags &= 0xFFFFFEFF; SetThreadContext(fdProcessInfo->hThread, &backupctx); VirtualFreeEx(fdProcessInfo->hProcess, DLLNameMem, 0, MEM_RELEASE); VirtualFreeEx(fdProcessInfo->hProcess, ASMAddr, 0, MEM_RELEASE); From 90c7c2393a81270b30a78eb8b3e190a881bfb955 Mon Sep 17 00:00:00 2001 From: "Mr. eXoDia" Date: Thu, 11 Dec 2014 17:49:36 +0100 Subject: [PATCH 04/18] DBG: added suspend/resume all threads --- help/resumeallthreads_threadresumeall.htm | 36 ++++++++++++++++++++ help/suspendallthreads_threadsuspendall.htm | 24 +++++++++++++ help/x64_dbg.wcp | Bin 83876 -> 85136 bytes x64_dbg_dbg/debugger_commands.cpp | 18 ++++++++++ x64_dbg_dbg/debugger_commands.h | 2 ++ x64_dbg_dbg/thread.cpp | 26 ++++++++++++++ x64_dbg_dbg/thread.h | 3 ++ x64_dbg_dbg/x64_dbg.cpp | 2 ++ 8 files changed, 111 insertions(+) create mode 100644 help/resumeallthreads_threadresumeall.htm create mode 100644 help/suspendallthreads_threadsuspendall.htm diff --git a/help/resumeallthreads_threadresumeall.htm b/help/resumeallthreads_threadresumeall.htm new file mode 100644 index 00000000..b098b6cb --- /dev/null +++ b/help/resumeallthreads_threadresumeall.htm @@ -0,0 +1,36 @@ + + + +resumeallthreads/threadresumeall + + + + + + + +

resumeallthreads[,threadresumeall]
Resume all threads in the debuggee.

+

+ + +arguments + +  +
+ + +This command has no arguments.

+

+ + +result
This command does not set any result +variables.

+

 

+ \ No newline at end of file diff --git a/help/suspendallthreads_threadsuspendall.htm b/help/suspendallthreads_threadsuspendall.htm new file mode 100644 index 00000000..6ace5501 --- /dev/null +++ b/help/suspendallthreads_threadsuspendall.htm @@ -0,0 +1,24 @@ + + + +suspendallthreads/threadsuspendall + + + + + + + +

suspendallthreads[,threadsuspendall]
Suspend all threads in the debuggee.

+

arguments 
This command has no arguments.

+

result
This command does not set any result +variables.

+ \ No newline at end of file diff --git a/help/x64_dbg.wcp b/help/x64_dbg.wcp index 390969236ae42b48217bf9738d94c61e9d3b73b9..d38b1f3528f950fb55087c41aff7b7a0a90a4692 100644 GIT binary patch delta 4596 zcmai2dstN0wV%xZ5=8`p1W_l5ibxKJGsnX?Ao3DNVh~Y@A;b`fs7MtNkSH}isG8R} z;{1@EAklF$cfuux;3GyGMSR3qFV}#j)EcT5t+m7`QcJC|uyw2Vp{qf$VdG0RYc!>rV$Bjw zktSc0r&&QiWtsv_39aPON~tCatEZ3Vb{`gjq6Bf=e>{Ly)5mhp5lq6v1P4>#7pKR? zL^J9Vf*>U%q9I8jItN0s1NPy;u=xgHAldS)s!_Ak)6DxvK#Bu+DS@Rn7 z38OIop@gm!hgQ+VASo>hH)rb5HnRxXNg1%3gdsoEELR=I=9JM`pX6mt77#Scfy1Xo z^vtS;b;i4BOOGU5M%fM!!R>Rzz3DcCn93PouaR*Hld zMx#14miLWi;mDce=~^0#;OFDvm}B?QYZOg1HfKhmBAo=iFb18oV_}#p61@nubM0E< zz|N0JT!sbta{{?xGMhjeR{2dr@jOpjO2&nG4$MxMuxGwm`?{tWN$Vm}us}rqTqC*` zIQY#GOhjX*1&=e*QTd`kV=$`b#p2P66!zC7TwG{I#DYZFUJ_8Vz=WVI2P$Wh<5^XR ze=!9uFN13BuB>POpa7LNsVtz}?&6Jg2qLhCCsF60V7twv(eA|nd&Y*1cR5cj$T z{jU~4SuD{g;&@IXIu_ft62)b8i5?C4X5{1+V%rjtMv3;lAm$k{bg3Gl6n;%Yn2uawbIqC-nb5ju+f@qSSnr}KCkED4p;#L`P zz0`()Vg9|KuP(%`H8vELDEMW$8P-yNB$kFD`9c`>yx~dnbacI8 zM`f9ernOd>*2pMYr(pjYBRbYO@OHU``U=ZaClH^+GvW@2kWMz`As|4R>(NJK}S4ALsn{5Y03#UHlBG7#T&&Z z^Ve{%L6828PL!>e(7MSC=}nQ~VYT1HVbN3((=~Ib8cWfBEE2t&ojf3l68LPT1-gxy z*zgMhdp2gH>lb$JW+Z57++so2<~USr70|L-M$c9|sw-tQZ!=>)F|U0~&@R>#An$P` zI^VKm{TA~0Z8PGw#-rdJ0nV){xbV*4ZL1kt_pW6~z6*Scp&vOBYu_XP-%{}SJsV|| z9{YxmMsZLe+RWysN-0VzOcf(<$0Ss37f}6|}r55j~o#ELgN%!P=byj&F}e=T1A`x5#L)nmtr}TgvZ6vFDHv z5r=meaUO$s8L~GJb=78V9tG=w-)OY#_Cdie0gjzAuI!?#u*ztxQO#UILY6!+vw{n- z!hk#6&IS{_`TbfbyA;%YV1#W~EOfPM!VWsnTU!egS8#E+5eIoJGV15weEunbpi}~b=b70lE7ednI6hs3pVV| zfSXOgqumQpX0xHUPC@EEGnzh(*G|<)YErnyQF~@#i`@bDy%MrMvf%XIcqk4LqAdkS z98Lu76Y=hUSZg9j(6*+_#K&eSa0)?G-_F@ z*L2~(EeLYXhogZY(3yq)PjpE9WE-p>6YP9qMtXf5+V%@H2BNiIK*pzPGRQ7?$!rWE z=@f;=MaXWLjoXbPE;VEztVxIB&nj{H6NP9qD)*;b4-oq9&%~w!cJzHJW7|R1umBpf z5%8HmB0dj;bVwjN9@`F6hdNY=zRwh*>u|a$9vPpNN3wDK zU^?=@5V7b`Cc3_GAoH+hz8ur2}v$Lz>GBE$X55VRc)fajNmkiIZr z&zEsDdZM0apW`-cII1AvgwA@R2nUY^BJ-Gxl8s?nBZ2B?$L2w5w!{8Q8HST&CW$ee z%tr2)@n|_I&^V|nq{WWL;|ls)%qTjMil$TU^x_C58PT|QVjg@?+i|H`M&Ox28G&cA zQFT(n{xbsZoHQW#tOMs-B-}kq(K{ug^D6;erxfI$v!Us<0^`?a6rYJh$aw*m&m^Pq zyjsR8=%0YwxnNX(l}w#kwK)bqezgQgFWBJzwF2}1m~r;&Y!tN;u6!MgrRPm}*s8Xu z_GUd=|JMSa3o`01iYU5}3jc4^w~Go5x4xk)Y0ZMIjovM-IT&cO(~jEh+uErmUQD6R zO!WP^5|Gm=cr2sm zS038iB5}OaL2orRH7&oj@ZKnTa+xlR{B?;C!*SV(^500P_?;PYrvUkiz>_D^hUJPA z^M56x`r8onwg;f*+iVX49L-`EkOg;%D7!49qKn=Ozmt&udo%4W*Oa?<-LFyuy&@z3 zsvYvTGK|+O=>0YVz1L*za%%D_7)znr(ueqb| z4D!uPI%l)idq#HrdSm)9YG zvEtx8k?HwnFY-I&fhT->6%;>cASShs*n9(#_E!>dUqE2L1Yh#7vcG`>tft$dzt!O2 zUrZ?W3!|5!3OC~)%*D2c^=#@-r*r>ajq86kBJ`06Q-3_RJfdCB{3(}neyB#@-z0=T z7LoDLfGrW!lpmX2VO{Z$YCQP62zMcza4Z^g9!-UFz&Y5q;-awO#~SqgVAz$xL@az9 zx2uKKYh$R2=KZMWb&Of912SLaMw__ljm!hL8WxOWe5xAk388J z-piQx;97_m3*dq~llUet`eSw{X1AwUJt6v37otb;t530NE_*UjD^t^^s-zGS#kYG> ze8PvZ{Wx7Ka><{$b5CzFNAY6m{Jb|4d6O5*~x?-7o`Ot33P?pTwd}z0OC`;wB zBWSl{7`YPYOS@f^3jCHY?S}fXtGr`4Q+Spi*}f@&1@Z!aR=^!TOyJ&6Gb8sJLC3Z| z&FXpg2;w8k#aG4y{D`^Pmxc4(ktB+yDK&wtzQ&)px&lefIe%tC_xIuC(NsS5X*QSp z1TiPw^!-ougP!yR5!-_RwgTPv!uj=4%u}5Oapy>u&BKF9XMG?^BkGB5#?dT?7d^ua zu&3#`&5L=n82-&OEP;z-$i<^UWb4qeBy{~K7E5meS3l-0p-heajZtg{U$3LoP%r;} zkDg~e%c?z+G#Q%b`GH6_nM|X=53=j|z0qts?+9W0`Q- z89FtF<4JS)v!r=oJUcqb(lde0{}-0>iA*g{iD!f{2bXlrpT|vP-Y|Af;Jst%O2tW( zeg9mKFPub@ zJtxtXR6R%RG)?3_0-2W?PUiIp%+6~klil=H7S69k5(`a8CXV&zefSgsfaKQh}r> zEQ?<7;q;v$^Nlilmfupy$Fi6w6-_Y2(_&c-uQpK3q-kVNrA%qM-=K=0O4B{ln6t)6 zUR1=9VR8%=W|xtL4?gEzAGivSieWQ(>vT$#XxFPUiaX;;d3P*Jr;jBS+~_lyzcP)| zX&`~3k`hPqt|XE?@9C8Cp<+0{m_$x(nob@&lhouj(Z#r^CKH*nHko`ZkEa;*Cex{= z1Qx<0rqd@kRSUm9gO1WtI+s#NxFeB-d(R}cjwBMYA&IWeFpKG|5#Cgt?MY;WI#pF{ z8$yY#F+8zZnZ=g!qFIDSlEQqcPBzXUpr*P}PsZ>YGuRwg6{)ttZj*Rb3T2{o3>6Oj z*MYaEuxZ>rgvsiYA#F0%jKY~0i=>!HeD_Q?3vLx5)`+35`3Mu6r_PZP>Pw^S0_mNh k)96jGGjy!0Z>YPyQvzr=6uFaz`jQxeQCTxwGt~9_f2;EnF8}}l delta 4243 zcmY*ce_WJR)}PA&5dy)4NJtYI0@BmNGY=z-vw%3_s7Qz|5=|_kq9WOZie#=C5-(de zJ5KW*xn{-=)4VJ@*@nt%=C4JTbK8nwCI>+MZmmbSj_?&=2L)fCUnMUtovR8jbS{Qn**k zl7iAzk}4aoS;r%5p$KiETP>+{STZXOBZYSLQdJEedgn2mpD+6LOZ(DMUgU8u(qqK} zEh6XBO%_$f5^PTw+A^LNDYeB;@?uhT$i2aqH&-ETv{t6nl~P zB*kLUU4%szthH#MvFH&|B9LAHdx;lIpOWBuLW}w*tk9O3A(jeoloh~T>gC-UCc^t< zg5QO0lko7FtuQ4F*8MopES{J9`>N9qnUnih$os2=NKzb$WpH=SCnx2Nn z8iiUKl4Z1_fp7gn6s%FKG%(hcVrY#A`sZXEU2DU&=L{?pYoaFO^txagX;8Hx3x--Z z@}ActY`qPE8x0s;FQR&54jgqJVwL3gq4GIv6ki#80rR1C3Rz|uwwT=iab7m8T1#g6!< zEDTIh_UN&tX(~!yBD{tsSbimuZc{H)Re@zEL*FRE`m&6}jUJd@k>U6sn{#UpN}B{! zZ_UI0CJ%~Um9h0#HbmG&m|hmtm8$i4?b9^0yzHTrP|)vQrR|lwF27=7>kw{BL(Wzq zXr1am_Pe(#_L9FS>tD5Fcv~TiggLw|)|n89CI|7w=0U}4bhBUEk>J!runVYn8ez99 zG1F~3f;g9q90!rlWk8q1jiT-JXuL+nwJn;Y1(D4Hik*UbiE15Ms~^Jwrxyb$5^Nyi zatQ@4;huG>)vD#H8ML4B9&Dh!OVd-?T4pwf% z?Kg6fx`RTq%M9BN4;H>DqvG`)h;PY*u+u;?1nw3ST6TKS_!}ACH?(lPu@QytJml;$ zkW|(~aKUXv$1X1pv`X0j=9u^U-?X6ClY{b>VAMuUQfH_P_{uXI{Vg6Ge@jN^Z|rFD z5)0iTu6gsIX;s*Gw=OTY+OeZ8mx@h!y)r4v?6-4~^p@hh@(A91%MM?A5srHWB>k=g zhX3^Ph(g-awWk<|-*KaJuO5!y+flbK16A*e zBqK4jPr&7O-Pqr$$H5L8yzfP#>Hl)z+9N2sbAKM9_j+)7zl?J-5S zLGGS|rJp3B=4de5x(m^B)Pv?f%GmJ-8;W}*EbS7|(UXC;V_J-KHK6HFdeUt{D^zQV ze``)oVNyFIA;vy2mev_XF&3ynPjcAYTca*r1cA4oX(CmR)3)JG4X z^rQ*3#|8grA_h*HasIfH9R1iU-S%gCY(I*F=Tt7NCq&XKaPfo(n$t2mKCt85X<2Ph zP4ho|T_=MfpP7TC4?V;lwm^r`5ACS2JiC;8ZP#zT*&pA~2AY#E|#Qy_mV!tp6RvLAa;*-PI7=cs+1vtrU`0x^;}dhaw< zx++_>QdPsZjAM_X_Y*IhhGT_k@SUgHcco(Kry?r9kkQ;rJ?PU$7%nKfjV-~QtSKn? zOk_)VR1Ebb-)C(|yhu&!a~t|E3NU;juuA;;V;!2m@M5hw4kHOMsJ>tes#L8~)j>CY zG7`R|R`|7y`Y*k>`89F&qT*jPNef$rJBOwq^eYjXOA@NSYJ(?y3?rw{hR%UhT<@cp z{)L+C*Is7u*H==%1A7NW4EBqN_=aM1shw7$veFQFHIPPHeO%82{>1z9=L_54qqS7STH-I{&VR;X5A@hJ?Z@#hkOo}C43u(9xo@)Zm4NL0vs-=kfHVyi}`*7hOG9pKuXt^%p^oXRcCGxg* zr9qk$2>E;8SbPX0;+hlg8v;&UlhhlOJJL<0f3)NCA7zAIccJB`nMr(40!#Kcg8TkC zAMy|F2p**mrW;P28a3eb4f=xkDF@Pz?TEcaJ@}>*eYYg^52oBhj}K918UOx%;!xQ? zeMFenbR7(%F7)4~*!(1_m9k<#=uq=h`}SCB%LTWb+xu7sBK{?E6Ju0UsYK*|*?39- zed!h6cJix=5^+c51!`tS&7C&CYt++tO)!hyUcj8qK`e_$GbWM}%{K=zk#A(pJzlXKcypAuK$#lFigc+${#G&Fw z1V0$Uw7e#YMH0q?;cNlVzn8q-70!xz$GxnLH%E{&wovBe<@YfYaWREH`*r-o``A3b zcO3JxgpX)gAh(B+QDYS0Si=coAc{7Qgp+^7FPWc;U{3W4)haBQp2j<($liS)SqR&p}@N)Qmhgt zFsJg|`JF`1Y%L!d&%#(HKNQcV`^S!0_A+-rNY^WTfUaDnWk!mLVT`4Uaz@K$@}W59 zqq?F;ZtVOM6UnwAfeG9mPkHG~V2QMA8vinZW%HZyY&Y+Dm|}PSLCRyG$Rc@eGSl$e zi9|)$<4HVMV1cx}Cz(CM#YYr+Jw(}wq-8$x5Fz`w)J$fHJZv&c;T;Jq5SIrM>E99^ zXQ?cCY*XCBcQbbFVRnG0q_Qwxo=oQblUSiLH1g_4C}RgwC}ZZt|7W6~%oh4hpkJir z{gWAeNq#5sT}jN#`yZv9P08dHX&PQ7P;4Vo=qS%(kzY|qF`Mg_X{sL9{oR05GW8UUW7J($!T{kw-Das7jrxO0CG-mDR%{d)w zqoo|)BeNV*V!11m@>iVBb|dcvk&AlP$qT2^-9x9cd_~jn!D)ojF!k=;9W&{o3E0tv-q8WHPfdGVtz9vhv5!KsoQsW?6Kt@3Ywy5__`Q1nv^)v`8Z{Gk7}XdDuvK zK0Tc>b@FF)NPaHM<>o93t~7&INz?M&Y~uIL8Fa!(wnBg@NyO+?CN`f} Date: Fri, 12 Dec 2014 15:45:38 +0100 Subject: [PATCH 05/18] DBG: resolve shortcut files --- x64_dbg_dbg/_global.cpp | 55 +++++++++++++++++++++++++++++++ x64_dbg_dbg/_global.h | 1 + x64_dbg_dbg/debugger_commands.cpp | 6 ++++ 3 files changed, 62 insertions(+) diff --git a/x64_dbg_dbg/_global.cpp b/x64_dbg_dbg/_global.cpp index fc47cee8..eb935d7a 100644 --- a/x64_dbg_dbg/_global.cpp +++ b/x64_dbg_dbg/_global.cpp @@ -1,4 +1,6 @@ #include "_global.h" +#include +#include #include HINSTANCE hInst; @@ -194,4 +196,57 @@ bool IsWow64() //x64_dbg supports WinXP SP3 and later only, so ignore the GetProcAddress crap :D IsWow64Process(GetCurrentProcess(), &bIsWow64Process); return !!bIsWow64Process; +} + +//Taken from: http://www.cplusplus.com/forum/windows/64088/ +bool ResolveShortcut(HWND hwnd, const wchar_t* szShortcutPath, char* szResolvedPath, size_t nSize) +{ + if(szResolvedPath == NULL) + return SUCCEEDED(E_INVALIDARG); + + //Initialize COM stuff + CoInitialize(NULL); + + //Get a pointer to the IShellLink interface. + IShellLink* psl = NULL; + HRESULT hres = CoCreateInstance(CLSID_ShellLink, NULL, CLSCTX_INPROC_SERVER, IID_IShellLink, (LPVOID*)&psl); + if(SUCCEEDED(hres)) + { + //Get a pointer to the IPersistFile interface. + IPersistFile* ppf = NULL; + hres = psl->QueryInterface(IID_IPersistFile, (void**)&ppf); + if(SUCCEEDED(hres)) + { + //Load the shortcut. + hres = ppf->Load(szShortcutPath, STGM_READ); + + if(SUCCEEDED(hres)) + { + //Resolve the link. + hres = psl->Resolve(hwnd, 0); + + if(SUCCEEDED(hres)) + { + //Get the path to the link target. + char szGotPath[MAX_PATH] = {0}; + hres = psl->GetPath(szGotPath, _countof(szGotPath), NULL, SLGP_SHORTPATH); + + if(SUCCEEDED(hres)) + { + strcpy_s(szResolvedPath, nSize, szGotPath); + } + } + } + + //Release the pointer to the IPersistFile interface. + ppf->Release(); + } + + //Release the pointer to the IShellLink interface. + psl->Release(); + } + + //Uninitialize COM stuff + CoUninitialize(); + return SUCCEEDED(hres); } \ No newline at end of file diff --git a/x64_dbg_dbg/_global.h b/x64_dbg_dbg/_global.h index 1f8beea5..92f7feed 100644 --- a/x64_dbg_dbg/_global.h +++ b/x64_dbg_dbg/_global.h @@ -122,6 +122,7 @@ bool GetFileNameFromHandle(HANDLE hFile, char* szFileName); bool settingboolget(const char* section, const char* name); arch GetFileArchitecture(const char* szFileName); bool IsWow64(); +bool ResolveShortcut(HWND hwnd, const wchar_t* szShortcutPath, char* szResolvedPath, size_t nSize); #include "dynamicmem.h" diff --git a/x64_dbg_dbg/debugger_commands.cpp b/x64_dbg_dbg/debugger_commands.cpp index 7cd6f920..944cb40c 100644 --- a/x64_dbg_dbg/debugger_commands.cpp +++ b/x64_dbg_dbg/debugger_commands.cpp @@ -20,6 +20,12 @@ CMDRESULT cbDebugInit(int argc, char* argv[]) static char arg1[deflen] = ""; if(!argget(*argv, arg1, 0, false)) return STATUS_ERROR; + char szResolvedPath[MAX_PATH] = ""; + if(ResolveShortcut(GuiGetWindowHandle(), StringUtils::Utf8ToUtf16(arg1).c_str(), szResolvedPath, _countof(szResolvedPath))) + { + dprintf("resolved shortcut \"%s\"->\"%s\"\n", arg1, szResolvedPath); + strcpy_s(arg1, szResolvedPath); + } if(!FileExists(arg1)) { dputs("file does not exist!"); From 94fad3a0c4bd257f10c664641c555df8421c861c Mon Sep 17 00:00:00 2001 From: "Mr. eXoDia" Date: Fri, 12 Dec 2014 15:46:17 +0100 Subject: [PATCH 06/18] GUI: do not check file extensions (for dragging & dropping .lnk or other files) --- x64_dbg_gui/Project/Src/Gui/MainWindow.cpp | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/x64_dbg_gui/Project/Src/Gui/MainWindow.cpp b/x64_dbg_gui/Project/Src/Gui/MainWindow.cpp index 9fd64d46..688d8b68 100644 --- a/x64_dbg_gui/Project/Src/Gui/MainWindow.cpp +++ b/x64_dbg_gui/Project/Src/Gui/MainWindow.cpp @@ -586,13 +586,10 @@ void MainWindow::dropEvent(QDropEvent* pEvent) if(pEvent->mimeData()->hasUrls()) { QString filename = QDir::toNativeSeparators(pEvent->mimeData()->urls()[0].toLocalFile()); - if(filename.contains(".exe", Qt::CaseInsensitive) || filename.contains(".dll", Qt::CaseInsensitive)) - { - if(DbgIsDebugging()) - DbgCmdExecDirect("stop"); - QString cmd; - DbgCmdExec(cmd.sprintf("init \"%s\"", filename.toUtf8().constData()).toUtf8().constData()); - } + if(DbgIsDebugging()) + DbgCmdExecDirect("stop"); + QString cmd; + DbgCmdExec(cmd.sprintf("init \"%s\"", filename.toUtf8().constData()).toUtf8().constData()); pEvent->acceptProposedAction(); } } From 208e216a35616de102e653ca419724b294f0031b Mon Sep 17 00:00:00 2001 From: "Mr. eXoDia" Date: Fri, 12 Dec 2014 16:56:01 +0100 Subject: [PATCH 07/18] LAUNCHER: resolve .lnk shortcuts --- x64_dbg_launcher/x64_dbg_launcher.cpp | 64 ++++++++++++++++++++++++++- 1 file changed, 62 insertions(+), 2 deletions(-) diff --git a/x64_dbg_launcher/x64_dbg_launcher.cpp b/x64_dbg_launcher/x64_dbg_launcher.cpp index 2239e07d..f4f2ec64 100644 --- a/x64_dbg_launcher/x64_dbg_launcher.cpp +++ b/x64_dbg_launcher/x64_dbg_launcher.cpp @@ -2,6 +2,8 @@ #include #include #include +#include +#include enum arch { @@ -98,6 +100,59 @@ static void CreateUnicodeFile(const wchar_t* file) CloseHandle(hFile); } +//Taken from: http://www.cplusplus.com/forum/windows/64088/ +static bool ResolveShortcut(HWND hwnd, const wchar_t* szShortcutPath, char* szResolvedPath, size_t nSize) +{ + if(szResolvedPath == NULL) + return SUCCEEDED(E_INVALIDARG); + + //Initialize COM stuff + CoInitialize(NULL); + + //Get a pointer to the IShellLink interface. + IShellLink* psl = NULL; + HRESULT hres = CoCreateInstance(CLSID_ShellLink, NULL, CLSCTX_INPROC_SERVER, IID_IShellLink, (LPVOID*)&psl); + if(SUCCEEDED(hres)) + { + //Get a pointer to the IPersistFile interface. + IPersistFile* ppf = NULL; + hres = psl->QueryInterface(IID_IPersistFile, (void**)&ppf); + if(SUCCEEDED(hres)) + { + //Load the shortcut. + hres = ppf->Load(szShortcutPath, STGM_READ); + + if(SUCCEEDED(hres)) + { + //Resolve the link. + hres = psl->Resolve(hwnd, 0); + + if(SUCCEEDED(hres)) + { + //Get the path to the link target. + char szGotPath[MAX_PATH] = {0}; + hres = psl->GetPath(szGotPath, _countof(szGotPath), NULL, SLGP_SHORTPATH); + + if(SUCCEEDED(hres)) + { + strcpy_s(szResolvedPath, nSize, szGotPath); + } + } + } + + //Release the pointer to the IPersistFile interface. + ppf->Release(); + } + + //Release the pointer to the IShellLink interface. + psl->Release(); + } + + //Uninitialize COM stuff + CoUninitialize(); + return SUCCEEDED(hres); +} + int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd) { CoInitialize(NULL); //fixed some crash @@ -192,10 +247,15 @@ int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLi } if(argc == 2) //one argument -> execute debugger { + wchar_t szPath[MAX_PATH] = L""; + wcscpy_s(szPath, argv[1]); + char szResolvedPath[MAX_PATH] = ""; + if(ResolveShortcut(0, szPath, szResolvedPath, _countof(szResolvedPath))) + MultiByteToWideChar(CP_ACP, 0, szResolvedPath, -1, szPath, _countof(szPath)); std::wstring cmdLine = L"\""; - cmdLine += argv[1]; + cmdLine += szPath; cmdLine += L"\""; - switch(GetFileArchitecture(argv[1])) + switch(GetFileArchitecture(szPath)) { case x32: if(sz32Path[0]) From 5fe328e73ced382c1bfc50bb90864f073ae289bf Mon Sep 17 00:00:00 2001 From: SmilingWolf Date: Fri, 12 Dec 2014 20:06:22 +0100 Subject: [PATCH 08/18] Implemented (almost) all of the suggested fixes --- x64_dbg_dbg/debugger_commands.cpp | 35 +++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 11 deletions(-) diff --git a/x64_dbg_dbg/debugger_commands.cpp b/x64_dbg_dbg/debugger_commands.cpp index f5ae2d74..f3e71686 100644 --- a/x64_dbg_dbg/debugger_commands.cpp +++ b/x64_dbg_dbg/debugger_commands.cpp @@ -12,9 +12,10 @@ #include "assemble.h" static bool bScyllaLoaded = false; -CONTEXT backupctx = { 0 }; +uint LoadLibThreadID; LPVOID DLLNameMem; LPVOID ASMAddr; +TITAN_ENGINE_CONTEXT_t backupctx = { 0 }; CMDRESULT cbDebugInit(int argc, char* argv[]) { @@ -1776,16 +1777,19 @@ CMDRESULT cbDebugLoadLib(int argc, char* argv[]) return STATUS_ERROR; } + LoadLibThreadID = fdProcessInfo->dwThreadId; + HANDLE LoadLibThread = threadgethandle((DWORD)LoadLibThreadID); + DLLNameMem = VirtualAllocEx(fdProcessInfo->hProcess, NULL, strlen(argv[1]) + 1, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); ASMAddr = VirtualAllocEx(fdProcessInfo->hProcess, NULL, 0x1000, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE); if(!DLLNameMem || !ASMAddr) { - dprintf("Error: couldn't allocate memory"); + dprintf("Error: couldn't allocate memory in debuggee"); return STATUS_ERROR; } - if(!WriteProcessMemory(fdProcessInfo->hProcess, DLLNameMem, argv[1], strlen(argv[1]), NULL)) + if(!memwrite(fdProcessInfo->hProcess, DLLNameMem, argv[1], strlen(argv[1]), NULL)) { dprintf("Error: couldn't write process memory"); return STATUS_ERROR; @@ -1797,8 +1801,7 @@ CMDRESULT cbDebugLoadLib(int argc, char* argv[]) char command[50] = ""; char error[256] = ""; - backupctx.ContextFlags = CONTEXT_FULL; - GetThreadContext(fdProcessInfo->hThread, &backupctx); + GetFullContextDataEx(LoadLibThread, &backupctx); valfromstring("kernel32:LoadLibraryA", &LoadLibraryA, false); @@ -1811,11 +1814,20 @@ CMDRESULT cbDebugLoadLib(int argc, char* argv[]) assembleat((uint)ASMAddr, command, &size, error, true); counter += size; + +#ifdef _WIN64 + sprintf(command, "mov rax, "fhex, LoadLibraryA); + assembleat((uint)ASMAddr + counter, command, &size, error, true); + counter += size; + sprintf(command, "call rax"); +#else sprintf(command, "call "fhex, LoadLibraryA); +#endif // _WIN64 + assembleat((uint)ASMAddr + counter, command, &size, error, true); counter += size; - SetContextDataEx(fdProcessInfo->hThread, UE_CIP, (uint)ASMAddr); + SetContextDataEx(LoadLibThread, UE_CIP, (uint)ASMAddr); SetBPX((uint)ASMAddr + counter, UE_SINGLESHOOT | UE_BREAKPOINT_TYPE_INT3, (void*)cbLoadLibBPX); unlock(WAITID_RUN); @@ -1826,14 +1838,15 @@ CMDRESULT cbDebugLoadLib(int argc, char* argv[]) void cbLoadLibBPX() { uint LibAddr = 0; + HANDLE LoadLibThread = threadgethandle((DWORD)LoadLibThreadID); #ifdef _WIN64 - LibAddr = GetContextDataEx(fdProcessInfo->hThread, UE_RAX); + LibAddr = GetContextDataEx(LoadLibThread, UE_RAX); #else - LibAddr = GetContextDataEx(fdProcessInfo->hThread, UE_EAX); -#endif + LibAddr = GetContextDataEx(LoadLibThread, UE_EAX); +#endif //_WIN64 varset("$result", LibAddr, false); - backupctx.EFlags &= 0xFFFFFEFF; - SetThreadContext(fdProcessInfo->hThread, &backupctx); + backupctx.eflags &= ~0x100; + SetFullContextDataEx(LoadLibThread, &backupctx); VirtualFreeEx(fdProcessInfo->hProcess, DLLNameMem, 0, MEM_RELEASE); VirtualFreeEx(fdProcessInfo->hProcess, ASMAddr, 0, MEM_RELEASE); //update GUI From 072f18b3c13a75f149eafdab4c3a1c8d49cc4de5 Mon Sep 17 00:00:00 2001 From: SmilingWolf Date: Fri, 12 Dec 2014 21:53:43 +0100 Subject: [PATCH 09/18] Threads problem: FIXED --- help/x64_dbg.wcp | Bin 85136 -> 85654 bytes x64_dbg_dbg/debugger_commands.cpp | 4 ++++ 2 files changed, 4 insertions(+) diff --git a/help/x64_dbg.wcp b/help/x64_dbg.wcp index d38b1f3528f950fb55087c41aff7b7a0a90a4692..9722331e5d2a136a8729303565c0f7f8b33ce87e 100644 GIT binary patch delta 4034 zcmYjU4_K5{)}PBCLjr;ck-(jh5P@D_-g$Y&kp?8B30Wd!QHcl<5z%FFL`-YdMe~~s zr*WF!$TgN|nC4^I2@91qQ`aSybDFVUc3$%{C(C<|h-j%Wyq z7N@~c?1H>RLi;lsFHZY2B^X(f2}6m1l41jnmAH`ojD)^tHRyV_7Ih_Rs7n-7mI}n@ z;bJNI@vMZd=giQQ8nC@gfVDIa_sU$nSItD6S!zL7SvU&H6!ex0#OI@UnG=qsGK2~< z%E~JcyIjObc{O^LyWlgQoUOE=V7Y{2D+4fEp}?|2pm809DhDbm728TPVpr7Q&Psu( zgofn-7+aBs=4uzVoe)v8$^!GsTI8)3h{|4hd374jtakWnRVn-fHA}|1pU0p_ttMKE zJF5y|t`V?tbuprT;Y8ifWsLm745_9RL$v}?4Xmq!Fj%8Q!x{&Zu=EKnwj0M0wi`a(Bu}&Z=LcfOe*6N_Ecd`_;Eloz?dIw6^ z<>Bu745CrCdL61ZP`;lx!I?sPyupHV>(p?sFQgR4qhRAC?>O!GVz@RsAa78x@dY!+ zHl+H_R!LYJHp5H5-7p2!8`IG7q6>x>By9Sn9f2<@&~K7qe3ABklM97AY40~{;Mf^X zv>ZNfCqdq#U~r#=JzHGJ+AO2?S7sYci46kEx1_<|;AC2~1xLde8G-7pX59G|El7+f zqY9QZq+{_*1h~xv-ByWsGj47b+3X3oX5**Z=HTdd7vf)%VErF6245;du}MJ1_7WU4 zxzL+0V#mu?XiRCy+9ASZlHl0kMDfcq+FzM)^_3Fe<*I71^qJ5%im2To@rL?1zmPe%Cx(*IJkQp;Nb2OM3GeAL}h2!p}EP0qTLc|xf!7}m$XOlU8Y)xw$-!H zxThUM2_ni~x8g1rAvBBk)u>j`pAl=DKcaG#VEnZO*I&;>MvH*rW&^rfJjLa;_{N0A zH%f5t*O@496|lO+fP-&pY;T%S^oB$%8Eq|q%|Vsh8V*Nm7Q)+HFuf_^YMU8Zj(p!a zR9MuyymX#pD(M8^fdD}z> zO2qa~D=xVUkiS<%>D!BObgu)2oeHe)n4#XQNAG^r$+jN8d3zy1%ER_=gs#kLgg+ zqlf8O2HHQ+V6lJX}B9e+0aSE=e$E3o!tB8>e49LE)0 z>UUw|pCt^PpzSzO3#DI==92Pm7YDYSP;mDzX0{GtA3lWQlbIMiC3;8E7(AH` z}s+m)&> zSP^SaK+KmCs=lC$=SvsTE=Vw4q-K3KoM;JKh9C5a2>eQ9%XnA>T{P8SwIl8#HIz#h z3|>satxF;-A4@3u+J!np6h>nrkT78JucTMP^VoMa5kmtaV!xIk#rnZ;*^S#@iwM2$ z;Wfw{tY@q6!;wS`4ESMiP=xxjg6zL`u({rrJQ^E`m?0awNir}*>;9@B>l?TCt>D4X zT(P5jNWi5l5<-?}}8AR%OQ4?0GYaAs77-?tLv8*c9wd7KRyv%@ti;PjYeyCFmRr+YkO6l2g$ z8ysT-PTiEKO|Pf-75hFJ@^@}r_@{)RTXwYGlyLf%=vz-E+}4u};rmXe^W=ydCouxJ zO#rt%NlKVZ4T7Fy8$BW4NJi=LGD#rA{9mh&4AQkB;J&`Ec>v^$sCF>p`h z;f#sCp3}v?)AB8hxpzk~nV0x5+wMy&m1}&N$g>!u4j_rV$Cqv7aXvI(>&I;Tx(})9 z{YfLwml=4cKWnERC;b?kyUCyFdCq-IBqp41@hH0QV{X2960I`@usu9>GAl*+Hv)fW zGVA0;0ZihJfy~Y$Co`FfD#2G)Y5Dre>@mLoe%8(x2a;(^5SiB8&m;ob7sFIc%T8GWhMOq(NMS7ZH6=YPdC$HBzi=4bi+Snnm*bhe&z< zR7z)Fl*ec!%j4IhSO;xgm_B(Nus@n~1|DKH+&Yc<;dps0H%?}Ll!31vV$s|d#Y*^{ zX_PNpG&z6%C(K4IOy&*^3qZotQMRN&`T&slk!dWQs~=_^-0>4i(#XS<_-YNg-xWia z&uS<&QPU^3l&&p4Hk~!`Z64V`EQQq_!{R9!U&gR`eDx!go4)BZG{i9{&z#BB{9YWZ z8|TDFsD6}18a^^7YSXcta8a9ZDdej7P_TB6va)3*u!n2`x$(NAu35@g{*F2d_!oIE#v`Okja1 zl;e4hNZ2&e@m`S>oJ&RCoJ=+c9%TXCBC<(1zc9{|G(WycBETQ#6@EwZ=%+~hoR+=A zb3KK4TqZE$0{JP460|slfE-%NK5-geps?*c(<2Q^Vbgf4%;I^#Y$}K!=W=+%Z1T<1 zhDTU(@omc~n5%=}gaN^Bd_bk;uMuHkI2&Ch#4Z z zro5KTr{VD@2&E;P#qfwMmOz{M_#CpR@U(*pJqi>#BexBv9&I$?9 NQp1;3!Ky&-@4p_NWuE{5 delta 3996 zcmYjUe_T{m7Jru?Vx|T(5)wO&M1b^oJRXm6ppnKACn92zT%(By2oVbr5m_o%$!v0M znvm}_*9d8vW{I7p#B#}6D>T<-%}j}m%v?0qTytGQ7u_=5GedrM|A2Guz279mR*ymg-ubrA`{>4Ji7_sxX7NQAYhBQ#Brg*22e zNJad8j^GNR4iVc@2$c?2oEVla%oY55^LC}fx~LQ5i)F~avg57$3vljNBFPw7inEY# zzZP|iZHRwBCVdOeKA^T18&GV`LUXYf`Uhp$9?&BEml~2*RF*^{q(p_zDw3X$st2{` zvD&ccA(?bL)|W;iu2hAgL?k^QJtbb$KP;p7p$Qwk4_VS3f9(&w5-F_6>dbY(T}jxXTbVI7S=a;pnp=q;>R5re=>_woVF&B{y(s0K3q?DNQ)RqMfHqPu!3C+*8uxhZmiOAh3qhgbcu8kh3&nZ~* zTRX;{%Z9p1M2S5IRnHOKO*Z5_Pv!X>-Hjs|l3hkYi;NDt2hs})ywB_4epZ9d=dElN zu0H=D@>=w8I6R2ktibt#7R@izVt8{Qv@IgZ=vG|_np&wpTHGjt3fpEsg!*H%6_HLA za;u1XXBKSG;!x}Q;IyCHbOW4-bcwJy71X&DbUQuB;R>2xv?FMXh-{Y_T25J8j&er| z8o3sIE*nOYBs6f!^h+|NEn?Uzp+;CDEWyH-RM@w85%;o;vX>kf+Zu_nmqo<3Nyu-{ z!P+(tl&uOjyi5)LaxF%;nxJi`v~*a|(oUXVQQ+D-!Q8dgiXe9(Nw2wsWxDSZ z=TkBCngdOpCcI@xpz}1G=)4=zzw@wktb8~XXMX3vrY;k9c8VD9vLN|&FVw9PF2C+T zyRQ)YyF^6)VKI!q_ad@eM!2sPgWdT!>r+tlMiFZN;6?76G8($IDC@4nq-|Nyy&;j* zAa7SPJa2eV(4(U1O{%Ev`7mu0VcTAWH@Ep2rsLK0R5bTEk^OcqtlJgre7gWc+r9AZ zkkS2?Bdnap=n|oZhHENpZ%a7vMr~+zo!LLtkVh20t!A(5EqQ9yG&#fNJp53dDTk z#pFXW&V6FX-b1Q?fKv>aR6ny0-;2sm-BfXGVH)&@94PuM3L^t%reNNeG;a=v&`v38 z4|}m_kSb$7EN8XQOHiTP5*;xEL|r9z!hj(LYuu;U94Oh*-L9I{iFCnNhy ziMm`y`?9&%yB)^bIHB@^LwMna~(;Rq{74E}fvEJlw*T;rsVzWB7Ck&JIh2sKrwyDUjnr zP;kPB@oy9)pKJ|YF097(v$x~SNhzT3woG91zv;r*-&G`yw1(Ew^)AKsbF*=JM1tm9 zD!IS=F!rs2gi}to0%_Y51Ab1OlA-yBg4}O?@TAMIe5-@$OcaVwmtw~m5hJH1O#e=S z3=GSJ?r9?cTj?ko>dY4os8^%`f%!B z3S!Q+2CovT0|6X8Ck6CtA2$BWhmr3UM31^quO{KhsEWzwWn_Ktqx30=8gmA(7AgW^ z9T}4m@^2aX^WD5+I+c(9`~>sd3#IUm%NV>MA?TtW`hU}hFDfLpkjEQX6EDAm-Hri* z1pSA;+g$8onS8gAN>YDOM~EooULp%WSp4795dLEb72=E^e+m76x~RNPTudj8Ed9`c zfy)MeOPxui7Dz|NPxDauqn{`Rd)bMRD>A11B*A=DkH(+6Ueqy_B#rMY4Xhr!eX|jM zRpDkv+f7&fS3{HeYJk9t8(AqI31WJ#VNBw=!OX}T8S|lHfrRi&A^wGy*9EZ#K1S?# zOfaE}LYakc2xgr`M)uR>Wg)DU*M%_+j|pQ*JU*0Av^4WAp@fo!IsUHYb(5Hj>#k!W zH-#}dbU8g)OL169;XPrjn_H(ancF9`HXeUHK?<&8D&KHD`Ruul`FLasoo<@KoIHLS zX@%Fbz;^>ad?O2CX?)!@%53lTtdo~cr(j6a@}8;0I^hOZfRU_(382DXxq;o!cTS@S zDS5ni8q@i4QM`XTtK^SHQ1}fukmI8fM1K4Ra=b5+D3GS*qv2%l;7sz~8A0)xW5`i# zBtiN$1i2K++OYV}WL`Lph4A-oq{B-y$dXn=h$B&i_(4NSYP*SL^F1@@^OK@k4i}?X z7axlz+~k|+bmvUU?9fegD#oyUo)=B0x|``VVJ4k6$FgXC4}*|n0>brW_%WL8aI%Wj(C=f3kwq_ z%niqpIn8aXgzIjl*kckX_RF_24?mYcF`bGhBc#RiwnVa7cN;~wUmt|ofUE7*Gl@jz(E}PFsEdf&c|B*Uy7a<$+$f+xr z%pT1nJEZAQ7#BXFgr{kE_1(-uv)Dhh0-hProcess, DLLNameMem, 0, MEM_RELEASE); VirtualFreeEx(fdProcessInfo->hProcess, ASMAddr, 0, MEM_RELEASE); + threadresumeall(); //update GUI GuiSetDebugState(paused); DebugUpdateGui(GetContextDataEx(hActiveThread, UE_CIP), true); From 388d5a0afe7b33a6e6071c905b0c784929dfd781 Mon Sep 17 00:00:00 2001 From: "Mr. eXoDia" Date: Sun, 14 Dec 2014 00:46:09 +0100 Subject: [PATCH 10/18] DBG: resolved issue #194 (very stupid stack overflow in _dbg_addrinfoget) --- x64_dbg_dbg/_exports.cpp | 6 +----- x64_dbg_dbg/addrinfo.cpp | 5 +++-- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/x64_dbg_dbg/_exports.cpp b/x64_dbg_dbg/_exports.cpp index 4038e19f..7f723b75 100644 --- a/x64_dbg_dbg/_exports.cpp +++ b/x64_dbg_dbg/_exports.cpp @@ -87,12 +87,8 @@ extern "C" DLL_EXPORT bool _dbg_addrinfoget(duint addr, SEGMENTREG segment, ADDR bool retval = false; if(addrinfo->flags & flagmodule) //get module { - char module[64] = ""; - if(modnamefromaddr(addr, module, false) and strlen(module) < MAX_MODULE_SIZE) //get module name - { - strcpy(addrinfo->module, module); + if(modnamefromaddr(addr, addrinfo->module, false)) //get module name retval = true; - } } if(addrinfo->flags & flaglabel) { diff --git a/x64_dbg_dbg/addrinfo.cpp b/x64_dbg_dbg/addrinfo.cpp index cd500fa4..8694e45b 100644 --- a/x64_dbg_dbg/addrinfo.cpp +++ b/x64_dbg_dbg/addrinfo.cpp @@ -244,9 +244,10 @@ bool modnamefromaddr(uint addr, char* modname, bool extension) const ModulesInfo::iterator found = modinfo.find(Range(addr, addr)); if(found == modinfo.end()) //not found return false; - strcpy(modname, found->second.name); + String mod = found->second.name; if(extension) - strcat(modname, found->second.extension); //append extension + mod += found->second.extension; + strcpy_s(modname, MAX_MODULE_SIZE, mod.c_str()); return true; } From b29695b8ab76f2c9bee260c6d2acb54bbc8138a5 Mon Sep 17 00:00:00 2001 From: "Mr. eXoDia" Date: Sun, 14 Dec 2014 01:52:27 +0100 Subject: [PATCH 11/18] DBG: changed mulhi operator symbol --- help/Calculations.htm | 2 +- x64_dbg_dbg/math.cpp | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/help/Calculations.htm b/help/Calculations.htm index a2142a54..437689dd 100644 --- a/help/Calculations.htm +++ b/help/Calculations.htm @@ -30,7 +30,7 @@ use one.

2:not: '~' The not operator can be used before a number of a variable, like in C.

3:muliplication/devision: '*' = regular -multiplication (signed/unsigned), '$' = get the higher part of the +multiplication (signed/unsigned), '`' = get the higher part of the multiplication, '/' = regular devision (signed/unsigned, devide by zero=error) and '%' = get the modulo (remainder) of the devision.

4:addition/substraction: '+' and '-'

diff --git a/x64_dbg_dbg/math.cpp b/x64_dbg_dbg/math.cpp index 6b28e999..5d1759b9 100644 --- a/x64_dbg_dbg/math.cpp +++ b/x64_dbg_dbg/math.cpp @@ -34,7 +34,7 @@ int mathisoperator(char ch) return 1; else if(ch == '~') return 2; - else if(ch == '*' or ch == '$' or ch == '/' or ch == '%') + else if(ch == '*' or ch == '`' or ch == '/' or ch == '%') return 3; else if(ch == '+' or ch == '-') return 4; @@ -122,7 +122,7 @@ bool mathdounsignedoperation(char op, uint left, uint right, uint* result) case '*': *result = left * right; return true; - case '$': + case '`': *result = umulhi(left, right); return true; case '/': @@ -171,7 +171,7 @@ bool mathdosignedoperation(char op, sint left, sint right, sint* result) case '*': *result = left * right; return true; - case '$': + case '`': *result = mulhi(left, right); return true; case '/': From e8f4cd2ddf9c5590f889bd98981bb18dd629c85f Mon Sep 17 00:00:00 2001 From: "Mr. eXoDia" Date: Sun, 14 Dec 2014 01:58:17 +0100 Subject: [PATCH 12/18] DBG: moved some functions to different files --- x64_dbg_dbg/_dbgfunctions.cpp | 65 +++-------------------------------- x64_dbg_dbg/addrinfo.cpp | 17 +++++++++ x64_dbg_dbg/addrinfo.h | 2 ++ x64_dbg_dbg/value.cpp | 47 ++++++++++++++++++++++--- x64_dbg_dbg/value.h | 3 +- 5 files changed, 68 insertions(+), 66 deletions(-) diff --git a/x64_dbg_dbg/_dbgfunctions.cpp b/x64_dbg_dbg/_dbgfunctions.cpp index 44b7a4f5..0ba1b342 100644 --- a/x64_dbg_dbg/_dbgfunctions.cpp +++ b/x64_dbg_dbg/_dbgfunctions.cpp @@ -92,23 +92,6 @@ static bool _patchrestore(duint addr) return patchdel(addr, true); } -static int _modpathfromaddr(duint addr, char* path, int size) -{ - Memory wszModPath(size * sizeof(wchar_t), "_modpathfromaddr:wszModPath"); - if(!GetModuleFileNameExW(fdProcessInfo->hProcess, (HMODULE)modbasefromaddr(addr), wszModPath, size)) - { - *path = '\0'; - return 0; - } - strcpy_s(path, size, StringUtils::Utf16ToUtf8(wszModPath()).c_str()); - return (int)strlen(path); -} - -static int _modpathfromname(const char* modname, char* path, int size) -{ - return _modpathfromaddr(modbasefromname(modname), path, size); -} - static void _getcallstack(DBGCALLSTACK* callstack) { stackgetcallstack(GetContextDataEx(hActiveThread, UE_CSP), (CALLSTACK*)callstack); @@ -181,46 +164,6 @@ static void _memupdatemap() memupdatemap(fdProcessInfo->hProcess); } -static duint _fileoffsettova(const char* modname, duint offset) -{ - char modpath[MAX_PATH] = ""; - if(DbgFunctions()->ModPathFromName(modname, modpath, MAX_PATH)) - { - HANDLE FileHandle; - DWORD LoadedSize; - HANDLE FileMap; - ULONG_PTR FileMapVA; - if(StaticFileLoadW(StringUtils::Utf8ToUtf16(modpath).c_str(), UE_ACCESS_READ, false, &FileHandle, &LoadedSize, &FileMap, &FileMapVA)) - { - ULONGLONG rva = ConvertFileOffsetToVA(FileMapVA, //FileMapVA - FileMapVA + (ULONG_PTR)offset, //Offset inside FileMapVA - false); //Return without ImageBase - StaticFileUnloadW(StringUtils::Utf8ToUtf16(modpath).c_str(), true, FileHandle, LoadedSize, FileMap, FileMapVA); - return offset < LoadedSize ? (duint)rva + modbasefromname(modname) : 0; - } - } - return 0; -} - -static duint _vatofileoffset(duint va) -{ - char modpath[MAX_PATH] = ""; - if(DbgFunctions()->ModPathFromAddr(va, modpath, MAX_PATH)) - { - HANDLE FileHandle; - DWORD LoadedSize; - HANDLE FileMap; - ULONG_PTR FileMapVA; - if(StaticFileLoadW(StringUtils::Utf8ToUtf16(modpath).c_str(), UE_ACCESS_READ, false, &FileHandle, &LoadedSize, &FileMap, &FileMapVA)) - { - ULONGLONG offset = ConvertVAtoFileOffsetEx(FileMapVA, LoadedSize, 0, va - modbasefromaddr(va), true, false); - StaticFileUnloadW(StringUtils::Utf8ToUtf16(modpath).c_str(), true, FileHandle, LoadedSize, FileMap, FileMapVA); - return (duint)offset; - } - } - return 0; -} - void dbgfunctionsinit() { _dbgfunctions.AssembleAtEx = _assembleatex; @@ -237,8 +180,8 @@ void dbgfunctionsinit() _dbgfunctions.PatchEnum = (PATCHENUM)patchenum; _dbgfunctions.PatchRestore = _patchrestore; _dbgfunctions.PatchFile = (PATCHFILE)patchfile; - _dbgfunctions.ModPathFromAddr = _modpathfromaddr; - _dbgfunctions.ModPathFromName = _modpathfromname; + _dbgfunctions.ModPathFromAddr = modpathfromaddr; + _dbgfunctions.ModPathFromName = modpathfromname; _dbgfunctions.DisasmFast = disasmfast; _dbgfunctions.MemUpdateMap = _memupdatemap; _dbgfunctions.GetCallStack = _getcallstack; @@ -253,6 +196,6 @@ void dbgfunctionsinit() _dbgfunctions.IsProcessElevated = IsProcessElevated; _dbgfunctions.GetCmdline = _getcmdline; _dbgfunctions.SetCmdline = _setcmdline; - _dbgfunctions.FileOffsetToVa = _fileoffsettova; - _dbgfunctions.VaToFileOffset = _vatofileoffset; + _dbgfunctions.FileOffsetToVa = valfileoffsettova; + _dbgfunctions.VaToFileOffset = valvatofileoffset; } diff --git a/x64_dbg_dbg/addrinfo.cpp b/x64_dbg_dbg/addrinfo.cpp index 8694e45b..e7bad31c 100644 --- a/x64_dbg_dbg/addrinfo.cpp +++ b/x64_dbg_dbg/addrinfo.cpp @@ -323,6 +323,23 @@ uint modentryfromaddr(uint addr) return found->second.entry; } +int modpathfromaddr(duint addr, char* path, int size) +{ + Memory wszModPath(size * sizeof(wchar_t), "modpathfromaddr:wszModPath"); + if(!GetModuleFileNameExW(fdProcessInfo->hProcess, (HMODULE)modbasefromaddr(addr), wszModPath, size)) + { + *path = '\0'; + return 0; + } + strcpy_s(path, size, StringUtils::Utf16ToUtf8(wszModPath()).c_str()); + return (int)strlen(path); +} + +int modpathfromname(const char* modname, char* path, int size) +{ + return modpathfromaddr(modbasefromname(modname), path, size); +} + ///api functions bool apienumexports(uint base, EXPORTENUMCALLBACK cbEnum) { diff --git a/x64_dbg_dbg/addrinfo.h b/x64_dbg_dbg/addrinfo.h index 89dbdd0f..11599fd2 100644 --- a/x64_dbg_dbg/addrinfo.h +++ b/x64_dbg_dbg/addrinfo.h @@ -136,6 +136,8 @@ uint modbasefromname(const char* modname); uint modsizefromaddr(uint addr); bool modsectionsfromaddr(uint addr, std::vector* sections); uint modentryfromaddr(uint addr); +int modpathfromaddr(duint addr, char* path, int size); +int modpathfromname(const char* modname, char* path, int size); bool apienumexports(uint base, EXPORTENUMCALLBACK cbEnum); diff --git a/x64_dbg_dbg/value.cpp b/x64_dbg_dbg/value.cpp index c97078ff..486f03b2 100644 --- a/x64_dbg_dbg/value.cpp +++ b/x64_dbg_dbg/value.cpp @@ -1535,7 +1535,7 @@ bool valfromstring(const char* string, uint* value, bool silent, bool baseonly, return false; //nothing was OK } -bool longEnough(const char* str, size_t min_length) +static bool longEnough(const char* str, size_t min_length) { size_t length = 0; while(str[length] && length < min_length) @@ -1545,7 +1545,7 @@ bool longEnough(const char* str, size_t min_length) return false; } -bool startsWith(const char* pre, const char* str) +static bool startsWith(const char* pre, const char* str) { size_t lenpre = strlen(pre); return longEnough(str, lenpre) ? StrNCmpI(str, pre, (int) lenpre) == 0 : false; @@ -1561,8 +1561,7 @@ bool startsWith(const char* pre, const char* str) #define x8780BITFPU_PRE_FIELD_STRING "x87r" #define STRLEN_USING_SIZEOF(string) (sizeof(string) - 1) - -void fpustuff(const char* string, uint value) +static void fpustuff(const char* string, uint value) { uint xorval = 0; uint flags = 0; @@ -2053,3 +2052,43 @@ bool valtostring(const char* string, uint* value, bool silent) } return varset(string, *value, false); //variable } + +uint valfileoffsettova(const char* modname, uint offset) +{ + char modpath[MAX_PATH] = ""; + if(modpathfromname(modname, modpath, MAX_PATH)) + { + HANDLE FileHandle; + DWORD LoadedSize; + HANDLE FileMap; + ULONG_PTR FileMapVA; + if(StaticFileLoadW(StringUtils::Utf8ToUtf16(modpath).c_str(), UE_ACCESS_READ, false, &FileHandle, &LoadedSize, &FileMap, &FileMapVA)) + { + ULONGLONG rva = ConvertFileOffsetToVA(FileMapVA, //FileMapVA + FileMapVA + (ULONG_PTR)offset, //Offset inside FileMapVA + false); //Return without ImageBase + StaticFileUnloadW(StringUtils::Utf8ToUtf16(modpath).c_str(), true, FileHandle, LoadedSize, FileMap, FileMapVA); + return offset < LoadedSize ? (duint)rva + modbasefromname(modname) : 0; + } + } + return 0; +} + +uint valvatofileoffset(uint va) +{ + char modpath[MAX_PATH] = ""; + if(modpathfromaddr(va, modpath, MAX_PATH)) + { + HANDLE FileHandle; + DWORD LoadedSize; + HANDLE FileMap; + ULONG_PTR FileMapVA; + if(StaticFileLoadW(StringUtils::Utf8ToUtf16(modpath).c_str(), UE_ACCESS_READ, false, &FileHandle, &LoadedSize, &FileMap, &FileMapVA)) + { + ULONGLONG offset = ConvertVAtoFileOffsetEx(FileMapVA, LoadedSize, 0, va - modbasefromaddr(va), true, false); + StaticFileUnloadW(StringUtils::Utf8ToUtf16(modpath).c_str(), true, FileHandle, LoadedSize, FileMap, FileMapVA); + return (duint)offset; + } + } + return 0; +} \ No newline at end of file diff --git a/x64_dbg_dbg/value.h b/x64_dbg_dbg/value.h index ea0856da..09d98373 100644 --- a/x64_dbg_dbg/value.h +++ b/x64_dbg_dbg/value.h @@ -16,6 +16,7 @@ bool valx87controlwordflagfromstring(uint controlword, const char* string); unsigned short valmxcsrfieldfromstring(uint mxcsrflags, const char* string); unsigned short valx87statuswordfieldfromstring(uint statusword, const char* string); unsigned short valx87controlwordfieldfromstring(uint controlword, const char* string); -void fpustuff(const char* string, uint value); +uint valfileoffsettova(const char* modname, uint offset); +uint valvatofileoffset(uint va); #endif // _VALUE_H From 7434a8741be6a425a56fdf10f046ff9cd2f81614 Mon Sep 17 00:00:00 2001 From: "Mr. eXoDia" Date: Sun, 14 Dec 2014 02:12:25 +0100 Subject: [PATCH 13/18] DBG: resolved issue #49 (module RVA + file offset conversion notation). Implemented as "[module]:$[rva]" and "[module]:#[offset]" --- help/Input.htm | 108 ++++++++++++++++-------------------------- x64_dbg_dbg/value.cpp | 27 ++++++++++- 2 files changed, 66 insertions(+), 69 deletions(-) diff --git a/help/Input.htm b/help/Input.htm index 2a0ed7ea..3a41472f 100644 --- a/help/Input.htm +++ b/help/Input.htm @@ -15,36 +15,20 @@ html,body { -

Input
This program accepts various options of input:

-

commands: -Commands have the following format: "command[space]arg1,[optional space]arg2,argN".

-

variables: +

Input
This program accepts +various options of input:

+

commands: +Commands have the following format: "command[space]arg1,[optional +space]arg2,argN".

+

variables: Variables optionally start with a $ and can only store one DWORD (QWORD on -x64).

-

debug registers: All debug registers (all sizes) can be used as -variables.

-

memory locations: You can read from a memory location by using one of the +x64).

+

registers: All +registers (of all sizes) can be used as variables.

+

memory locations: You can read from a memory location by using one of the following expressions:
[addr]    - read a -DWORD/QWORD, depending on the architecture.
- - - - - @addr     - same as -above.
n:[addr]  - read n - - - - - bytes.
+DWORD/QWORD, depending on the architecture.
@addr     - same as +above.
n:[addr]  - read n bytes.
@n:addr   - same as above.
REMARKS:
- n is the amount of bytes to read, this can be anything smaller than 4 on x32 and smaller than 8 on x64 when @@ -55,42 +39,32 @@ brackets:
- @(addr+1), @addr+1 will read: [addr]+1.

-

- - - - - flags : Debug flags -(interpreted as integer) can be used as input. Flags are prefixed with a '!' following the flag name. -Valid flags are: !cf, !pf, !af, !zf, !sf, !tf, !if, !df, !of, !rf, !vm, !ac, !vif, !vip and !id.

-

numbers: -All numbers are interpreted as -hex by default. If you want to be sure, you can use the "x" prefix or -the "0x" prefix. Decimal numbers can be used by prefixing the number with a "." -(.123=7B).

-

basic calculations: - See "Calculations" for more -information.

-

DLL exports: Type 'GetProcAddress' and it will -automatically be resolved to the actual address of the function. To explicitly -define from which module to load the API, use: "kernel32.dll:GetProcAddress" or "kernel32:GetProcAddress". In a similar way -you can resolve ordinals, try "ntdll:1". Another macro allows you to get the loaded -base of a module. Try - - "ntdll:0", "ntdll:base", "ntdll:imagebase" or -"ntdll:header".

-

labels/symbols - : user-defined labels - - and symbols are a valid -expressions.

-

Input for arguments can always be done in any of -the above forms, except if stated otherwise. - - - - -

\ No newline at end of file + @(addr+1), @addr+1 will read: [addr]+1.

+

flags: Debug +flags (interpreted as integer) can be used as input. Flags are prefixed with a +'!' following the flag name. Valid flags are: !cf, !pf, !af, !zf, !sf, !tf, !if, +!df, !of, !rf, !vm, !ac, !vif, !vip and !id.

+

numbers: All +numbers are interpreted as hex by default. If you want to be sure, you can use +the "x" prefix or the "0x" prefix. Decimal numbers can be used by prefixing the +number with a "." (.123=7B).

+

basic calculations: See "Calculations" for more information.

+

DLL exports: Type +'GetProcAddress' and it will automatically be resolved to the actual address of +the function. To explicitly define from which module +to load the API, use: "[module].dll:[api]" or "[module]:[api]". In a similar +way you can resolve ordinals, try "[module]:[ordinal]". Another macro allows you to get the +loaded base of a module. Try "[module]:0", +"[module]:base", "[module]:imagebase" or "[module]:header". When "[module]" is an empty string (":0" for example), the +module that is currently selected in the CPU will be +used.

+

RVA/File Offset: +If you want to access a module RVA you can either write "[module]:0+[rva]" or +you can write "[module]:$[rva]". If you want +to convert a file offset to a VA you can use "[module]:#[offset]". When "[module]" is +an empty string (":0" for example), the module that is currently selected in the CPU will +be used.

+

labels/symbols: +user-defined labels and symbols are a valid expressions.

+

Input for arguments can always be done in any of +the above forms, except if stated otherwise.

\ No newline at end of file diff --git a/x64_dbg_dbg/value.cpp b/x64_dbg_dbg/value.cpp index 486f03b2..83fc6559 100644 --- a/x64_dbg_dbg/value.cpp +++ b/x64_dbg_dbg/value.cpp @@ -1173,8 +1173,19 @@ bool valapifromstring(const char* name, uint* value, int* value_size, bool print if(apiname) { char modname[MAX_MODULE_SIZE] = ""; - strcpy_s(modname, name); - modname[apiname - name] = 0; + if(name == apiname) //:[expression] <= currently selected module + { + SELECTIONDATA seldata; + memset(&seldata, 0, sizeof(seldata)); + GuiSelectionGet(GUI_DISASSEMBLY, &seldata); + if(!modnamefromaddr(seldata.start, modname, true)) + return false; + } + else + { + strcpy_s(modname, name); + modname[apiname - name] = 0; + } apiname++; if(!strlen(apiname)) return false; @@ -1204,6 +1215,18 @@ bool valapifromstring(const char* name, uint* value, int* value_size, bool print { if(!_stricmp(apiname, "base") or !_stricmp(apiname, "imagebase") or !_stricmp(apiname, "header")) addr = modbase; + else if(*apiname == '$') //RVA + { + uint rva; + if(valfromstring(apiname + 1, &rva)) + addr = modbase + rva; + } + else if(*apiname == '#') //File Offset + { + uint offset; + if(valfromstring(apiname + 1, &offset)) + addr = valfileoffsettova(modname, offset); + } else { uint ordinal; From 8fa51b470e3dae8736c9cb3752e2b9bdb74595cb Mon Sep 17 00:00:00 2001 From: "Mr. eXoDia" Date: Sun, 14 Dec 2014 02:34:49 +0100 Subject: [PATCH 14/18] HELP: cleaned up a lot of useless SPAN stuff in the help files --- help/Commands.htm | 28 +++------ help/DebugContinue_con.htm | 21 +++---- help/HideDebugger_dbh_hide.htm | 10 +-- help/Introduction.htm | 10 +-- help/Jxx_IFxx.htm | 5 +- help/SetHardwareBreakpoint_bph_bphws.htm | 20 +++--- help/SetMemoryBPX_membp_bpm.htm | 28 +++------ help/SingleStep.htm | 10 ++- help/Special_Thanks.htm | 4 +- help/StartScylla_scylla_imprec.htm | 7 +-- help/StepInto.htm | 8 +-- help/StepOver.htm | 10 ++- help/StopDebug_stop_dbgstop.htm | 9 +-- help/Variables.htm | 30 +++++---- help/add.htm | 17 ++--- help/and.htm | 13 ++-- help/asm.htm | 16 +++-- help/call.htm | 9 +-- help/chd.htm | 4 +- help/cls.htm | 9 +-- help/dec.htm | 7 +-- help/disasm_dis_d.htm | 11 +--- help/div.htm | 10 ++- help/dump.htm | 22 +++---- help/eSingleStep_esstep_esst.htm | 8 +-- help/eStepInto_esti.htm | 8 +-- help/eStepOut_ertr.htm | 9 +-- help/eStepOver_estep_esto_est.htm | 10 +-- help/find.htm | 23 ++++--- help/findall.htm | 30 +++++---- help/findasm_asmfind.htm | 16 +++-- help/getcommandline_getcmdline.htm | 7 ++- help/getjit_jitget.htm | 28 ++++----- help/getjitauto_jitgetauto.htm | 27 +++----- help/getpagerights_getrightspage.htm | 9 ++- help/gpa.htm | 14 ++--- help/inc.htm | 7 +-- help/invalid.htm | 5 +- help/killthread_threadkill.htm | 18 ++---- help/labellist.htm | 34 +++++----- help/loaddb_dbload.htm | 9 +-- help/modcallfind.htm | 31 +++++---- help/mov_set.htm | 20 +++--- help/mul.htm | 10 ++- help/neg.htm | 7 +-- help/not.htm | 7 +-- help/or.htm | 10 ++- help/pause.htm | 6 +- help/pause_script.htm | 10 +-- help/refadd.htm | 16 ++--- help/reffind_findref_ref.htm | 28 ++------- help/reffindrange_findrefrange_refrange.htm | 24 +++---- help/refinit.htm | 31 ++++----- help/refstr_strref.htm | 16 ++--- help/resumeallthreads_threadresumeall.htm | 14 +---- help/resumethread_threadresume.htm | 10 ++- help/ret.htm | 5 +- help/rol.htm | 10 ++- help/ror.htm | 10 ++- help/rtr.htm | 12 +--- help/savedb_dbsave.htm | 13 +--- help/sdump.htm | 31 ++++----- help/setcommandline_setcmdline.htm | 11 +--- help/setjit_jitset.htm | 63 ++++++------------- help/setjitauto_jitsetauto.htm | 35 ++++------- help/setpagerights_setrightspage.htm | 20 +++--- ...ty_setprioritythread_threadsetpriority.htm | 17 +++-- help/shl.htm | 10 ++- help/shr.htm | 10 ++- help/sleep.htm | 17 ++--- help/strlen_charcount_ccount.htm | 15 ++--- help/sub.htm | 10 ++- help/suspendallthreads_threadsuspendall.htm | 8 +-- help/suspendthread_threadsuspend.htm | 15 ++--- help/switchthread_threadswitch.htm | 13 +--- help/symdownload_downloadsym.htm | 22 +++---- help/test.htm | 14 ++--- help/var_varnew.htm | 18 +++--- help/vardel.htm | 12 ++-- help/varlist.htm | 11 ++-- help/xor.htm | 13 ++-- 81 files changed, 464 insertions(+), 771 deletions(-) diff --git a/help/Commands.htm b/help/Commands.htm index e370f4b8..d192c0dc 100644 --- a/help/Commands.htm +++ b/help/Commands.htm @@ -15,21 +15,13 @@ html,body { -

-command[,alias1,alias2]
Command description -here.

-

arguments
  arg1: Argument description.

-

[arg2]: Optional argument.

-

[arg3]: Another optional argument (can only be given when the -previous argument is also -given).

-

result
Description of the command result.

-

REMARK: Commands cannot contain any of the following characters: "," (comma), " " (space) and -"\" (backslash). These characters need to be prefixed using a backslash -('\,').

\ No newline at end of file +

+command[,alias1,alias2]
Command description here.

+

arguments
  arg1: Argument description.

+

[arg2]: Optional argument.

+

[arg3]: Another optional argument (can only +be given when the previous argument is also given).

+

result
Description of the command result.

+

REMARK: Commands cannot contain any of the +following characters: "," (comma), " " (space) and "\" (backslash). These +characters need to be prefixed using a backslash ('\,').

\ No newline at end of file diff --git a/help/DebugContinue_con.htm b/help/DebugContinue_con.htm index bd64d002..501bf87f 100644 --- a/help/DebugContinue_con.htm +++ b/help/DebugContinue_con.htm @@ -12,19 +12,14 @@ html,body { } - + - -

DebugContinue[,con]
Set debugger -continue status.

-

arguments
[arg1]: When set, -the exception will be handled by the program. Otherwise the exception will be -swallowed.

-

result -
 - -This command does not set any result -variables. -

+ +

DebugContinue[,con]
Set debugger +continue status.

+

arguments
[arg1]: When set, the exception will be handled by the +program. Otherwise the exception will be swallowed.

+

result +
This command does not set any result variables.

diff --git a/help/HideDebugger_dbh_hide.htm b/help/HideDebugger_dbh_hide.htm index 5b3fdac6..9373650b 100644 --- a/help/HideDebugger_dbh_hide.htm +++ b/help/HideDebugger_dbh_hide.htm @@ -17,16 +17,12 @@ html,body {

HideDebugger[,dbh,hide]
 Hide the debugger from (very) simple detection methods.

-

arguments
This command has no arguments.

+

arguments
This command has no arguments.

- result
- - - -This command does not set any result -variables.

+This command does not set any result +variables.

\ No newline at end of file diff --git a/help/Introduction.htm b/help/Introduction.htm index 263d33d8..941349fe 100644 --- a/help/Introduction.htm +++ b/help/Introduction.htm @@ -21,13 +21,13 @@ in active development.

GUI
- Bridge

DBG is the debugging part of the debugger. It handles -debugging (using
TitanEngine) and will provide data +debugging (using TitanEngine) and will provide data for the GUI.

-

GUI is the graphical part of the debugger. It is built -on top of Qt and it
provides +

GUI is the graphical part of the debugger. It is built on +top of Qt and it provides the user interaction.

Bridge is the communication library for the DBG and GUI -part (and maybe in
the future more parts). The bridge can be used to work on -new features,
without having to update the code of +part (and maybe in the future more parts). The bridge can be used to work on new +features, without having to update the code of the other parts.

\ No newline at end of file diff --git a/help/Jxx_IFxx.htm b/help/Jxx_IFxx.htm index ffd21640..8d535bed 100644 --- a/help/Jxx_IFxx.htm +++ b/help/Jxx_IFxx.htm @@ -42,8 +42,7 @@ other) command(s):

  • branch if smaller/equal - jae/ifae(q)/jge/ifge(q)
    • -

    arguments
      arg1: The label to jump to.

    -

    result
    This command does not set any result variables. +

    arguments
      arg1: The label to jump to.

    +

    result
    This command does not set any result variables.

    \ No newline at end of file diff --git a/help/SetHardwareBreakpoint_bph_bphws.htm b/help/SetHardwareBreakpoint_bph_bphws.htm index 058d656d..38124473 100644 --- a/help/SetHardwareBreakpoint_bph_bphws.htm +++ b/help/SetHardwareBreakpoint_bph_bphws.htm @@ -17,19 +17,15 @@ html,body {

    SetHardwareBreakpoint[,bph,bphws]
    Set a hardware breakpoint (using debug registers).

    -

    arguments
      -arg1: Address of the hardware breakpoint. 

    -

    [arg2]: Hardware breakpoint type. Can be either 'r' -(readwrite), 'w' (write) or 'x' (execute). When not specified, 'x' is -assumed. 

    -

    - [arg3]: Hardware breakpoint -size. Can be +

    arguments
      arg1: Address of the hardware breakpoint. 

    +

    [arg2]: Hardware breakpoint type. Can be +either 'r' (readwrite), 'w' (write) or 'x' (execute). When not specified, 'x' is +assumed.

    +

    [arg3]: Hardware breakpoint +size. Can be either '1', '2', '4' or '8' (x64 only). Per default, '1' is assumed. The address you're putting the hardware breakpoint on must be aligned to the specified size.

    -

    result
    This command does not set any result -variables.

    +

    result
    This command does not set any result variables. +

    \ No newline at end of file diff --git a/help/SetMemoryBPX_membp_bpm.htm b/help/SetMemoryBPX_membp_bpm.htm index 1b9f8c48..8654ba36 100644 --- a/help/SetMemoryBPX_membp_bpm.htm +++ b/help/SetMemoryBPX_membp_bpm.htm @@ -19,33 +19,25 @@ html,body { breakpoint (GUARD_PAGE) on the whole memory region the provided address is in.

    - arguments -
    - -     - -   arg1: Address of or -inside a memory region that will be watched. +
      arg1: Address of or inside a memory region +that will be watched.

    - [arg2]: -1/0 restore the memory breakpoint once it's hit? When this value is not equal to one, it's assumed to be arg3. This +[arg2]: 1/0 restore the memory breakpoint +once it's hit? When this value is not equal to one, it's assumed to be arg3. This means "bpm eax,r" would be the same command as: "bpm eax,0,r".

    -[arg3]: Breakpoint type, it -can be 'r' (execute+read), 'w' (write) or 'x' (execute). Per default, -it's a combination of execute, read and write. +[arg3]: Breakpoint type, it can be 'r' +(execute+read), 'w' (write) or 'x' (execute). Per default, it's a +combination of execute, read and write.

    -

    result -
    This command does not set any result variables. +

    result +
    This command does not set any result variables.

    - \ No newline at end of file + \ No newline at end of file diff --git a/help/SingleStep.htm b/help/SingleStep.htm index 61199ebc..49643d99 100644 --- a/help/SingleStep.htm +++ b/help/SingleStep.htm @@ -17,10 +17,8 @@ html,body {

    SingleStep[,sstep,sst]
    Step a specified number of instructions using the Trap-Flag.

    -

    arguments
     [arg1]: The number of instructions to executre (this can be -any valid expression). When not specified, a StepInto is performed.

    -

    result
    This command does not set any result -variables.

    +

    arguments
    [arg1]: The number of instructions to executre (this can be +any valid expression). When not specified, a StepInto is performed.

    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/Special_Thanks.htm b/help/Special_Thanks.htm index f7aadf56..c3cdbfc5 100644 --- a/help/Special_Thanks.htm +++ b/help/Special_Thanks.htm @@ -66,7 +66,7 @@ ahmadmansoor

  • +
  • Sigma
    @@ -77,4 +77,4 @@ Sigma
  • Dreg -  
    • + diff --git a/help/StartScylla_scylla_imprec.htm b/help/StartScylla_scylla_imprec.htm index 41947af9..ef92338d 100644 --- a/help/StartScylla_scylla_imprec.htm +++ b/help/StartScylla_scylla_imprec.htm @@ -17,8 +17,7 @@ html,body {

    StartScylla[,scylla,imprec]
    Start the Scylla plugin auto-selecting the currently debugged DLL/EXE.

    -

    arguments
    This command has no arguments.

    -

    result
    This command does not set any result -variables.

    +

    arguments
    This command has no arguments.

    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/StepInto.htm b/help/StepInto.htm index e30fdc1c..df0e016a 100644 --- a/help/StepInto.htm +++ b/help/StepInto.htm @@ -17,9 +17,7 @@ html,body {

    StepInto[,sti]
    Single Step (using Trap-Flag).

    -

    arguments
    This command has no arguments.

    -

    result
    This command does not set any result -variables.

    +

    arguments
    This command has no arguments.

    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/StepOver.htm b/help/StepOver.htm index 8141e637..6b513182 100644 --- a/help/StepOver.htm +++ b/help/StepOver.htm @@ -17,10 +17,8 @@ html,body {

    StepOver[,step,sto,st]
    Step over calls. When the instruction at CIP isn't a call, a StepInto is performed.

    -

    arguments
    This command has no arguments. -

    -

    result
    This command does not set any result -variables.

    +

    arguments
    This command has no arguments. +

    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/StopDebug_stop_dbgstop.htm b/help/StopDebug_stop_dbgstop.htm index 0a8d5898..53c85fb3 100644 --- a/help/StopDebug_stop_dbgstop.htm +++ b/help/StopDebug_stop_dbgstop.htm @@ -22,13 +22,10 @@ StopDebug[,stop,dbgstop] Terminate the current debuggee and stop debugging it.

    - arguments -
     -This command has no arguments.

    -

    result
    This command does not set any result -variables.

    +
    This command has no arguments.

    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/Variables.htm b/help/Variables.htm index 383cc070..a8b86ef5 100644 --- a/help/Variables.htm +++ b/help/Variables.htm @@ -15,25 +15,23 @@ html,body { -

    Variables
    This program supports variables. There are three types of -variables:

    -

    USER: -Variables created by the user using the "var" command. These variables have no -access restrictions.

    -

    SYSTEM: -Variables created by the system, that can be read and written, but cannot be -deleted.

    -

    READONLY: +

    Variables
    This program +supports variables. There are three types of variables:

    +

    USER: Variables +created by the user using the "var" command. These variables have no access +restrictions.

    +

    SYSTEM: Variables +created by the system, that can be read and written, but cannot be deleted.

    +

    READONLY: Variables created by the system, that can be read, but not written or -deleted.

    -

    Reserved -Variables
    There are a few reserved -variables:

    -

    $res/$result: General result variable.
    $resN/$resultN: +deleted.

    +

    Reserved +Variables
    There are a few reserved +variables:

    +

    $res/$result: General result variable.
    $resN/$resultN: Optional other result variables (N= 1-4).
    $pid: Project ID of the debugged executable.
    $hp/$hProcess: Debugged executable handle.
    $lastalloc: Last result of the -'alloc' command.

    +'alloc' command.

    \ No newline at end of file diff --git a/help/add.htm b/help/add.htm index d01c8a0c..75377c18 100644 --- a/help/add.htm +++ b/help/add.htm @@ -16,18 +16,13 @@ html,body {

    add
    Add two -values.

    +values.

    - arguments -
      arg1: -Destination.

    -

      -arg2: Source. -

    -result
    -    This command does not set -any result variables.

    -     \ No newline at end of file +
      arg1: Destination.

    +

      arg2: Source. +

    result
    +    This command does not set any +result variables.

    \ No newline at end of file diff --git a/help/and.htm b/help/and.htm index ec04c650..575e55b2 100644 --- a/help/and.htm +++ b/help/and.htm @@ -18,18 +18,13 @@ html,body {

    and
    Binary AND two values.

    - arguments -
      arg1: -Destination.

    -

    -  - arg2: Source.

    +
      arg1: Destination.

    +

      arg2: Source.

    -

    -result
    This command does not set -any result variables.

    +

    result
    This command does not set any +result variables.

    \ No newline at end of file diff --git a/help/asm.htm b/help/asm.htm index 97b8f5e1..2bb33360 100644 --- a/help/asm.htm +++ b/help/asm.htm @@ -16,13 +16,11 @@ html,body {

    asm
    Assemble an instruction.

    -

    arguments
      arg1: Address to place the assembled instruction at.

    -

      arg2: Instruction text.

    -

    [arg3]: When specified the remainder of the previous -instruction will be filled with NOPs.

    -

    result
    $result will be set to the assembled instruction size. 0 on -failure.

    +

    arguments
      arg1: Address to place the assembled instruction at. +

    +

      arg2: Instruction text.

    +

    [arg3]: When specified the remainder of the +previous instruction will be filled with NOPs.

    +

    result
    $result will be set to the +assembled instruction size. 0 on failure.

    \ No newline at end of file diff --git a/help/call.htm b/help/call.htm index 9fcad0ff..75ce58fa 100644 --- a/help/call.htm +++ b/help/call.htm @@ -17,13 +17,10 @@ html,body {

    call
    A call works exactly the same as an uncondentional branch, but it places it's address on the script stack.

    -

    arguments
      arg1: The label to jump -to.

    -

    +

    arguments
      arg1: The label to jump to.

    +

    result -
     -This command does not set any result variables. +
    This command does not set any result variables.

    \ No newline at end of file diff --git a/help/chd.htm b/help/chd.htm index 9ca8c37d..d3de7d56 100644 --- a/help/chd.htm +++ b/help/chd.htm @@ -19,6 +19,6 @@ html,body { (SetCurrentDirectory).

    arguments
      arg1: Path of a directory to change to.

    -

    result
    This command does not set any result -variables.

    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/cls.htm b/help/cls.htm index 829bad60..3da3975c 100644 --- a/help/cls.htm +++ b/help/cls.htm @@ -15,7 +15,8 @@ html,body { -

    cls[,lc,lclr]
    Clear the log window.

    -

    arguments
    This command has no arguments.

    -

    result
    This command does not set any result -variables.

    \ No newline at end of file +

    cls[,lc,lclr]
    Clear the log +window.

    +

    arguments
    This command has no arguments.

    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/dec.htm b/help/dec.htm index aa95b1aa..c7314176 100644 --- a/help/dec.htm +++ b/help/dec.htm @@ -17,8 +17,7 @@ html,body {

    dec
    Decrease a value.

    -

    arguments
      arg1: -Destination.

    -

    result
    This command does not set -any result variables.

    +

    arguments
      arg1: Destination.

    +

    result
    This command does not set any +result variables.

    \ No newline at end of file diff --git a/help/disasm_dis_d.htm b/help/disasm_dis_d.htm index e3ed048e..6251bfa0 100644 --- a/help/disasm_dis_d.htm +++ b/help/disasm_dis_d.htm @@ -18,16 +18,11 @@ html,body {

    disasm[,dis,d]
     Disassemble at a certain position.

    - arguments
    -     - - - [arg1]: The address to disassemble at. When not specified, -there will be assembled at CIP. -

    result
    This command does not set any result -variables.

    +there will be assembled at CIP. +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/div.htm b/help/div.htm index 5b905a66..af92b268 100644 --- a/help/div.htm +++ b/help/div.htm @@ -17,10 +17,8 @@ html,body {

    div
    Devide two values.

    -

    arguments
      arg1: -Destination.

    -

      -arg2: Source.

    -

    result
    This command does not set -any result variables.

    +

    arguments
      arg1: Destination.

    +

      arg2: Source.

    +

    result
    This command does not set any +result variables.

    \ No newline at end of file diff --git a/help/dump.htm b/help/dump.htm index b6cee710..638b9275 100644 --- a/help/dump.htm +++ b/help/dump.htm @@ -12,16 +12,16 @@ html,body { } - + - -

    dump
    Dump at a certain position.

    -

    arguments
    [arg1]: The address to dump at.

    -

    - -result -
    -     -This command does not set any result variables.

    + + +

    dump
    Dump at a certain position.

    +

    arguments
    [arg1]: The address to dump at.

    +

    + +result +
    +    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/eSingleStep_esstep_esst.htm b/help/eSingleStep_esstep_esst.htm index 6e254b5a..16509748 100644 --- a/help/eSingleStep_esstep_esst.htm +++ b/help/eSingleStep_esstep_esst.htm @@ -21,9 +21,9 @@ html,body {
    Step a specified number of instructions using the Trap-Flag, skipping first-chance exceptions.

    -

    arguments
    [arg1]: The number of instructions to executre (this can be -any valid expression). When not specified, a StepInto is performed.

    -

    result
    This command does not set any result variables.

    +

    arguments
    [arg1]: The number of instructions to executre (this can be +any valid expression). When not specified, a StepInto is performed.

    +

    result
    This command does not set any result +variables.

    diff --git a/help/eStepInto_esti.htm b/help/eStepInto_esti.htm index f4285def..53d27b8b 100644 --- a/help/eStepInto_esti.htm +++ b/help/eStepInto_esti.htm @@ -24,13 +24,11 @@ eStepInto[,esti] first-chance exceptions.

    - arguments -
    This command has no arguments.

    -

    result
    This command does not set any result variables.

    +
    This command has no arguments.

    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/eStepOut_ertr.htm b/help/eStepOut_ertr.htm index 6d671fb3..fd92e7b0 100644 --- a/help/eStepOut_ertr.htm +++ b/help/eStepOut_ertr.htm @@ -22,13 +22,10 @@ eStepOut[,ertr] Return from function by calling eStepOver until the current instruction is a RET.

    - arguments -
     -This command has no arguments.

    -

    result
    This command does not set any result -variables.

    +
    This command has no arguments.

    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/eStepOver_estep_esto_est.htm b/help/eStepOver_estep_esto_est.htm index 2c7e3e3d..d21436c7 100644 --- a/help/eStepOver_estep_esto_est.htm +++ b/help/eStepOver_estep_esto_est.htm @@ -23,14 +23,10 @@ eStepOver[,estep,esto,est] exceptions. When the instruction at CIP isn't a call, a StepInto is performed.

    - arguments -
     -This command has no arguments.

    -

    result
    This command does not set any result -variables.

    +
    This command has no arguments.

    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/find.htm b/help/find.htm index 6aaf3e48..821227ce 100644 --- a/help/find.htm +++ b/help/find.htm @@ -16,17 +16,16 @@ html,body {

    find
     Find a pattern.

    -

    arguments
      arg1: The address to start searching -from. Notice that the searching will stop when the end of the memory page this -address resides in has been reached. This means you cannot search the complete -process memory without enumerating the memory pages first.

    -

      arg2: The byte pattern to search for. This byte -pattern can contain wildcards (?) for example: "EB0?90??8D".

    -

    [arg3]: -The size of the data to search in.

    -

    result
    The $result variable is set to the virtual -address of the address that matches the byte pattern. $result will be 0 when the pattern could not be -matched.

    +

    arguments
      arg1: The address to start searching from. Notice +that the searching will stop when the end of the memory page this address +resides in has been reached. This means you cannot search the complete process +memory without enumerating the memory pages first.

    +

      arg2: The byte pattern to search for. +This byte pattern can contain wildcards (?) for example: "EB0?90??8D".

    +

    [arg3]: The size of the data to search +in.

    +

    result
    The $result variable is set to the virtual address of +the address that matches the byte pattern. $result will be 0 when the pattern +could not be matched.

     

    \ No newline at end of file diff --git a/help/findall.htm b/help/findall.htm index 820f315d..73d525bd 100644 --- a/help/findall.htm +++ b/help/findall.htm @@ -12,21 +12,19 @@ html,body { } - + - -

    findall
    Find all occurrences of a pattern.

    -

    arguments
      arg1: The address to start searching -from. Notice that the searching will stop when the end of the memory page this -address resides in has been reached. This means you cannot search the complete -process memory without enumerating the memory pages first.

    -

      -arg2: The byte pattern to search for. This byte pattern can contain wildcards -(?) for example: "EB0?90??8D".

    -

    [arg3]: -The size of the data to search in.

    -

    result
    $result is set to the number of -occurrences.

    -

     

    + + +

    findall
    Find all occurrences of a pattern.

    +

    arguments
      arg1: The address to start searching from. Notice +that the searching will stop when the end of the memory page this address +resides in has been reached. This means you cannot search the complete process +memory without enumerating the memory pages first.

    +

      arg2: The byte pattern to search for. +This byte pattern can contain wildcards (?) for example: "EB0?90??8D".

    +

    [arg3]: The size of the data to search +in.

    +

    result
    $result is set to the +number of occurrences.

    diff --git a/help/findasm_asmfind.htm b/help/findasm_asmfind.htm index 37a6d14a..8babb8e0 100644 --- a/help/findasm_asmfind.htm +++ b/help/findasm_asmfind.htm @@ -17,13 +17,11 @@ html,body {

    findasm[,asmfind]
    Find assembled instruction.

    -

    arguments
      arg1: Instruction to look for (make sure to use "mov -eax, ebx" to ensure you actually search for that instruction).

    -

    [arg2]: -Address of/inside a memory page to look in. When not specified CIP will be -used. 

    -

    [arg3]: The -size of the data to search in.

    -

    result
    The $result variable is set to the number of references -found.

    +

    arguments
      arg1: Instruction to look for (make sure to use "mov +eax, ebx" to ensure you actually search for that instruction).

    +

    [arg2]: Address of/inside a memory page +to look in. When not specified CIP will be used. 

    +

    [arg3]: The size of the data to search in.

    +

    result
    The $result variable is set to the number of references +found.

    \ No newline at end of file diff --git a/help/getcommandline_getcmdline.htm b/help/getcommandline_getcmdline.htm index e84b7b13..ed9be6d3 100644 --- a/help/getcommandline_getcmdline.htm +++ b/help/getcommandline_getcmdline.htm @@ -15,8 +15,9 @@ html,body { -

    getcommandline[,getcmdline]
    It gets the actual command line.

    -

    arguments
    This command has no arguments.

     -

    result
    This command does not set any result variables.

    +

    getcommandline[,getcmdline]
    It gets the actual command line.

    +

    arguments
    This command has no arguments.

    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/getjit_jitget.htm b/help/getjit_jitget.htm index ddb865d3..9ddf6762 100644 --- a/help/getjit_jitget.htm +++ b/help/getjit_jitget.htm @@ -28,28 +28,22 @@ entry. Important notes:

    Its possible get the x64-JIT entry from the x32 debugger ONLY if the x32 debugger its running in a WIN64 System (using the x64 arg).
    -

    arguments 

    -

      without args: Get the current JIT -debugger. 

    -

      arg2:

    +

    arguments 

    +

      without args: Get the current JIT +debugger. 

    +

      arg2:

      1. -
        old: Get the - old JIT entry stored.
        2. +
        old: Get the old JIT entry + stored.
      2. -
        x32: Get the x32-JIT entry.
        +
        x32: Get the x32-JIT entry.
      3. -
        x64: Get the - x64-JIT entry.
    -

    result
    This command does not -set any result variables.

    +
    x64: Get the + x64-JIT entry.
    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/getjitauto_jitgetauto.htm b/help/getjitauto_jitgetauto.htm index c6049147..a292663f 100644 --- a/help/getjitauto_jitgetauto.htm +++ b/help/getjitauto_jitgetauto.htm @@ -31,30 +31,19 @@ arg).
    Its possible get the x64-JIT AUTO FLAG entry from the x32 debugger ONLY if the x32 debugger its running in a WIN64 System (using the x64 arg).
    -

    arguments     +

    arguments    

    -

      without args: Get current JIT entry - FLAG. -

    -

      arg1:

    +

      without args: Get current JIT entry FLAG.

    +

      arg1:

      1. -
        - x32: Get the x32-JIT AUTO FLAG.
        +
        x32: Get the x32-JIT + AUTO FLAG.
      2. -
        - - x64: Get the x64-JIT - AUTO FLAG.
        3. -
    -

    result
    This command does not -set any result variables.

    +
    x64: Get the x64-JIT AUTO FLAG.
    +
    +

    result
    This command does not set any result variables.

    \ No newline at end of file diff --git a/help/getpagerights_getrightspage.htm b/help/getpagerights_getrightspage.htm index f7e40728..04ee4489 100644 --- a/help/getpagerights_getrightspage.htm +++ b/help/getpagerights_getrightspage.htm @@ -16,10 +16,9 @@ html,body {

    getpagerights[,getpagerights,getrightspage]
    Get the rights of a memory page.

    -

    arguments 
      arg1: Memory Address of page -(it fix the address if this arg is not the top address of a -page).

    -

    result
    This command does not set any result variables.

    +

    arguments 
      arg1: Memory Address of page (it +fix the address if this arg is not the top address of a page).

    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/gpa.htm b/help/gpa.htm index 051e8f66..3925d3a6 100644 --- a/help/gpa.htm +++ b/help/gpa.htm @@ -17,19 +17,13 @@ html,body {

    gpa
    Get the address of an export inside a DLL.

    -

    arguments
      arg1: Export -name.

    -

    [arg2]: DLL name.

    +

    arguments
      arg1: Export name.

    +

    [arg2]: DLL name.

    - result -
     - - +
    The $result variable is set to the -export address. When the export is not found, $result - will be set to -0.     +export address. When the export is not found, $result will be set to 0.

    \ No newline at end of file diff --git a/help/inc.htm b/help/inc.htm index 5673eb57..26f67cd1 100644 --- a/help/inc.htm +++ b/help/inc.htm @@ -17,8 +17,7 @@ html,body {

    inc
    Increase a value.

    -

    arguments
      arg1: -Destination.

    -

    result
    This command does not set -any result variables.

    +

    arguments
      arg1: Destination.

    +

    result
    This command does not set any +result variables.

    \ No newline at end of file diff --git a/help/invalid.htm b/help/invalid.htm index 30bfac99..eeae9a8f 100644 --- a/help/invalid.htm +++ b/help/invalid.htm @@ -17,8 +17,7 @@ html,body {

    invalid
    Invalid command to throw an error message. This command will halt the script execution.

    -

    arguments
    This command has no arguments.

    -

    result
    This command does not set any result variables. +

    arguments
    This command has no arguments.

    +

    result
    This command does not set any result variables.

    \ No newline at end of file diff --git a/help/killthread_threadkill.htm b/help/killthread_threadkill.htm index c094819d..c2f72fdc 100644 --- a/help/killthread_threadkill.htm +++ b/help/killthread_threadkill.htm @@ -17,16 +17,10 @@ html,body {

    killthread[,threadkill]
    Kill a thread in the debuggee.

    -

    arguments 
     [arg1]: ThreadId of the thread -to kill (see the Threads tab). When not specified, the main thread is -used. 

    -

    - [arg2]: Thread exit code. When not - specified, 0 will be -used.

    -

    result
    This command does not set any result -variables.

    +

    arguments 
    [arg1]: ThreadId of the thread to kill (see +the Threads tab). When not specified, the main thread is used. 

    +

    [arg2]: Thread exit code. When not specified, +0 will be used.

    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/labellist.htm b/help/labellist.htm index b8324778..c6e301ba 100644 --- a/help/labellist.htm +++ b/help/labellist.htm @@ -12,23 +12,23 @@ html,body { } - + - -

    labellist
    List user-defined labels in reference view.

    -

    - -arguments - -
    -This command has no arguments.

    -

    - - result -
     - -$result will be set to -the number of user-defined labels.

    -

     

    + +

    labellist
    List user-defined labels in reference view.

    +

    + +arguments + +
    +This command has no arguments.

    +

    + + result +
     + + +$result will be set to +the number of user-defined labels.

    diff --git a/help/loaddb_dbload.htm b/help/loaddb_dbload.htm index 3f904fd3..a1814819 100644 --- a/help/loaddb_dbload.htm +++ b/help/loaddb_dbload.htm @@ -21,13 +21,10 @@ loaddb[,dbload]
    Load the program database from disk in memory.

    - arguments -
     -This command has no arguments.

    -

    result
    This command does not set any result variables.

    -

     

    +
    This command has no arguments.

    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/modcallfind.htm b/help/modcallfind.htm index 14e170e1..c1dee56b 100644 --- a/help/modcallfind.htm +++ b/help/modcallfind.htm @@ -12,21 +12,20 @@ html,body { } - + - -

    modcallfind
    Find all inter-modular -calls.

    -

    arguments
    [arg1]: Address of/inside a memory page to find -inter-modular calls in. When not specified CIP will be used.

    -

    [arg2]: The size of the data to search in.

    -

    - -result -
    -     -The $result variable is set to the number of -inter-modular calls found.

    + + +

    modcallfind
    Find all inter-modular +calls.

    +

    arguments
    [arg1]: Address of/inside a memory page to find +inter-modular calls in. When not specified CIP will be used.

    +

    [arg2]: The size of the data to search +in.

    +

    + +result +
    +    The $result variable is set to the number of +inter-modular calls found.

    diff --git a/help/mov_set.htm b/help/mov_set.htm index 40da33d5..656e0f58 100644 --- a/help/mov_set.htm +++ b/help/mov_set.htm @@ -15,16 +15,12 @@ html,body { -

    mov[,set]
    Set a variable.

    -

    arguments
      arg1: Variable name (optionally prefixed with a $) to -set. When the variable does not exist, it will be -created. -

    -

    -  -arg2: Value to store in the variable.

    -

    result
    This command does not set any result -variables.

    +

    mov[,set]
    Set a +variable.

    +

    arguments
      arg1: Variable name (optionally prefixed with a $) to +set. When the variable does not exist, it will be created.

    +

      arg2: Value to store in the +variable.

    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/mul.htm b/help/mul.htm index 34bee35a..db8cb13f 100644 --- a/help/mul.htm +++ b/help/mul.htm @@ -17,10 +17,8 @@ html,body {

    mul
    Multiply two values.

    -

    arguments
      arg1: -Destination.

    -

      -arg2: Source.

    -

    result
    This command does not set -any result variables.

    +

    arguments
      arg1: Destination.

    +

      arg2: Source.

    +

    result
    This command does not set any +result variables.

    \ No newline at end of file diff --git a/help/neg.htm b/help/neg.htm index 9ce07591..9285f8b3 100644 --- a/help/neg.htm +++ b/help/neg.htm @@ -17,8 +17,7 @@ html,body {

    neg
    Negate a value.

    -

    arguments
      arg1: -Destination.

    -

    result
    This command does not set -any result variables.

    +

    arguments
      arg1: Destination.

    +

    result
    This command does not set any +result variables.

    \ No newline at end of file diff --git a/help/not.htm b/help/not.htm index 2cbd5e06..54be8fe3 100644 --- a/help/not.htm +++ b/help/not.htm @@ -17,8 +17,7 @@ html,body {

    not
    Binary NOT a value.

    -

    arguments
      arg1: -Destination.

    -

    result
    This command does not set -any result variables.

    +

    arguments
      arg1: Destination.

    +

    result
    This command does not set any +result variables.

    \ No newline at end of file diff --git a/help/or.htm b/help/or.htm index 6ff27354..a4f35301 100644 --- a/help/or.htm +++ b/help/or.htm @@ -17,10 +17,8 @@ html,body {

    or
    Binary OR two values.

    -

    arguments
      arg1: -Destination.

    -

      -arg2: Source.

    -

    result
    This command does not set -any result variables.

    +

    arguments
      arg1: Destination.

    +

      arg2: Source.

    +

    result
    This command does not set any +result variables.

    \ No newline at end of file diff --git a/help/pause.htm b/help/pause.htm index cb7681e1..aa0ac742 100644 --- a/help/pause.htm +++ b/help/pause.htm @@ -16,8 +16,8 @@ html,body {

    pause
    Pause the debuggee.

    -

    arguments
    This command has no arguments.

    -

    result
    This command does not set any result variables.

    +

    arguments
    This command has no arguments.

    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/pause_script.htm b/help/pause_script.htm index cbf65612..266ab638 100644 --- a/help/pause_script.htm +++ b/help/pause_script.htm @@ -18,18 +18,14 @@ html,body {

    pause
    Halt the script execution. The user can resume the script after this command.

    - arguments
    -     - -This command has no arguments.

    +This command has no arguments.

    - - result
    -     This command does not set any result variables.

    + This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/refadd.htm b/help/refadd.htm index 566dce46..d14e1c6a 100644 --- a/help/refadd.htm +++ b/help/refadd.htm @@ -19,22 +19,14 @@ html,body { view. You need to call 'refinit' before using refadd.

    - arguments -
      arg1: Address -to put in the reference -view. -

    -

    -  arg2: Text to put after the address. -

    +
      arg1: Address to put in the reference view.

    +

      arg2: Text to put after the address.

    - - result
    -    This command does not set any result -variables.

    +This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/reffind_findref_ref.htm b/help/reffind_findref_ref.htm index 61ba8cae..897da77f 100644 --- a/help/reffind_findref_ref.htm +++ b/help/reffind_findref_ref.htm @@ -16,31 +16,15 @@ html,body {

    reffind[,findref,ref]
    Find references to a certain value.

    -

    arguments
    -  -arg1: The value to look for. - -

    +

    arguments
      arg1: The value to look for.

    - -[arg2]: Address of/inside a memory page to look -in. When -not specified CIP will be used.  - -

    +[arg2]: Address of/inside a memory page +to look in. When not specified CIP will be used. 

    - - [arg3]: -The size -of the data to search in. - -

    +[arg3]: The size of the data to search in.

    - result -
     -The $result variable is set to the number of references -found.

    \ No newline at end of file +
    The $result variable is set to the number of references +found.

    \ No newline at end of file diff --git a/help/reffindrange_findrefrange_refrange.htm b/help/reffindrange_findrefrange_refrange.htm index 5dbe8141..bdc69a2d 100644 --- a/help/reffindrange_findrefrange_refrange.htm +++ b/help/reffindrange_findrefrange_refrange.htm @@ -17,27 +17,21 @@ html,body {

    reffindrange[,findrefrange,refrange]
    Find references to a certain range of values.

    - arguments -
    -     -  arg1: Start of the range (will be -included in the results when found).

    +
      arg1: Start of the range (will be included in the +results when found).

    - -[arg2]: End of range (will be included in the results when -found). When not specified the first argument will be used.

    +[arg2]: End of range (will be included in +the results when found). When not specified the first argument will be used.

    - -[arg3]: Address of/inside a memory page to look in. -When not specified CIP will be used. 

    -

    [arg4]: The size of the data to search in.

    -

    result
    The $result variable is set to the number of -references found.

    +[arg3]: Address of/inside a memory page +to look in. When not specified CIP will be used. 

    +

    [arg4]: The size of the data to search in.

    +

    result
    The $result variable is set to the number of references +found.

    \ No newline at end of file diff --git a/help/refinit.htm b/help/refinit.htm index 7a4bd793..ddb90b1d 100644 --- a/help/refinit.htm +++ b/help/refinit.htm @@ -12,24 +12,19 @@ html,body { } - + - -

    refinit
    Initialize reference view -for command usage.

    -

    - -arguments -
    -     - - This command has no arguments. -

    - -

    -result
     -     This command does not set any result -variables.

    + +

    refinit
    Initialize reference view +for command usage.

    +

    +arguments +
    + +This command has no arguments. +

    + +

    result
    This command does not set any result +variables.

    diff --git a/help/refstr_strref.htm b/help/refstr_strref.htm index 731ad8ed..e95bdddd 100644 --- a/help/refstr_strref.htm +++ b/help/refstr_strref.htm @@ -16,13 +16,9 @@ html,body {

    refstr[,strref]
    Find referenced text strings.

    -

    arguments
    [arg1]: Address of/inside a memory page to find -referenced text strings in. When not specified CIP -will be used.

    -

    - [arg2]: The size of the data -to search in.

    -

    result
    The $result variable is set to the number of string references -found.

    \ No newline at end of file +

    arguments
    [arg1]: Address of/inside a memory page to find +referenced text strings in. When not specified CIP will be used.

    +

    [arg2]: The size of the data to search +in.

    +

    result
    The $result variable is set to the number of string +references found.

    \ No newline at end of file diff --git a/help/resumeallthreads_threadresumeall.htm b/help/resumeallthreads_threadresumeall.htm index b098b6cb..1df74d9a 100644 --- a/help/resumeallthreads_threadresumeall.htm +++ b/help/resumeallthreads_threadresumeall.htm @@ -17,20 +17,12 @@ html,body {

    resumeallthreads[,threadresumeall]
    Resume all threads in the debuggee.

    - arguments   -
    -     - -This command has no arguments.

    +
    This command has no arguments.

    - - -result
    This command does not set any result -variables.

    -

     

    +result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/resumethread_threadresume.htm b/help/resumethread_threadresume.htm index 78fc0e35..40f0482b 100644 --- a/help/resumethread_threadresume.htm +++ b/help/resumethread_threadresume.htm @@ -17,10 +17,8 @@ html,body {

    resumethread[,threadresume]
    Resume a thread in the debuggee.

    -

    arguments 
    [arg1]: ThreadId of the thread to resume (see -the Threads tab). When not specified, the main thread is used. 

    -

    result
    This command does not set any result -variables.

    +

    arguments 
    [arg1]: ThreadId of the thread to resume (see +the Threads tab). When not specified, the main thread is used. 

    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/ret.htm b/help/ret.htm index 594d3d4d..76abbf6b 100644 --- a/help/ret.htm +++ b/help/ret.htm @@ -19,8 +19,7 @@ html,body { the stack, this command will end the script and set the script IP to the first line. When 'call' was executed before, ret will return from that call.

    -

    arguments
    This command has no arguments.

    -

    result
    This command does not set any result variables. +

    arguments
    This command has no arguments.

    +

    result
    This command does not set any result variables.

    \ No newline at end of file diff --git a/help/rol.htm b/help/rol.htm index 6a84ff62..d52c27a8 100644 --- a/help/rol.htm +++ b/help/rol.htm @@ -17,10 +17,8 @@ html,body {

    rol
    Binary ROL a value.

    -

    arguments
      arg1: -Destination.

    -

      -arg2: Source.

    -

    result
    This command does not set -any result variables.

    +

    arguments
      arg1: Destination.

    +

      arg2: Source.

    +

    result
    This command does not set any +result variables.

    \ No newline at end of file diff --git a/help/ror.htm b/help/ror.htm index 0e6758f0..d72fe7b1 100644 --- a/help/ror.htm +++ b/help/ror.htm @@ -17,10 +17,8 @@ html,body {

    ror
    Binary ROR a value.

    -

    arguments
      arg1: -Destination.

    -

      -arg2: Source.

    -

    result
    This command does not set -any result variables.

    +

    arguments
      arg1: Destination.

    +

      arg2: Source.

    +

    result
    This command does not set any +result variables.

    \ No newline at end of file diff --git a/help/rtr.htm b/help/rtr.htm index 2a5ce0ec..4499efa9 100644 --- a/help/rtr.htm +++ b/help/rtr.htm @@ -18,20 +18,14 @@ html,body {

    StepOut[,rtr]
    Return from function by calling StepOver until the current instruction is a RET.

    - arguments
    -     - -This command has no arguments.

    +This command has no arguments.

    - - result
    -     This command does not set any result -variables.

    + This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/savedb_dbsave.htm b/help/savedb_dbsave.htm index 1acc8bda..0381b7f0 100644 --- a/help/savedb_dbsave.htm +++ b/help/savedb_dbsave.htm @@ -17,19 +17,10 @@ html,body {

    savedb[,dbsave]
    Save the program database from memory to disk.

    -

    arguments
    - -This command has no arguments. -

    +

    arguments
    This command has no arguments.

    - result -
     - - -This command does not set any result -variables. +
    This command does not set any result variables.

    \ No newline at end of file diff --git a/help/sdump.htm b/help/sdump.htm index f6640333..4662109b 100644 --- a/help/sdump.htm +++ b/help/sdump.htm @@ -12,27 +12,18 @@ html,body { } - + - -

    sdump
    Dump the at a certain position.

    -

    arguments
    - - - -[arg1]: The address to dump at (must be inside the thread -stack range). -

    -

    - - - result - -
     -This command does not set any result -variables.

    + +

    sdump
    Dump the at a certain position.

    +

    arguments
    [arg1]: The address to dump at (must be inside the thread +stack range).

    +

    + + result + +
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/setcommandline_setcmdline.htm b/help/setcommandline_setcmdline.htm index 6b47116e..da670f7c 100644 --- a/help/setcommandline_setcmdline.htm +++ b/help/setcommandline_setcmdline.htm @@ -17,17 +17,12 @@ html,body {

    setcommandline[,setcmdline]
    It changes the command line data.

    - arguments
    -     - - - [arg1]: New command -line. 

    -

    result
    This command does not set any result -variables.

    +[arg1]: New command line. 

    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/setjit_jitset.htm b/help/setjit_jitset.htm index 1814bca0..2d2ef22f 100644 --- a/help/setjit_jitset.htm +++ b/help/setjit_jitset.htm @@ -25,58 +25,31 @@ x32 debugger stored in the x32-JIT entry. Important notes:

  • Its possible change the x64-JIT entry from the x32 debugger ONLY if the x32 debugger its running in a WIN64 System (using the x64 arg).
    • -

    arguments 

    -

    -   -without args: Set the current debugger as JIT. 

    -

    -   arg1:

    +

    arguments 

    +

      without args: Set the current +debugger as JIT. 

    +

      arg1:

      1. -
        oldsave: Set the current debugger as -JIT and save the last JIT entry.
        +
        oldsave: Set the current debugger as + JIT and save the last JIT entry.
      2. -
        restore: Set the old JIT entry stored as -JIT and remove it from debugger db.
        +
        restore: Set the old JIT entry + stored as JIT and remove it from debugger db.
      3. -
        old (without arg2): Set -the old JIT entry stored as new JIT. -
        +
        old (without arg2): Set the old + JIT entry stored as new JIT.
      4. -
        old (with arg2): Set -the arg2 as old JIT entry stored. - -
        +
        old (with arg2): Set the arg2 as + old JIT entry stored.
      5. -
        - - -x32: Set the arg2 as new - - -x32-JIT entry.
        +
        x32: Set the arg2 as new + x32-JIT entry.
      6. -
        - - -x64: Set the arg2 as new - - -x64-JIT entry.
    -

    result
    This -command does not set any result variables. -

    +
    x64: Set the arg2 as new + x64-JIT entry.
    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/setjitauto_jitsetauto.htm b/help/setjitauto_jitsetauto.htm index 25e28a42..b4d4ca02 100644 --- a/help/setjitauto_jitsetauto.htm +++ b/help/setjitauto_jitsetauto.htm @@ -31,36 +31,25 @@ arg).
    Its possible set the x64-JIT AUTO FLAG entry from the x32 debugger ONLY if the x32 debugger its running in a WIN64 System (using the x64 arg).
    -

    arguments    

    -

      arg1:

    +

    arguments

    +

      arg1:

      1. -
        1/ON: Set current - JIT entry FLAG as TRUE.  
        +
        1/ON: Set current JIT entry FLAG as + TRUE.  
      2. -
        0/FALSE: Set current JIT entry FLAG as - FALSE.
        +
        0/FALSE: Set current JIT entry FLAG as + FALSE.
      3. -
        x32: Set the x32-JIT AUTO FLAG TRUE or FALSE. It needs an arg2: can be ON/1 or - OFF/0.
        +
        x32: Set the x32-JIT AUTO FLAG + TRUE or FALSE. It needs an arg2: can be ON/1 or OFF/0.
      4. -
        x64: Set the - x64-JIT AUTO FLAG TRUE - or FALSE. It needs an arg2: can be ON/1 or - OFF/0. -
        +
        x64: Set the x64-JIT AUTO FLAG + TRUE or FALSE. It needs an arg2: can be ON/1 or OFF/0.
    -

    result
    This command does not -set any result variables.

    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/setpagerights_setrightspage.htm b/help/setpagerights_setrightspage.htm index e04731bd..bf4772b0 100644 --- a/help/setpagerights_setrightspage.htm +++ b/help/setpagerights_setrightspage.htm @@ -16,15 +16,13 @@ html,body {

    setpagerights[,setpagerights,setrightspage]
    Change the rights of a memory page.

    -

    arguments 
      arg1: Memory Address of page -(it fix the address if this arg is -not the top address of a page).

    -

    -   arg2: New Rights, this can be one of the following values: "Execute", -"ExecuteRead", "ExecuteReadWrite", "ExecuteWriteCopy", "NoAccess", "ReadOnly", "ReadWrite", "WriteCopy". You can add a G at first -for add PAGE GUARD. example: "GReadOnly". Read -the MSDN for more info.

    -

    result
    This command does not set any result -variables.

    +

    arguments 
      arg1: Memory Address of page (it +fix the address if this arg is not the top address of a page).

    +

      arg2: New Rights, this can be one of +the following values: "Execute", "ExecuteRead", "ExecuteReadWrite", +"ExecuteWriteCopy", "NoAccess", "ReadOnly", "ReadWrite", "WriteCopy". You can +add a G at first for add PAGE GUARD. example: "GReadOnly". Read the MSDN for +more info.

    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/setthreadpriority_setprioritythread_threadsetpriority.htm b/help/setthreadpriority_setprioritythread_threadsetpriority.htm index ad26421a..bcb4be02 100644 --- a/help/setthreadpriority_setprioritythread_threadsetpriority.htm +++ b/help/setthreadpriority_setprioritythread_threadsetpriority.htm @@ -16,14 +16,13 @@ html,body {

    setthreadpriority[,setprioritythread,threadsetpriority]
    Set thread priority in the debuggee.

    -

    arguments 
      arg1: ThreadId of the thread -to change the priority of (see the Threads tab).

    -

      arg2: Priority value, this can be the integer of a valid -thread priority (see MSDN) or one of the -following values: "Normal", "AboveNormal", "TimeCritical", "Idle", "BelowNormal", "Highest", "Lowest".

    -

    result
    This command does not set any result -variables.

    +

    arguments 
      arg1: ThreadId of the thread to change the +priority of (see the Threads tab).

    +

      arg2: Priority value, this can be the +integer of a valid thread priority (see MSDN) or one of the following +values: "Normal", "AboveNormal", "TimeCritical", "Idle", "BelowNormal", +"Highest", "Lowest".

    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/shl.htm b/help/shl.htm index 2ccd29bc..6a5547f9 100644 --- a/help/shl.htm +++ b/help/shl.htm @@ -17,10 +17,8 @@ html,body {

    shl
    Binary SHL a value.

    -

    arguments
      arg1: -Destination.

    -

      -arg2: Source.

    -

    result
    This command does not set -any result variables.

    +

    arguments
      arg1: Destination.

    +

      arg2: Source.

    +

    result
    This command does not set any +result variables.

    \ No newline at end of file diff --git a/help/shr.htm b/help/shr.htm index caf4071f..1e912e4a 100644 --- a/help/shr.htm +++ b/help/shr.htm @@ -17,10 +17,8 @@ html,body {

    shr
    Binary SHR a value.

    -

    arguments
      arg1: -Destination.

    -

      -arg2: Source.

    -

    result
    This command does not set -any result variables.

    +

    arguments
      arg1: Destination.

    +

      arg2: Source.

    +

    result
    This command does not set any +result variables.

    \ No newline at end of file diff --git a/help/sleep.htm b/help/sleep.htm index 9f9580b6..83a48af9 100644 --- a/help/sleep.htm +++ b/help/sleep.htm @@ -17,23 +17,14 @@ html,body {

    sleep
    Sleep for a specified number of milliseconds.

    -

    arguments
    - - - +

    arguments
    [arg1]: Number of milliseconds to sleep, 100 (decimal) milliseconds will be taken when nothing is specified Keep -in mind that default input is in HEX. - -

    +in mind that default input is in HEX.

    - result -
     -This command does not set any -result variables.

    +
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/strlen_charcount_ccount.htm b/help/strlen_charcount_ccount.htm index eb9e0f90..00fecbbe 100644 --- a/help/strlen_charcount_ccount.htm +++ b/help/strlen_charcount_ccount.htm @@ -15,14 +15,9 @@ html,body { -

    strlen[,charcount,ccount]
    Get the -length of a string. This was the first command ever, left in for historical reasons.

    -

    arguments
      arg1: String you want to get the length of.

    -

    result
    This -command does not set any result variables.

    +

    strlen[,charcount,ccount]
    Get the length of a string. This was the first command ever, +left in for historical reasons.

    +

    arguments
      arg1: String you want to get the length of.

    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/sub.htm b/help/sub.htm index b31a92bd..3c8d5904 100644 --- a/help/sub.htm +++ b/help/sub.htm @@ -17,10 +17,8 @@ html,body {

    sub
    Subtract two values.

    -

    arguments
      arg1: -Destination.

    -

      -arg2: Source.

    -

    result
    This command does not set -any result variables.

    +

    arguments
      arg1: Destination.

    +

      arg2: Source.

    +

    result
    This command does not set any +result variables.

    \ No newline at end of file diff --git a/help/suspendallthreads_threadsuspendall.htm b/help/suspendallthreads_threadsuspendall.htm index 6ace5501..65819579 100644 --- a/help/suspendallthreads_threadsuspendall.htm +++ b/help/suspendallthreads_threadsuspendall.htm @@ -16,9 +16,7 @@ html,body {

    suspendallthreads[,threadsuspendall]
    Suspend all threads in the debuggee.

    -

    arguments 
    This command has no arguments.

    -

    result
    This command does not set any result -variables.

    +

    arguments 
    This command has no arguments.

    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/suspendthread_threadsuspend.htm b/help/suspendthread_threadsuspend.htm index bb1a8d79..e426382d 100644 --- a/help/suspendthread_threadsuspend.htm +++ b/help/suspendthread_threadsuspend.htm @@ -18,21 +18,14 @@ html,body {

    suspendthread[,threadsuspend]
    Suspend a thread in the debuggee.

    - arguments
    -     - -[arg1]: ThreadId of -the thread to suspend (see -the Threads tab). When not specified, the main thread is used. 

    +[arg1]: ThreadId of the thread to suspend (see the +Threads tab). When not specified, the main thread is used. 

    - - result
    -     This command does not set any result -variables.

    + This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/switchthread_threadswitch.htm b/help/switchthread_threadswitch.htm index 8b19585d..e3b6d686 100644 --- a/help/switchthread_threadswitch.htm +++ b/help/switchthread_threadswitch.htm @@ -18,17 +18,10 @@ html,body {

    switchthread[,threadswitch]
    Switch the internal current thread to another thread (resulting in different callstack + different registers displayed).

    -

    arguments 
    [arg1]: ThreadId of the thread to switch to (see the -Threads tab). When not specified, the main thread is used. 

    +

    arguments 
    [arg1]: ThreadId of the thread to switch to (see the +Threads tab). When not specified, the main thread is used. 

    - result -
     - -     - - This command does not set any result -variables. +
    This command does not set any result variables.

    \ No newline at end of file diff --git a/help/symdownload_downloadsym.htm b/help/symdownload_downloadsym.htm index 9c0a3eee..bc6beaf5 100644 --- a/help/symdownload_downloadsym.htm +++ b/help/symdownload_downloadsym.htm @@ -18,27 +18,19 @@ html,body {

    symdownload[,downloadsym]
    Attempt to download a symbol from a Symbol Store.

    - arguments
    -     - - [arg1]: Module name (with or without extension) -to attept to download symbols for. When not specified, an attempt will be done -to download symbols for all loaded modules. +[arg1]: Module name (with or without extension) to attept to +download symbols for. When not specified, an attempt will be done to download +symbols for all loaded modules.

    - - [arg2]: Symbol Store URL. When not specified, -the default store - -will +[arg2]: Symbol Store URL. When not specified, +the default store will be used.

    -

    -result
     -     This command does not set any result -variables.

    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/test.htm b/help/test.htm index 3bd88e19..de7d637a 100644 --- a/help/test.htm +++ b/help/test.htm @@ -17,13 +17,9 @@ html,body {

    test
    Binary TEST a value.

    -

    arguments
      arg1: Value to -test.

    -

      -arg2: Tester.

    -

    result
    This command sets -the internal variables $_EZ_FLAG and $_BS_FLAG. $_EZ_FLAG is set to 1 when -arg1&arg2= -= 0. $_BS_FLAG is always set -to 0.

    +

    arguments
      arg1: Value to test.

    +

      arg2: Tester.

    +

    result
    This command sets the internal variables $_EZ_FLAG +and $_BS_FLAG. $_EZ_FLAG is set to 1 when arg1&arg2= = 0. $_BS_FLAG is +always set to 0.

    \ No newline at end of file diff --git a/help/var_varnew.htm b/help/var_varnew.htm index c6ce459e..6b579406 100644 --- a/help/var_varnew.htm +++ b/help/var_varnew.htm @@ -15,14 +15,12 @@ html,body { -

    var[,varnew]
    Declare a new variable.

    -

    arguments
      arg1: Variable name (will be prefixed with '$' if not -done). -

    -

    - [arg2]: Initial variable value (see console input for details).

    -

    result
    This command does not set any result -variables.

    +

    var[,varnew]
    Declare a new +variable.

    +

    arguments
      arg1: Variable name (will be prefixed with '$' if +not done).

    +

    [arg2]: Initial variable value (see console +input for details).

    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/vardel.htm b/help/vardel.htm index 9b26e6bb..89ab25dc 100644 --- a/help/vardel.htm +++ b/help/vardel.htm @@ -15,10 +15,10 @@ html,body { -

    vardel
    Delete a user-defined variable.

    -

    arguments
      arg1: Name of the variable to delete ($ will be -prepended when not present).

    -

    result
    This command does not set any result -variables.

    +

    vardel
    Delete a user-defined +variable.

    +

    arguments
      arg1: Name of the variable to delete ($ will be +prepended when not present).

    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/varlist.htm b/help/varlist.htm index 0a63ea47..d7acc3c9 100644 --- a/help/varlist.htm +++ b/help/varlist.htm @@ -15,10 +15,9 @@ html,body { -

    varlist
    Get a list of all variables and their -values.

    -

    arguments
    [arg1]: Filter (USER, SYSTEM, READONLY).

    -

    result
    This command does not set any result -variables.

    +

    varlist
    Get a list of all +variables and their values.

    +

    arguments
    [arg1]: Filter (USER, SYSTEM, READONLY).

    +

    result
    This command does not set any result +variables.

    \ No newline at end of file diff --git a/help/xor.htm b/help/xor.htm index 4ab19f6a..9b87b760 100644 --- a/help/xor.htm +++ b/help/xor.htm @@ -17,18 +17,13 @@ html,body {

    xor
    Binary XOR two values.

    - arguments -
      arg1: -Destination. -

    -

    -   arg2: Source.

    +
      arg1: Destination.

    +

      arg2: Source.

    -

    -result
    This command does not -set any result variables.

    +

    result
    This command does not set any +result variables.

    \ No newline at end of file From 3b755c927914decdcf26674264853d10d97edbd4 Mon Sep 17 00:00:00 2001 From: "Mr. eXoDia" Date: Sun, 14 Dec 2014 03:07:45 +0100 Subject: [PATCH 15/18] DBG: resolved issue #211 (added a 'skip' command to skip the next instruction) --- help/skip.htm | 34 ++++++++++++++++++++++++++++++ help/x64_dbg.wcp | Bin 85654 -> 86168 bytes x64_dbg_dbg/debugger_commands.cpp | 14 ++++++++++++ x64_dbg_dbg/debugger_commands.h | 1 + x64_dbg_dbg/x64_dbg.cpp | 1 + 5 files changed, 50 insertions(+) create mode 100644 help/skip.htm diff --git a/help/skip.htm b/help/skip.htm new file mode 100644 index 00000000..c8d132a6 --- /dev/null +++ b/help/skip.htm @@ -0,0 +1,34 @@ + + + +skip + + + + + + + +

    skip
     +Skip the next instruction. This command swallows the current exception +(if present). Useful if you want to continue after an INT3 command.

    +

    + +arguments + + +
    This command has no arguments. +

    +

    + + result + +
    This command does not set any result +variables.

    + \ No newline at end of file diff --git a/help/x64_dbg.wcp b/help/x64_dbg.wcp index 9722331e5d2a136a8729303565c0f7f8b33ce87e..f6c223bec81d53d97954a156c342030107eaf491 100644 GIT binary patch delta 4115 zcmYjU4O~;#6@OPgL<<(u6p^wlQW`$`e7roKAz-ADVn!)4q|RDKDNt0jND-0I)~RKd zI-5q!pK_T+m!=tGj4E12ZD*}I*E#AOQtGI)4jr@3GKc7}b5?g=ShxNB;XUu3|2-f7 zbMARBExUqR-w5iqhT&*MG&bKK`gU>H635ha!ZX4up&I6U9|%YhQoxqQPfHQz3;um9 zZkmI_CEftDFc;?S$&kL|!v4o>OvTy=4XxB=zVhXeD9NmC@<0>ut>$yVv*!roGkWX$&)honVF1%r;5-} ztV3+EinF#)XZms*q7B(yEXy1O=N=EY<7e=2cz{V<( z)+ijW3WcjuMd-6$l&?`R{HznPRYf>mEz)WreHI)w1~jd0pa`B?Xhv3z3scsL?scK? zRV&C?C(>gz&aU$zvW7CKbz-2V5HGiZL^i@4_$RJ`EA$a7Z68v;=q5lbjD z&OdiA3ZJ*3ZG#uq7Zg-~-;G-@sE{@)DBD2g-$do#*a+Q#gz`VLCK3wjBiq5Y!FefIUS7+UdY>JEc*eG^`gqCRVkLac%)%IYPa~1^aB~$FFB_! zqDEgQJPp?PpcW7E8iQfqqGC^@4^c14=y}-y&&yR9d}#@Cwu)HNScs0TJ`}txW5W+! z2;Z6xb(_R0`PCdY2Tj|2h}|Kh{1sQg(?SK<{CG%C2_@SUc%0O!ugGYBRWqrlwFuW= zNr&i?QS7wC>GHz%VZi3?bTf7ovURxgYBFTEh@2)18eu@c zy8*@>D#>&&cI3m+Ol`R%%54lpy*nLU%^nnhy74tPqM9XSv?!==rq1UE9B$dd%qU%$ zj9TtOC~2ft5vyCQaJKs3;4(^nDuz2Swj3h|Nf4vD;ek8%rCIwXr z%Z24M7Lw7_=7sTf1ueTKLvGong?x3_Js5voguI)=ZgZgS$K-qW7AU(ElARdaWk-QW zMA2>s20i5Y$1*zJAkUsWGBOa2z;|0^>0WRdea5fn~(igQ$Q;9kJ&pD$Gn+{ z`iTeaZ>kvmi4!Y)c2q~0aIQTV13m|me(I$Gb^aRl?oVB)Z?~hbL&QkC1Gb-OcVEJc zPU_nZJ4QQ2OmsL<^>ga1T@vhF&G2^S!1$H|!_V{Kd&>u1myG&7F7$Wh!@gHS-djtt zXRilYdsOsvQ+d0q5V+Td!hIsGk;pligwy-H$m>?owcic>J_j1#R^Z&1i{Ks~yeX7b zPZQGL&c*IuNa%UH03p4UO^=GRz0PTsLa9(jELZx+XU{tl`hH=9dO#b(ihn4Cyt^Cq z?_}WOyEcr!lZA@+d^mGJhV7SaXn)s^;Da{AzDL|2^aRL4Dk5yj$bR1ij&k>Y5IO>!H36vxNuEE>u+6CR|qx!j??rdeG=Tq zRrL4yu==+$PJcwbrPE>Xqav94(y{G?1XrIOQNQz|`XdFSzjHx8LBsJR_2Y?X44lYD z`R^w?z|v1+@%PbaKAFiBEci4Y##4c`Q--Qj9t8HQs2wn%WS|Pi`c;~Q+UqWjhVtxF zi_rbC4}puRa)U-f=+Qe^h=PwJF*1;e3yCJesrdHCrRe*_i-JJ~yH7h2{z(>1q)97t z@%>L0q2~`idJ{`%9C8IcEv%V*1ta5A2@QXsGoN~~bVz~k3=Q)$RnUJbBI%D}&`P0N zD8+(PbFlS~K4hMeQFPV?eM0vyT8Y?&be4AKQ)Ub;?_B8?avex{fUPD zIT`YB69&&EVE9rXMu%m#94{8lfgBr%yz`wzy@I3*ZX6nxaQT81R8C{F4iR4@Blpjp z`0~7hgb_Deg{$u;`Yl`|Fa6yMR&j&VLkSZK8TAKCBJ;cG3h7! z^G;mfA7Sl zzbS|sbF&&=I*&bw(_=ELLD&~5NWa>Ni+@)TIo^W(qja0c|98-OtrH_x6u$e>vX2-uW^W<^SqnY5a(dhI+=W zX83M8Xyj3QLH;TPQUA(C-B(n}8#HvkqVKZXwHUZ%h5n8N>sJ}5ztcgN^87V3>hAcX zcx@{y#>j1%>lu@fdB?)*80&m3mMNNG;MG%DEs=AiGZFpQ19@}+lXxa$D&G>ov?9s8 zIFL2-ktxi=&fiGk zt`O$t)l-?CM^9xYo;!`n+M}KCnZ~-bj^<4>SRi*!XRX{cjV18>yC{H$X=JSTF4oBl zr;}}x47@v()pEmKbgxI!O?>zsrg?qgE;f%J2=hmj$|L45Gw%&!MhzUvkI!JmJT8pM zlQ(_xObXu=MjTJvO~$EYiY6KOSU7v0i+8hZ-X1~zJMLzAJVr+>P|f*-j#wy5S=oc!4qVveS<=A(xa^&JOwx3IEQX1^a4uD>J%uV} zu`nOss8X|qr_y0G31+&OX?LH%Rh( zspWBY8UQCBqJtJ~oCTQ$Rj}~ccD9f=Wl~Gd^$(L0D_N_2n7j=xAWE{b$QnuEyd;xI zJd{NNr9Vso?Oe#(ct{ozR_h=)&u3BKV-E6KzK|YIe2WZt9n@GcS(HA_r38LBn+0oo zdAv27>X#oI&RepX5#eS%uXu!xw|t9EYPyyjnli=N#8yX+#%eZsF+R#VDR6Dx-F%eh zU2P756Y`kBoiv@_&Lz`BImEHH!|jg}MSiLJQKIF*B4(#-<;ib69+$@|xR}SHc}Wfn zC;PAFvPUpQr&*#OQVM5_*kf>S6#3>wj6Pg+G7VDt;iF6AW7>wIi{asUEDE}t3Xyh7 Tm#8DXpwKUSMFc8lXYL$fq9Lyq%2QZh3uGDDB^Ji9#f$jm&wXQS&6_B_w~Jm2T{^L)Rw zw1sd38f;;C0@0p zGN61;2J+_X5%Wt8Eb|wtD^xYO-I>lZaV~Z0m`s(TnxzVUJG?Iw*3tk57f8@OAQ%s2p$X;%e#9-3V0lTQED&CR`o(_aE|t)?rfYRxZK6REKR#tFf&@1F1qr zu1zGo00(RVG%OS0Dt95LvJ#aQ0{SXf;cSHuqh?F!T;_tbT*8h=BXPp6z*i{{T?^wQ zKIE;C5oLE`)XFM^Ef)w%uq}_o$(1IoU!g)=3Iyell)1`; zs8xQZAT~W6XIHt<|5!2l9~H2mdI2_6c~P`lLE&Rg#MCT?P%RMDp{6#-?u7NpY*?P4v~OrY(o+iIP7FR}!X9HXq$eYgztN1w zCw;s-hYprL)r|AI(vYxGLHAn{Hg60dX_JJq-?(vM6FFQj!_uIjzCPqk^kmdb)S_t< zWjQVmjhhyu|7iu91_7o<6E-yXpnXP0;nPl>dPYR&~6q`xkX0nW&~gH5FM~ zBosL%c((YE_`Hl&&p9#hd^Yq>5&5oMY;=zFR^#*f5ig%F!_Za%I+w`SVa?|maJqbI z15HyK#p8|9z_!)J*5aG3i^A8cDpeyg8@Blo0~tjxIMIh9M7gO$G109LgT0vs#O;Oo zMFkGffDq+TplcRj^O)dm_J*{_!hpbw6xmh{L7TfpfZ~x+)*@rO#|QZ(8P(j0p_c>* zErPmSwHBMI)8T5Nu}u-t{E|L&)br9p^uH`2VY@JTt*T1(i0To1}kngo%;|{XgCZq9HYUo$1G1OLw1g}U? zgL*)QYB+b%S|8w2}0IdJY1LioTt zdAPREi=G1tdiS@Y`CT*o?_?w9pan?>{J3#Y!u12KkPbzn@4aN4dN-SJ1*HeQ2zy^a z+Ivp)yl=tqdjdf%3c9jTdB}^z!wQV=x8mwyBgS@R!`_{P(!)ApiGH5`k?;vvBH&4=esEqx~<=aJ#CO8g5?SR8$-lQQxcJ$WcEQd_ej6s}q`ICKUII zc=DJTdwK(?I4+{;gWxn>IWY;wzFZU?6GGHvboW_s=$JR$K(~|v!L^NP^Sw*yq!*|5HCK{Sus?(RK5MfV|Iz@a3u+RXJWbmX7uP zv<5$KWHWHMFawT$m%Akm!WSa)zLeqo!jJf~bTgfC@rrv{3bbEJeDGc-!trGQVFMEK z&(bCwNOONBLU)c_($_jyVPiR%6)qxf70ZV(jDyK!hx#O3oM zTZwsH8ITggQ1rJBT>m@W9)s@i$5iW7RhTDF#ic<>O%x7W(nC^(e{aX|Kd99%xWlVy zlPnKOUA!QviQ=2au?*z@V<(3HDI?`#Gh2<_JEvmsq5|#LGV=e~fvW_QFS*egamHyyb2ZyCDF9_$%P!`aI+ z;=Yk!{&xp1UXhV7A>K(612k} z^*U8WD4^5BG9tc{VfvOlBdERRRy(MRcR!Shlh z+ciomPFGHRgRzfMKuZJFmWmW8_8?L2W5b!px0kT)-G zW@W4v=Uz$Wag33Wnkjq(V;wv(jL6ba%*`)^u`I4tGm+AKh zrr_EqFp+lJN>w%HIn#OP7*e9s(1Bhp9k`*PNIXBI2oK&#{@nN(>C|h9``JX|-qcbO zS|_m_-V+pwjAwaVoXFbwa6HM4okZLNlPSmjlZY!OumWBXPu#@2h?_E*xD7fs(W7I< z{8rEvqH1_u0_&iI|IKqgzVZPw;I4+4S zirZ;1^6XR+{{J@8z2LNu>Hl z25CK;PFjgH^Hn0rSq&s-$sjCArs^b0R6CDMh1nqmeaj^71_SxlrO+%aR%jNAWGXa~ zW`0y=JA;EKaepS;#kXY9*+zv5O;`e#rc)jUmr=r}QNqKF!GupEO@%WkQcuP`JDV0j--FCOW_IuyLXY#6*gZd$d-ADrX9}2= zNB)9D<=~b|Hw1~1dDj-uyt@m@?#=?Lj%}0(eF;@)E{&seE}KZNel5Q>m)Xb4s%X{N H(BJ<6VJ%GU diff --git a/x64_dbg_dbg/debugger_commands.cpp b/x64_dbg_dbg/debugger_commands.cpp index fb1bba8f..00fc1f8a 100644 --- a/x64_dbg_dbg/debugger_commands.cpp +++ b/x64_dbg_dbg/debugger_commands.cpp @@ -10,6 +10,7 @@ #include "simplescript.h" #include "symbolinfo.h" #include "assemble.h" +#include "disasm_fast.h" static bool bScyllaLoaded = false; uint LoadLibThreadID; @@ -1994,3 +1995,16 @@ CMDRESULT cbDebugSetCmdline(int argc, char* argv[]) return STATUS_CONTINUE; } + +CMDRESULT cbDebugSkip(int argc, char* argv[]) +{ + SetNextDbgContinueStatus(DBG_CONTINUE); //swallow the exception + uint cip = GetContextDataEx(hActiveThread, UE_CIP); + BASIC_INSTRUCTION_INFO basicinfo; + memset(&basicinfo, 0, sizeof(basicinfo)); + disasmfast(cip, &basicinfo); + cip += basicinfo.size; + SetContextDataEx(hActiveThread, UE_CIP, cip); + DebugUpdateGui(cip, false); //update GUI + return STATUS_CONTINUE; +} diff --git a/x64_dbg_dbg/debugger_commands.h b/x64_dbg_dbg/debugger_commands.h index 7e9b7eb1..cdc0c24e 100644 --- a/x64_dbg_dbg/debugger_commands.h +++ b/x64_dbg_dbg/debugger_commands.h @@ -63,6 +63,7 @@ CMDRESULT cbDebugDisableMemoryBreakpoint(int argc, char* argv[]); CMDRESULT cbDebugDownloadSymbol(int argc, char* argv[]); CMDRESULT cbDebugGetPageRights(int argc, char* argv[]); CMDRESULT cbDebugSetPageRights(int argc, char* argv[]); +CMDRESULT cbDebugSkip(int argc, char* argv[]); //misc void showcommandlineerror(cmdline_error_t* cmdline_error); diff --git a/x64_dbg_dbg/x64_dbg.cpp b/x64_dbg_dbg/x64_dbg.cpp index 37423135..24121dc8 100644 --- a/x64_dbg_dbg/x64_dbg.cpp +++ b/x64_dbg_dbg/x64_dbg.cpp @@ -85,6 +85,7 @@ static void registercommands() dbgcmdnew("getcmdline\1getcommandline", cbDebugGetCmdline, true); //Get CmdLine dbgcmdnew("setcmdline\1setcommandline", cbDebugSetCmdline, true); //Set CmdLine dbgcmdnew("loadlib", cbDebugLoadLib, true); //Load DLL + dbgcmdnew("skip", cbDebugSkip, true); //skip one instruction //breakpoints dbgcmdnew("bplist", cbDebugBplist, true); //breakpoint list From c3bb3581fdda96696dfd409f5755cc1e19316652 Mon Sep 17 00:00:00 2001 From: "Mr. eXoDia" Date: Sun, 14 Dec 2014 03:18:07 +0100 Subject: [PATCH 16/18] GUI: added "skip next instruction" menu item/hotkey + fixed some small bugs with the hotkey descriptions --- x64_dbg_gui/Project/Src/Gui/MainWindow.cpp | 7 ++++++ x64_dbg_gui/Project/Src/Gui/MainWindow.h | 1 + x64_dbg_gui/Project/Src/Gui/MainWindow.ui | 21 ++++++++++++++---- .../Project/Src/Utils/Configuration.cpp | 7 +++--- x64_dbg_gui/Project/images/arrow-skip.png | Bin 0 -> 611 bytes x64_dbg_gui/Project/resource.qrc | 1 + 6 files changed, 30 insertions(+), 7 deletions(-) create mode 100644 x64_dbg_gui/Project/images/arrow-skip.png diff --git a/x64_dbg_gui/Project/Src/Gui/MainWindow.cpp b/x64_dbg_gui/Project/Src/Gui/MainWindow.cpp index 688d8b68..259e37e5 100644 --- a/x64_dbg_gui/Project/Src/Gui/MainWindow.cpp +++ b/x64_dbg_gui/Project/Src/Gui/MainWindow.cpp @@ -146,6 +146,7 @@ MainWindow::MainWindow(QWidget* parent) : QMainWindow(parent), ui(new Ui::MainWi connect(ui->actioneStepInto, SIGNAL(triggered()), this, SLOT(execeStepInto())); connect(ui->actioneRun, SIGNAL(triggered()), this, SLOT(execeRun())); connect(ui->actioneRtr, SIGNAL(triggered()), this, SLOT(execeRtr())); + connect(ui->actionSkipNextInstruction, SIGNAL(triggered()), this, SLOT(execSkip())); connect(ui->actionScript, SIGNAL(triggered()), this, SLOT(displayScriptWidget())); connect(ui->actionRunSelection, SIGNAL(triggered()), this, SLOT(runSelection())); connect(ui->actionCpu, SIGNAL(triggered()), this, SLOT(displayCpuWidget())); @@ -281,6 +282,7 @@ void MainWindow::refreshShortcuts() ui->actionRtr->setShortcut(ConfigShortcut("DebugRtr")); ui->actioneRtr->setShortcut(ConfigShortcut("DebugeRtr")); ui->actionCommand->setShortcut(ConfigShortcut("DebugCommand")); + ui->actionSkipNextInstruction->setShortcut(ConfigShortcut("DebugSkipNextInstruction")); ui->actionScylla->setShortcut(ConfigShortcut("PluginsScylla")); @@ -621,6 +623,11 @@ void MainWindow::execeRtr() DbgCmdExec("ertr"); } +void MainWindow::execSkip() +{ + DbgCmdExec("skip"); +} + void MainWindow::displayCpuWidget() { mCpuWidget->show(); diff --git a/x64_dbg_gui/Project/Src/Gui/MainWindow.h b/x64_dbg_gui/Project/Src/Gui/MainWindow.h index 75f21864..5862b7ef 100644 --- a/x64_dbg_gui/Project/Src/Gui/MainWindow.h +++ b/x64_dbg_gui/Project/Src/Gui/MainWindow.h @@ -59,6 +59,7 @@ public slots: void execeStepInto(); void execeRun(); void execeRtr(); + void execSkip(); void displayCpuWidget(); void displaySymbolWidget(); void displayReferencesWidget(); diff --git a/x64_dbg_gui/Project/Src/Gui/MainWindow.ui b/x64_dbg_gui/Project/Src/Gui/MainWindow.ui index 8faee603..df4201a7 100644 --- a/x64_dbg_gui/Project/Src/Gui/MainWindow.ui +++ b/x64_dbg_gui/Project/Src/Gui/MainWindow.ui @@ -80,6 +80,7 @@ + @@ -88,10 +89,10 @@ &Help - - - - + + + + @@ -604,6 +605,18 @@ Change Command &Line + + + + :/icons/images/arrow-skip.png:/icons/images/arrow-skip.png + + + Skip next instruction + + + Skip next instruction + + diff --git a/x64_dbg_gui/Project/Src/Utils/Configuration.cpp b/x64_dbg_gui/Project/Src/Utils/Configuration.cpp index a35eb4bf..92d51dab 100644 --- a/x64_dbg_gui/Project/Src/Utils/Configuration.cpp +++ b/x64_dbg_gui/Project/Src/Utils/Configuration.cpp @@ -202,14 +202,15 @@ Configuration::Configuration() : QObject() defaultShortcuts.insert("DebugStepOver", Shortcut(tr("Debug -> Step over"), "F8", true)); defaultShortcuts.insert("DebugeStepOver", Shortcut(tr("Debug -> Step over (skip execptions)"), "Shift+F8", true)); defaultShortcuts.insert("DebugRtr", Shortcut(tr("Debug -> Execute till return"), "Ctrl+F9", true)); - defaultShortcuts.insert("DebugeRtr", Shortcut(tr("Debug -> execute till return (skip exceptions)"), "Ctrl+Shift+F9", true)); + defaultShortcuts.insert("DebugeRtr", Shortcut(tr("Debug -> Execute till return (skip exceptions)"), "Ctrl+Shift+F9", true)); + defaultShortcuts.insert("DebugSkipNextInstruction", Shortcut(tr("Debug -> Skip next instruction"), "Ctrl+F8", true)); defaultShortcuts.insert("DebugCommand", Shortcut(tr("Debug -> Command"), "Ctrl+Return", true)); defaultShortcuts.insert("PluginsScylla", Shortcut(tr("Plugins -> Scylla"), "Ctrl+I", true)); defaultShortcuts.insert("OptionsPreferences", Shortcut(tr("Options -> Preferences"), "", true)); - defaultShortcuts.insert("OptionsAppearance", Shortcut(tr("Options -> Preferences"), "", true)); - defaultShortcuts.insert("OptionsShortcuts", Shortcut(tr("Options -> Preferences"), "", true)); + defaultShortcuts.insert("OptionsAppearance", Shortcut(tr("Options -> Appearance"), "", true)); + defaultShortcuts.insert("OptionsShortcuts", Shortcut(tr("Options -> Shortcuts"), "", true)); defaultShortcuts.insert("HelpAbout", Shortcut(tr("Help -> About"), "", true)); defaultShortcuts.insert("HelpDonate", Shortcut(tr("Help -> Donate"), "", true)); diff --git a/x64_dbg_gui/Project/images/arrow-skip.png b/x64_dbg_gui/Project/images/arrow-skip.png new file mode 100644 index 0000000000000000000000000000000000000000..ebcd4ff2f84f5fc68164b6de99c16a21c22414aa GIT binary patch literal 611 zcmV-p0-XJcP)}^5b7fo1!SQG}x&Sqq^yI&C2bOWYokbjw1A# zedB7`4gw&b2VO4zz+rY60DJynGtG$o6Cm*Y{`fTh)Aj*8Z%_k8InaRf0Sz($twsZ8 zp^(vF;@U~uaUvLoidP@MWfpZ>tt>!$cNf0vV#u<3iFP~0_O_2wNzX8J_VzMc*5pq} zk_#Z+Fp|0Fg=jXLh-0<4Ks1TMaBvIKMACB{)dYu?Fp{hp{2I8dRIR3i^B+@MJ zUYv*ug}XclU(3UVA{kWEqRNxfy7X5`Wqa)AC3|bfr94pU(3bQg2to~~E}pR|grce8 z)4R`%PH9zQ<@N#jJb}zCJXvD;u!Z%GhE15*F)eHoq3oM12N8f<%;D zntRJCl_DBOq36RRMX+b@S=6^UxijK15v63JpB;yKdTfef4@U3avcJ=DpBMsuK71-@ z&qV8Q=KZe=vLUiRfGW00Ue+$$yPv=Qs9Ij+T#RB)@d|lK>L%7D%~K5M-QhU-F~KZ% x?#>ld&QGFNeGz||TkbabOimages/detach.png images/trace.png images/changeargs.png + images/arrow-skip.png From 54fbc038dfc653750044ea56f326c8ccee331482 Mon Sep 17 00:00:00 2001 From: "Mr. eXoDia" Date: Wed, 17 Dec 2014 19:27:18 +0100 Subject: [PATCH 17/18] resolved issue #213 (mov dest,#DATA#) --- x64_dbg_dbg/instruction.cpp | 82 +++++++++++++++++++++++++++++-------- 1 file changed, 66 insertions(+), 16 deletions(-) diff --git a/x64_dbg_dbg/instruction.cpp b/x64_dbg_dbg/instruction.cpp index 7605a4e9..f931567d 100644 --- a/x64_dbg_dbg/instruction.cpp +++ b/x64_dbg_dbg/instruction.cpp @@ -130,26 +130,76 @@ CMDRESULT cbInstrMov(int argc, char* argv[]) dputs("not enough arguments"); return STATUS_ERROR; } - uint set_value = 0; - if(!valfromstring(argv[2], &set_value)) + + String srcText = argv[2]; + if(srcText[0] == '#' && srcText[srcText.length() - 1] == '#') //handle mov addr, #DATA# { - dprintf("invalid src \"%s\"\n", argv[2]); - return STATUS_ERROR; - } - bool isvar = false; - uint temp = 0; - valfromstring(argv[1], &temp, true, false, 0, &isvar, 0); - if(!isvar) - isvar = vargettype(argv[1], 0); - if(!isvar or !valtostring(argv[1], &set_value, true)) - { - uint value; - if(valfromstring(argv[1], &value)) //if the var is a value already it's an invalid destination + //do some checks on the data + String dataText = srcText.substr(1, srcText.length() - 2); + int len = (int)dataText.length(); + if(len % 2) { - dprintf("invalid dest \"%s\"\n", argv[1]); + dprintf("invalid hex string \"%s\" (length not divisible by 2)\n"); return STATUS_ERROR; } - varnew(argv[1], set_value, VAR_USER); + for(int i = 0; i < len; i++) + { + if(!isxdigit(dataText[i])) + { + dprintf("invalid hex string \"%s\" (contains invalid characters)\n", dataText.c_str()); + return STATUS_ERROR; + } + } + //Check the destination + uint dest; + if(!valfromstring(argv[1], &dest) || !memisvalidreadptr(fdProcessInfo->hProcess, dest)) + { + dprintf("invalid destination \"%s\"\n", argv[1]); + return STATUS_ERROR; + } + //Convert text to byte array (very ugly) + Memory data(len / 2); + for(int i = 0, j = 0; i < len; i += 2, j++) + { + char b[3] = ""; + b[0] = dataText[i]; + b[1] = dataText[i + 1]; + int res = 0; + sscanf_s(b, "%X", &res); + data[j] = res; + } + //Move data to destination + if(!memwrite(fdProcessInfo->hProcess, (void*)dest, data, data.size(), 0)) + { + dprintf("failed to write to "fhex"\n", dest); + return STATUS_ERROR; + } + GuiUpdateAllViews(); //refresh disassembly/dump/etc + return STATUS_CONTINUE; + } + else + { + uint set_value = 0; + if(!valfromstring(srcText.c_str(), &set_value)) + { + dprintf("invalid src \"%s\"\n", argv[2]); + return STATUS_ERROR; + } + bool isvar = false; + uint temp = 0; + valfromstring(argv[1], &temp, true, false, 0, &isvar, 0); + if(!isvar) + isvar = vargettype(argv[1], 0); + if(!isvar or !valtostring(argv[1], &set_value, true)) + { + uint value; + if(valfromstring(argv[1], &value)) //if the var is a value already it's an invalid destination + { + dprintf("invalid dest \"%s\"\n", argv[1]); + return STATUS_ERROR; + } + varnew(argv[1], set_value, VAR_USER); + } } return STATUS_CONTINUE; } From 5230ba354312c4da5d508c222ca3a427850976fa Mon Sep 17 00:00:00 2001 From: "Mr. eXoDia" Date: Fri, 12 Dec 2014 17:08:49 +0100 Subject: [PATCH 18/18] DBG: some small code fixes --- x64_dbg_dbg/instruction.cpp | 2 +- x64_dbg_dbg/simplescript.cpp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/x64_dbg_dbg/instruction.cpp b/x64_dbg_dbg/instruction.cpp index f931567d..e9851a13 100644 --- a/x64_dbg_dbg/instruction.cpp +++ b/x64_dbg_dbg/instruction.cpp @@ -1006,7 +1006,7 @@ CMDRESULT cbInstrGetstr(int argc, char* argv[]) dprintf("failed to get variable data \"%s\"!\n", argv[1]); return STATUS_ERROR; } - dprintf("%s=\"%s\"\n", argv[1], string); + dprintf("%s=\"%s\"\n", argv[1], string()); return STATUS_CONTINUE; } diff --git a/x64_dbg_dbg/simplescript.cpp b/x64_dbg_dbg/simplescript.cpp index a722a277..b28837b1 100644 --- a/x64_dbg_dbg/simplescript.cpp +++ b/x64_dbg_dbg/simplescript.cpp @@ -163,7 +163,7 @@ static bool scriptcreatelinemap(const char* filename) } int rawlen = (int)strlen(cur.raw); - if(!strlen(cur.raw)) //empty + if(!rawlen) //empty { cur.type = lineempty; }