Duncan Ogilvie
249d5382c1
DBG: update patterntransform to reject invalid patterns
2019-09-01 15:44:28 +02:00
Duncan Ogilvie
d50675ca02
DBG: fix some edge cases with page protections in the memory map
2019-08-23 00:48:20 +02:00
Duncan Ogilvie
2c37afcc9e
DBG: truncate copy data in DISASM_INSTR
...
closes #2028
2019-08-23 00:48:19 +02:00
Duncan Ogilvie
d6b27324f4
DBG: fix bugfix
...
closes #2206
2019-08-22 17:50:30 +02:00
Duncan Ogilvie
bbc93a9426
DBG: improve symbol handling
2019-08-22 17:21:37 +02:00
Duncan Ogilvie
c6e3441819
GUI: don't follow patch in disasm and dump when toggling
2019-08-22 11:33:04 +02:00
Duncan Ogilvie
7212e853fb
DBG: better heuristics for detecting the debuggee did not terminate after 10 seconds
2019-08-19 15:39:13 +02:00
Duncan Ogilvie
8a07bd2d7e
DBG+GUI: implement auto completion for exports in goto dialog
...
closes #1987
2019-08-17 17:38:58 +02:00
Duncan Ogilvie
593b5f1752
DBG: fix out of bounds access in valapifromstring
...
closes #2190
2019-08-17 16:30:23 +02:00
Duncan Ogilvie
de2d930d8f
DBG+GUI: add transparent exception stepping option
2019-08-17 12:19:08 +02:00
3bad6cb6dc
GUI: Added Implemented color (orange/cyan) directional differentiation for sidebar jumps.
...
Existing configurations will use their color for forwards, and orange for backwards.
2019-08-11 10:33:31 +02:00
Duncan Ogilvie
60e1dff147
DBG: fix signature verification for PDB v2.0 and improve symbol log
...
closes #2193
2019-08-09 20:55:59 +02:00
Duncan Ogilvie
f57d69f91e
GUI: add a timer to SearchListView to properly deal with millions of entries
2019-07-02 15:57:21 +02:00
Duncan Ogilvie
ab9f2d2f80
GUI: fixed some minor undefined behavior
2019-07-02 14:56:05 +02:00
Duncan Ogilvie
021ea4f743
GUI: properly encapsulate mSearchBox in SearchListView
2019-07-02 14:55:01 +02:00
Duncan Ogilvie
bf413de6de
GUI: better sorting behavior in the HandlesView
...
closes #2195
2019-06-26 20:25:47 +02:00
Duncan Ogilvie
d17852b63b
DBG: fix a weird bug where dll breakpoints could not be deleted in certain cases
2019-06-25 21:17:45 +02:00
Duncan Ogilvie
0b7d840b60
DBG+BRIDGE+GUI: fix bugs and add Graph+Memory Map+Symbol Module plugin menus
2019-06-22 16:44:45 +02:00
Duncan Ogilvie
fc9f9a52fd
BRIDGE+GUI: GuiExecuteOnGuiThreadEx
2019-06-22 15:05:59 +02:00
Duncan Ogilvie
3dc120d623
GUI: refactor BridgeResult and fix a bunch of bugs in the process
2019-06-22 13:29:27 +02:00
Duncan Ogilvie
c345647e85
DBG: allow plugstop to indicate FreeLibrary should not be called
2019-06-22 13:22:58 +02:00
Duncan Ogilvie
7114c71fe3
DBG: trim debug strings before showing them
2019-06-22 13:22:29 +02:00
Duncan Ogilvie
3c5a1ad13a
DBG: fix _plugin_menuentrysetvisible
2019-06-21 16:39:03 +02:00
Duncan Ogilvie
17d8f8ea45
GUI: remove snowman
2019-06-21 16:38:12 +02:00
Duncan Ogilvie
bb2a369ce8
DBG: add colors and column to indicate symbol load status
...
closes #2185
2019-06-19 00:12:43 +02:00
Duncan Ogilvie
cc30f105de
DBG: implement DbgFunctions()->ModSymbolStatus
2019-06-19 00:12:43 +02:00
Duncan Ogilvie
80d84e7108
DBG: implement symunload command
2019-06-19 00:12:38 +02:00
Duncan Ogilvie
d969087bed
GUI: refactor StdSearchListView to allow passing a custom StdTableSearchList
2019-06-19 00:12:32 +02:00
Duncan Ogilvie
34318e3f7e
GUI: introduce AbstractTableView::getCellColor
2019-06-19 00:12:32 +02:00
Duncan Ogilvie
728f0eaa8d
DBG: fix various issues pointed out by Visual Studio code analysis
2019-06-19 00:12:31 +02:00
Duncan Ogilvie
d62f7f431c
disable warnings for dbghelp.h
2019-06-19 00:12:31 +02:00
32c8e33c64
Removed backtab key substitution
...
Fixing issue #2176
2019-06-16 14:03:25 +02:00
Duncan Ogilvie
0a77a1cb00
DBG: add expression functions for exception information
2019-06-13 13:17:15 +02:00
Duncan Ogilvie
1e075142a5
DBG: add symload command to manually load a PDB
2019-06-12 16:51:19 +02:00
Duncan Ogilvie
4ce5b0baec
Fix other minor things
2019-05-19 18:09:34 +02:00
23968f11d9
Iterating QMap with ranged for. Inlined renderShortcuts. Save button now has default focus
...
Using ranged for instead of iterators.
Inlined renderShortcuts since it was used only once
Adjusted layout of shortcuts Ui
2019-05-19 18:09:34 +02:00
59ddfa63a8
Added action filter box
...
Added shortcut copyline
Added shortcut binding for copyline
2019-05-19 18:09:34 +02:00
72d76bb9bc
Add GetExports and GetImports to the module scripting API.
2019-05-09 20:46:13 +02:00
4273fce56e
Fix export name is not parsed correctly
2019-05-09 20:45:04 +02:00
Duncan Ogilvie
dcbe4e17c9
GUI: save script type when restarting
2019-05-02 15:29:18 +02:00
Duncan Ogilvie
b244c8177f
DBG: removed sortedlru
...
closes #2124
2019-04-30 15:27:47 +02:00
Duncan Ogilvie
c664ad1b4a
DBG: add dis.iscallsystem expression function
2019-04-30 15:05:36 +02:00
Duncan Ogilvie
2cbafa369d
DBG: add mod.isexport expression function
2019-04-30 15:05:36 +02:00
Duncan Ogilvie
4c08468c46
GUI: update the source view if the disassembly updates
2019-04-29 01:43:21 +02:00
Duncan Ogilvie
1c023053ca
GUI: rename repaintGui signal to updateDisassembly
2019-04-29 01:43:21 +02:00
36741fdaf8
Fix ThreadGetSuspendCount if the suspend count limit is reached
...
Use a better method of querying the suspend count on Windows >= 8.1 that doesn't involve suspending and resuming
2019-04-28 21:24:59 +02:00
1874da8657
Fix export name parsing
2019-04-28 16:40:21 +02:00
Duncan Ogilvie
425a531535
DBG: fix use after free derp
...
closes #2149
2019-04-22 11:45:38 +02:00
ed5d085fa3
Fix compilation in VS2019
2019-04-17 19:34:00 +02:00
Duncan Ogilvie
1d9df16898
DBG: fix missing module name in symbol log and implement source mapping
2019-04-17 19:30:59 +02:00
Duncan Ogilvie
d13b2eefe1
GUI: better handling of xbegin tokenizing
2019-04-17 18:10:19 +02:00
Duncan Ogilvie
6bc16f8bac
PROJECT: remove and ignore vcxproj.user files
2019-04-12 17:51:56 +02:00
Duncan Ogilvie
51f53ee886
GUI: implement all the missing SourceView features from before
2019-04-12 17:50:38 +02:00
Duncan Ogilvie
4af8ff6174
DBG: (performance) improvements to SymbolSourceDIA
2019-04-12 16:51:37 +02:00
Duncan Ogilvie
9b602ee27b
GUI: setup copy menu for SourceView
2019-04-09 15:51:46 +02:00
Duncan Ogilvie
2a3bc1d667
GUI: implement \t correctly in SourceView
2019-04-09 15:51:46 +02:00
Duncan Ogilvie
deef25ba42
GUI: implement follow in disassembler + go to line in SourceView
2019-04-09 15:51:45 +02:00
Duncan Ogilvie
61020f7701
GUI: rewrite SourceView to work on 2gb+ files
2019-04-09 15:51:45 +02:00
Duncan Ogilvie
b67b5ebb23
GUI: improve TraceFileSearch (now also searches r8-r15 on x64)
2019-04-09 15:51:45 +02:00
Duncan Ogilvie
3b8469ba55
DBG: print rex info in Zydis command
2019-04-09 15:47:22 +02:00
Duncan Ogilvie
386e242645
DBG+GUI: removed yara
2019-04-06 13:18:16 +02:00
Duncan Ogilvie
7d727d014d
GUI: remove entropy view
2019-04-06 13:18:10 +02:00
Duncan Ogilvie
41978f961c
DBG: show full command line near 'Process Started' log entry
2019-04-06 12:40:51 +02:00
Duncan Ogilvie
ee411b0c30
DBG: some more improvements to safely reading the PE info
2019-04-06 12:40:50 +02:00
6f60175506
Fix a minor problem with trace browser ( #2138 )
2019-03-28 21:53:05 +08:00
f3e0a4e1e1
Scroll to keep selected register in view
2019-03-22 12:54:03 +01:00
21d03ce395
Clean up control flow of arrow key logic
2019-03-22 12:54:03 +01:00
8253a842e4
Add arrow key movements for x64 registers
2019-03-22 12:54:03 +01:00
54bd25be73
Add arrow key movements for remaining FPU registers
2019-03-22 12:54:03 +01:00
9d1c72fd4b
Arrow key movements for middle group of FPU registers
2019-03-22 12:54:03 +01:00
c669c3491f
Add arrow key movements for first set of FPU registers
2019-03-22 12:54:03 +01:00
115b90db35
Add arrow movements for rest of non-FPU registers
2019-03-22 12:54:03 +01:00
2815ca25b0
Add arrow key movements for flag registers
2019-03-22 12:54:03 +01:00
02129b5942
Account for up/down keys in register view
2019-03-22 12:54:03 +01:00
39880b1892
Add ability to move between general purpose registers with arrow keys
2019-03-22 12:54:03 +01:00
e68720777d
Add struct and map for relative register positions
2019-03-22 12:54:03 +01:00
6e18613e37
DBG: ReadExportDirectory: put upper bound on the number of imports
2019-03-17 19:46:33 +01:00
e38adf1265
DBG: AddressOfNameOrdinals is WORD[], not DWORD[]
2019-03-17 19:46:33 +01:00
c54c96816e
DBG: ReadExportDirectory: do bounds checks on all export dir entries before indexing into arrays
...
Fixes #2105 (second case/malware sample)
2019-03-17 19:46:33 +01:00
e36779d7a4
DBG: more robust validation of PE directory sizes
2019-03-17 19:46:33 +01:00
c325ccd2cd
Graph breakpoints fix ( #2137 )
...
* graph breakpoints fix
* removed "beta"
2019-03-07 21:59:07 +01:00
62c6d40725
zoom overview fix
2019-03-05 23:03:45 +01:00
435b208427
Fix filename bug in patch menu
2019-03-05 23:01:11 +01:00
Duncan Ogilvie
7d53b1ae08
DBG: fix potential crashes in GetModuleInfo
2019-01-20 22:41:26 +01:00
Duncan Ogilvie
661360bc68
GUI: fix duplicate &p in PatchDialog
2019-01-20 20:45:58 +01:00
Duncan Ogilvie
9f5ce5041d
DBG: fix a mistake in MemUpdateMap
...
closes #2101
2019-01-20 20:45:47 +01:00
Duncan Ogilvie
85e96353cb
DBG+BRIDGE+GUI: put in the title whether x64dbg is elevated or not
2019-01-20 20:43:39 +01:00
Duncan Ogilvie
223ea586bb
DBG: add some more helpful format functions
...
ascii, ansi, utf8, utf16, disasm, modname
2019-01-10 23:54:31 +01:00
Duncan Ogilvie
d04288cbc1
DBG: improve performance of MemoryMapUpdate
2019-01-10 23:45:24 +01:00
Duncan Ogilvie
e5e96f7cbb
DBG: analyze all xrefs in the module with XrefsAnalysis
2019-01-10 23:44:51 +01:00
Duncan Ogilvie
cc15cdec9f
DBG: correctly handle executables with entry points inside the MZ header
...
closes #1994
2019-01-10 23:44:07 +01:00
Duncan Ogilvie
f1fbfd98b3
DBG: don't use CreateProcessInfo->lpStartAddress because it is broken
...
closes #2099
2019-01-10 23:43:05 +01:00
Duncan Ogilvie
98d38d94cb
GUI: fix warnings in DisassemblerGraphView
2018-12-28 16:58:14 +01:00
Duncan Ogilvie
8cf227624f
GUI: fix qword memory operand info in x32dbg
2018-12-28 16:56:47 +01:00
e5c838c276
opcode grouping in trace view
2018-11-27 12:14:07 +01:00
24e71e86ee
fix graph reopen bug ( #2083 )
2018-11-27 12:11:31 +01:00
Duncan Ogilvie
688e2ccc04
DBG+GUI: AStyle
2018-11-18 15:50:13 +01:00
Duncan Ogilvie
418541e46e
DBG: improve the skipInt3Stepping feature to work for long int3 instructions
2018-11-18 15:49:43 +01:00
Duncan Ogilvie
49f5780935
GUI: only show logging enabled/disabled in status bar
2018-11-18 15:29:10 +01:00
edbaedb47b
Graph zoom mode feature ( #2068 )
...
Graph zoom mode feature
2018-11-18 15:21:32 +01:00
1e9bf1ab7c
DBG: Fix mapped area overrun in ReadDebugDirectory for bogus debugDirSize
2018-11-18 15:20:38 +01:00
0adb663a91
Fixed Symbol::GetList() for symbols without undecorated name
...
* Such symbols have "" instead of nullptr in SYMBOLINFO.undecoratedSymbol
* This fix greatly improves Snowman's decompiled results, example: comctl32!ListBox_SetCurSelHandler
2018-11-13 12:10:36 +01:00
836a544287
Run "AStyleWhore"
2018-11-13 10:01:22 +08:00
5162450ff3
Fix yara crash when used with a single argument
2018-11-04 23:14:31 +01:00
50580782e2
GUI: fix merge error in Disassembly.cpp
2018-11-04 23:14:04 +01:00
806e09671c
Remove Zydis-Capstone diff logic comment block
2018-11-04 23:14:04 +01:00
4ae573d620
Remove capstone references from zydis_wrapper
2018-11-04 23:14:04 +01:00
a3b5812908
GUI: rename CapstoneTokenizer to ZydisTokenizer
2018-11-04 23:14:04 +01:00
c7107374d2
DBG: remove capstone references
2018-11-04 23:14:04 +01:00
eef5d07c30
GUI: fix negative zero floating point display ( #2058 )
...
* GUI: make StringUtil void* buffer functions const-correct
* GUI: add precision support to ToFloatString and ToDoubleString
* GUI: fix -0.0 float display by converting with STL instead of QString::number
2018-11-02 15:35:13 +00:00
de678aec21
Fixed incorrect error message when memory could not be allocated
2018-11-02 15:31:14 +00:00
60c54ea83a
Fixed incorrect comparator used in sorting xrefs
...
* With old comparator, items {1, 2} and {2, 1} were "less" then each other. This will cause them to sort randomly.
2018-11-02 15:29:34 +00:00
0c87d87fe6
DBG: fix getting raw int value for float typed watch points
2018-10-31 12:39:00 +01:00
e0052d6b2b
ZYDIS: Use ZydisOperandAction as an enum instead of a flag
2018-10-31 12:38:40 +01:00
0065f204a3
Add DLL ordinal to symbol table and fix symbol table comparator
2018-10-31 12:38:00 +01:00
5a4f15e9f5
DBG: add OptionalHeader.AddressOfEntryPoint to the displayed symbols
2018-10-31 12:37:48 +01:00
Duncan Ogilvie
fba7af6bcd
Merge branch 'torusrxxx-patch00000092' into development
2018-10-29 13:38:56 +01:00
Duncan Ogilvie
744ccc5305
GUI: change bNoDisassemblyPopup to bDisassemblyPopupEnabled for clarity
2018-10-29 13:36:35 +01:00
d316405f11
Fixed uninitialized var with opcode grouping
2018-10-24 18:54:26 +08:00
25b154b2cf
Use Bridge clipboard funcs instead of QClipboard for status bar msg
2018-10-17 12:09:53 +08:00
Duncan Ogilvie
49fe03c643
GUI: remove pointless "to clipboard" part in RegistersView
2018-10-16 18:17:13 +02:00
Duncan Ogilvie
98e509bb78
GUI: fix really triggering misalignment of the comments column in TraceBrowser
2018-10-16 18:17:13 +02:00
be8dfaeeb4
Add clear log hotkey (Ctrl+L)
2018-10-16 18:15:59 +02:00
ba7915057d
Set FPU registers to one/zero
2018-10-16 18:15:01 +02:00
5669e13485
temporary
2018-10-16 18:15:01 +02:00
ae9bf8c49e
st(X) can be edited
2018-10-16 18:15:01 +02:00
f5395cb318
Added x87stX register names and menu action to switch ordering
2018-10-16 18:15:01 +02:00
8c6a9e5fed
remove some signal slots about SIMD display mode
2018-10-16 18:15:01 +02:00
788ecf240d
Use integer index for register names
2018-10-16 18:15:01 +02:00
9d585036b9
Don't use Qt wheel scrolling
2018-10-13 21:02:54 +08:00
64db2ce66b
No popups for some views
2018-10-13 17:13:00 +08:00
594319a654
Refactored old disassembly popup in CPUDisassembly
2018-10-13 16:56:19 +08:00
707cd444ae
Moved disassembly popup to AbstractTableView and added its support in StdTable
2018-10-13 16:36:05 +08:00
753ecd3ba5
FIXED: uninitialized variable was used for height calculation and caused negative height value (registers view)
2018-10-12 22:47:20 +02:00
6705ce1af3
Disassembly popup in references
2018-10-12 23:09:36 +08:00
cf1498786c
Merge branch 'development' into patch00000092
2018-10-12 20:50:28 +08:00
28211215e7
FIXED: setting up the auto-follow context menu entry
2018-10-11 14:23:45 +00:00
94fcc52734
support copy individual x87 registers
2018-10-10 15:53:22 +02:00
d149f6d794
Do not leave empty or corrupt PDBs in the store if a download failed. Fixes a crash in LoadDataFromIStream in MS DIA 14.15
2018-10-10 15:50:40 +02:00
a406a8e3df
GUI: Fix build for latest Qt
2018-10-10 15:50:22 +02:00
cf763adc18
CHANGED: renamed toggleAutoDisassemblyFollowSelectionSlot() to follow given convention
2018-10-10 15:48:39 +02:00
69db4494cd
ADDED: trace file can now auto-scroll the disassembly view to current selection
2018-10-10 15:48:39 +02:00
Duncan Ogilvie
da69e828ea
DBG: improve memory usage and performance with line numbers
2018-10-10 15:45:32 +02:00
Duncan Ogilvie
25a67b778e
DBG: fix buffer overflow and assert when tracing fxsave or invalid instructions
2018-10-10 15:44:37 +02:00
Duncan Ogilvie
22861d69e5
Add some analysis for exceptions containing FACILITY_VISUALCPP in exinfo
2018-10-10 15:44:37 +02:00
Duncan Ogilvie
b1188c3c04
DBG: fix crash in stackgetsuspectedcallstack when CSP is not pointing to valid memory
2018-10-10 15:44:37 +02:00
Duncan Ogilvie
521195eea9
DBG: small refactor for SymAutoComplete
2018-10-10 15:44:37 +02:00
Duncan Ogilvie
d7f1dadb52
DBG: exclude some invalid imports + give ordinal imports a name
2018-10-10 15:44:37 +02:00
Duncan Ogilvie
70cfec4094
DBG: add (undocumented) option to force load PDB
2018-10-10 15:44:37 +02:00
03f596c162
Stricter ordinal name check
2018-10-09 11:20:55 +08:00
Duncan Ogilvie
da913f7cdc
DBG: fix a possible crash in disasmget
2018-09-13 12:56:10 +02:00
Duncan Ogilvie
09fe1e379d
BRIDGE: fix incorrect message being sent in some GuiMenuXXX functions
...
closes #2027
2018-09-13 12:56:10 +02:00
Duncan Ogilvie
7aab39f8e1
Revert "DBG: do not step if there is an enable breakpoint at CIP"
...
This reverts commit 9804400df6
2018-09-02 00:53:05 +02:00
863f83df49
improve nop detection
2018-08-28 18:30:15 +02:00
d4ec06f6de
Fixed a crash when tracing into far jump
2018-08-21 17:04:36 +02:00
c29eba9d35
no errors anymore
2018-08-21 17:04:25 +02:00
b3b7ceef3e
Stop tracing when closing trace file
2018-08-21 17:04:25 +02:00
c5830e5c26
close and delete trace file
2018-08-21 17:04:25 +02:00
f6216e2102
Add ctrl/alt modifiers to dump
2018-08-12 18:44:50 +08:00
a4756fe804
slight changes of registers view key press event
2018-08-08 11:18:11 +08:00
ea3943cf0a
const functions
2018-08-07 20:57:24 +08:00
0baa39c207
Use keys to select in dump
2018-08-07 17:31:40 +08:00
Duncan Ogilvie
7526b7e482
DBG: update TitanEngine
2018-07-19 16:44:44 +02:00
Duncan Ogilvie
1d510d61db
DBG+GUI: update Zydis to fix a crash when disassembling certain instructions
2018-07-15 19:15:02 +02:00
Duncan Ogilvie
f042e81a28
LAUNCHER: clean up command line handling and allow the launcher as JIT debugger
2018-07-15 19:14:31 +02:00
Duncan Ogilvie
bbf2dc296a
LAUNCHER: fix a bug in forwarding of the command line parameters
...
closes #1918
2018-07-15 19:13:45 +02:00
Duncan Ogilvie
62b6be97e0
DBG: allow the "-p PID -e EVENT" command line for JIT debugging
2018-07-15 19:11:52 +02:00
Duncan Ogilvie
681eb3e2c8
GUI: fix a crash in the CPUSideBar
2018-07-14 20:48:02 +02:00
d09e89687a
Allow folding a function when first instruction is selected. Add code fold box tooltip.
2018-07-05 02:44:14 +02:00
91924de32f
Really copy bytes HTML
2018-07-05 02:44:14 +02:00
8ab605b7f6
Input NaN & Inf into FPU registers
2018-07-05 02:44:14 +02:00
Duncan Ogilvie
fa82c80c51
DBG: temporary fix for AutoPatchExporter
2018-07-05 02:41:18 +02:00
Duncan Ogilvie
bcb1df389c
DBG: include DIA in deps
2018-07-05 02:41:09 +02:00
Duncan Ogilvie
d7eac4598d
DBG: better error messages in PDBDiaFile::open
2018-07-05 02:39:58 +02:00
Duncan Ogilvie
144dbd4c2f
DBG: undecorate import/export names
2018-07-04 17:12:37 +02:00
Duncan Ogilvie
9804400df6
DBG: do not step if there is an enable breakpoint at CIP
...
closes #1721
2018-07-01 19:28:08 +02:00
Duncan Ogilvie
7bde267620
GUI: allow collapsing the side bar
2018-07-01 19:28:07 +02:00
Duncan Ogilvie
e5467cf966
DBG: correctly update module list when changing module type
2018-07-01 19:28:07 +02:00
Duncan Ogilvie
0c8956f480
DBG+GUI: disable source debugging per default
2018-07-01 19:28:07 +02:00
Duncan Ogilvie
32b400b834
GUI: correctly show address column in search list view
2018-07-01 19:28:07 +02:00
Duncan Ogilvie
8c169ae2ed
DBG+BRIDGE+GUI: fix source loading
2018-07-01 19:28:06 +02:00
Duncan Ogilvie
b63402066b
DBG: implement findSourceLineInfo by fileName + line in symbol source
2018-07-01 19:28:06 +02:00
Duncan Ogilvie
47d6efb59e
DBG: do not fully escape debug strings
2018-07-01 19:28:06 +02:00
Duncan Ogilvie
b8ae4b1496
DBG: invalidate symbol source when MODINFO is destroyed
2018-07-01 19:28:06 +02:00
Duncan Ogilvie
d70ed83a72
DBG: fix a bug in getLabel where jmp [MessageBoxA] would not be recognized correctly
2018-07-01 19:28:06 +02:00
Duncan Ogilvie
df31f0da45
DBG: change symbol load order + add debuggee.pdb to the search list
2018-07-01 19:28:05 +02:00
Duncan Ogilvie
4098dc8fb2
DBG: finally fix the handle leak in PDBDiaFile
2018-07-01 19:28:05 +02:00
Duncan Ogilvie
34279ebf08
GUI: fix performance bottleneck with Qt signals
2018-07-01 19:28:04 +02:00
Duncan Ogilvie
8af904fad6
DBG: fix assert in debug mode on pluginunloadall
2018-07-01 19:28:04 +02:00
Duncan Ogilvie
0bf7bd10ef
GUI: fix ReferenceView signals not being called correctly
2018-07-01 19:28:04 +02:00
Duncan Ogilvie
9e68ea3900
DBG: only store file hash in database if there is other data as well
2018-07-01 19:28:03 +02:00
Duncan Ogilvie
7d1afa0940
DBG+GUI: change layout of window title to be more helpful in the task bar
2018-07-01 19:28:03 +02:00
Duncan Ogilvie
05378fabb2
GUI: add copy header VA to disassembly menu
2018-07-01 19:28:03 +02:00
Duncan Ogilvie
2665df4eb3
DBG: added mod.headerva expression function
2018-07-01 19:28:03 +02:00
Duncan Ogilvie
87c3238de8
DBG (WIP): set up DIA file stream for profiling of a handle leak
2018-07-01 19:28:03 +02:00
Duncan Ogilvie
408b6eeff9
GUI: don't filter symbol list when not necessary
2018-07-01 19:28:02 +02:00
Duncan Ogilvie
62cd2bb915
BRIDGE: fix truncation crash in DbgGetLabelAt
2018-07-01 19:28:02 +02:00
Duncan Ogilvie
d79586d02b
DBG: fix a crash in the Cleanup in downslib
2018-07-01 19:28:02 +02:00
Duncan Ogilvie
70b3149599
WIP: new symbol gui mostly working
2018-07-01 19:28:02 +02:00
0bb2efcb2c
Improve performance and crash resistance when loading PE files containing 1000 or more sections. Tested on https://github.com/corkami/pocs/blob/master/PE/bin/65535sects.exe . Technically performance was already very good, but that was only due to crashing instantly
2018-07-01 19:28:01 +02:00
f515484790
ReadBaseRelocationTable() refactor. Is it better now? Dunno really. This method may be slightly easier to use with both SEC_COMMIT and SEC_IMAGE mappings in the future if needed, but in the end they pretty much do the same thing. At least some more TitanEngine calls were killed off so that's something I suppose
...
Replaced dark and brooding "..."s in error messages with exclamation marks to better emphasise that this stuff is serious
2018-07-01 19:28:01 +02:00
1f485f313e
DBG: more robust debug directory parsing. Validate the RVA, type and size bounds for each debug directory entry, and do not stop after the one unrecognised (non-CV) entry
...
Protect against PDB paths that do not have a null terminator in the PE codeview info
2018-07-01 19:28:01 +02:00
Duncan Ogilvie
14da6c4448
DBG: clean up downslib
2018-07-01 19:28:00 +02:00
6df9535ba4
Rewrite ReadTlsCallbacks() to use RtlImageDirectoryEntryToData and remove all TitanEngine calls. Also fix an anti-debug trick I found by accident: it is possible to have working TLS callbacks with a TLS directory size of 0. The loader does not check this field and always executes callbacks if they exist
2018-07-01 19:28:00 +02:00
28c03967c7
RvaToVa(): use SizeOfRawData instead of VirtualSize as the upper bound on section RVAs. This matches the behaviour of RtlImageRvaToSection for SEC_COMMIT mappings
2018-07-01 19:28:00 +02:00
a4638d2ea9
DBG: misc. changes and fixes in SymbolSourceDIA:
...
- Rename SetThreadDescription to SetWin10ThreadDescription, to clarify that this function isn't actually useful to anyone. (ha ha, OK... but seriously, the same name is also used by the Windows SDK which apparently takes precedence and gets added as a static import, making it impossible to start the debugger on OSes other than Windows 10)
- Thread names are a good idea and they even kind of work on older Windows versions with NtQueryInformationThread(ThreadQuerySetWin32StartAddress), which is what e.g. Process Explorer and Process Hacker use. What *doesn't* work so well is lambdas. Added static functions SymbolsThread() and SourceLinesThread() to replace these. (before: x64dbg.dll!<lambda_fc00d3fb731b14a9b4857ac068d657c4>::<lambda_invoker_cdecl>. after: x64dbg.dll!SymbolSourceDIA::SymbolsThread). These should probably be file statics instead of class members, but they need access to private class functions
- GetModuleHandleA -> GetModuleHandleW. The former just calls the latter but with an extra string allocation and pointless unicode conversion
- Fix pedantic Clang warnings about member initialization order in ctor
- Qualify type name in call to virtual function in destructor, as this will be statically resolved and won't call any potential future implementations in derived classes (this can be further 'fixed' by making either the function or the class final so you'll get a compile time error if you try to do this later)
2018-07-01 19:28:00 +02:00
9b0f9b5c59
Add clarifying comment/TODO re: invalid RVAs to ReadExportDirectory(). Don't feed your .avi collection to this function just yet
2018-07-01 19:28:00 +02:00
a94c250c5d
[DBG] Rewrite ReadImportDirectory()
...
- Obtain the directory directly using RtlImageDirectoryEntryToData and ditch TitanEngine conversion helpers
- Use OFTs instead of FTs if possible, with FTs only as fallback
- Answer the pop quiz questions in comments re: ntdll loader behaviour and handle these cases appropriately
- Use THUNK_VAL() to obtain OFT/FT values independent of process and file bitness
- Always use ULONG64 for AddressOfData to be able to test for IMAGE_ORDINAL_FLAG64. Also return ULONG64 from RvaToVa(), and rva2offset too as a result of this. This makes these functions compatible with both 32 and 64 bit files regardless of process bitness. There shouldn't be any functional changes due to this, otherwise will revert/fix
- Require an import by name to have a non-null name in addition to not having the ordinal flag set. Otherwise treat it as an import by ordinal
- The ordinal value of an import by ordinal is obtained by (val & 0xffff), not (val &= ~ordinalFlag). The ordinal flag is now always removed to ensure the RVA is valid
- Give imports by ordinal a 'name' the same way dbghelp does, e.g. Ordinal57. Previously imports by ordinal were not being shown in the Symbols tab due to having no name. TODO: if we have the PDB for the file being imported from, we can overwrite or append the real function name later using the importee's export directory
- RvaToVa(): assert that RVA 0 always returns VA 0, because if this isn't the case something is seriously messed up
2018-07-01 19:27:59 +02:00
5ad21c69ee
- ReadDebugDirectory(): add about 20 years worth of missing debug directory type names
...
- symbolsourcedia.h: Add _global.h #include to prevent various macros like WINVER and _WIN32_WINNT from being redefined because Windows.h was indirectly included first
2018-07-01 19:27:59 +02:00
fc9285ed2e
[DBG] Work on modinfo improvements:
...
- Add ImageNtHeaders() (clone of RtlImageNtHeaderEx which doesn't exist on XP) to obtain PE headers given a VA
- Add HEADER_FIELD() and THUNK_VAL() macros to module.h to allow accessing header fields independent of process and file bitness
- Add IMAGE_NT_HEADERS pointer to MODINFO, since anything related to parsing PEs needs this struct
- Read PE headers in GetModuleInfo(). Currently the headers are being parsed every time a TitanEngine helper function is called, the goal is to reduce this to once per module load
- GetModuleInfo(): eliminate all TitanEngine calls now that we have the headers
- Add RvaToVa() for SEC_COMMIT mappings. This can simultaneously serve as replacement for rva2offset helpers (pass base = 0). Preferably SEC_IMAGE should be used though as that way neither of these would be needed
- ReadExportDirectory(): use RtlImageDirectoryEntryToData() to obtain a PIMAGE_EXPORT_DIRECTORY and its size in one go to eliminate TitanEngine helper calls and RVA to offset conversions
- Answer burning questions re: Windows loader behaviour when parsing exports in comments
- (Minor) fix '>= 0' comparison against unsigned as this will always evaluate to true
- Add comment re: PDB search path order since it's wrong atm but I'm too scared of breaking something if I change this code myself
2018-07-01 19:27:59 +02:00
Duncan Ogilvie
013cd1e5f7
DBG: dont copy MODINFO and MODIMPORT/MODEXPORT structures
2018-07-01 19:27:59 +02:00
Duncan Ogilvie
4e88b399fe
Update DIA to 14.13.26128.0 + XP support
2018-07-01 19:27:58 +02:00
Duncan Ogilvie
aa8a215895
DBG: use win32 threads instead of std::thread
2018-07-01 19:27:58 +02:00
72ccf42298
Fix too early stream deletion.
2018-07-01 19:27:58 +02:00
cad8aed97d
Refactor PDB data loading via IStream, explicit file access.
2018-07-01 19:27:58 +02:00
c8af1f9144
Use correct PDBDiaFile instance.
2018-07-01 19:27:57 +02:00
Duncan Ogilvie
45b49995f3
DBG: fall back to resolving modules exports when no symbol is found
2018-07-01 19:27:57 +02:00
Duncan Ogilvie
73a5ffebd9
DBG: use export/import data from modules instead of from memory
2018-07-01 19:27:57 +02:00
Duncan Ogilvie
476bc093bc
DBG: add export and import parsing routines in module.cpp
...
#580
2018-07-01 19:27:57 +02:00
Duncan Ogilvie
bee62fbbf0
DBG: add missing locks for ModInfoFromAddr
2018-07-01 19:27:56 +02:00
Duncan Ogilvie
a2c52260f7
DBG: remove unused imports field from MODINFO
2018-07-01 19:27:56 +02:00
Duncan Ogilvie
4fa1b9a2a1
DBG: fix a buffer overflow in the symbol autocomplete function
2018-07-01 19:27:56 +02:00
0cbf519e66
Fix undecorated name being uninitialized.
2018-07-01 19:27:56 +02:00
Duncan Ogilvie
d5ae04dce4
DBG: fully implement symdownload command without dbghelp usage
2018-07-01 19:27:56 +02:00
Duncan Ogilvie
ff11a39533
DBG: attempt to load symbols from multiple locations
2018-07-01 19:27:55 +02:00
Duncan Ogilvie
637815b63d
DBG: symdownload now works without dbghelp
2018-07-01 19:27:55 +02:00
Duncan Ogilvie
ba6ad4cefc
DBG: initial version of Wininet download library
2018-07-01 19:27:55 +02:00
Duncan Ogilvie
3ab836225f
DBG: remove some useless dbghelp calls
2018-07-01 19:27:55 +02:00
Duncan Ogilvie
66017a7442
DBG: refactor SymbolInfo to use VA instead of RVA
2018-07-01 19:27:54 +02:00
Duncan Ogilvie
ffc168f44d
DBG: rename SymbolSourcePDB to SymbolSourceDIA
2018-07-01 19:27:54 +02:00
Duncan Ogilvie
aec262b88a
GUI: remove unused ColumnCompare class from StdTable
2018-07-01 19:27:54 +02:00
Duncan Ogilvie
73b30ed49b
DBG: actually use findSymbolsByPrefix
2018-07-01 19:27:54 +02:00
Duncan Ogilvie
876abcdf10
DBG: change findSymbolsByPrefix to take a callback
2018-07-01 19:27:53 +02:00
Duncan Ogilvie
a6ccf69e5b
DBG: implement SymAddrFromName (untested on large symbols, working on small)
2018-07-01 19:27:53 +02:00
Duncan Ogilvie
550a1ff45a
DBG: correct PDB signature format
2018-07-01 19:27:53 +02:00
Duncan Ogilvie
2ce2470ea1
DBG: implement a much nicer data structure for SymbolSourcePDB
2018-07-01 19:27:53 +02:00
Duncan Ogilvie
c7d0f50207
DBG: initial implementation of name-sorted symbol storage
2018-07-01 19:27:52 +02:00
Duncan Ogilvie
eb9d55ac61
DBG: read debug directory on ModLoad
2018-07-01 19:27:52 +02:00
Duncan Ogilvie
caa5b6273f
DBG: implement DiaLoadCallback for loadDataForExe
2018-07-01 19:27:52 +02:00
Duncan Ogilvie
4fadd01ad4
DBG: move files in 'Symbols' folder
2018-07-01 19:27:52 +02:00
4a1327a896
Only print on load failure if its not missing.
2018-07-01 19:27:52 +02:00
Duncan Ogilvie
b07611387f
GUI: implement initial version of ZehSymbolTable
...
beware of race conditions, but it appears to kinda work
2018-07-01 19:27:51 +02:00
Duncan Ogilvie
f68b830069
GUI: fix some weird includes
2018-07-01 19:27:51 +02:00
Duncan Ogilvie
7c30c5993b
GUI: introduce an additional AbstractStdTable layer to prepare for the new symbol view
2018-07-01 19:27:51 +02:00
Duncan Ogilvie
83005bdcda
GUI: remove sorting related functionality from AbstractTableView
2018-07-01 19:27:50 +02:00
ae5bb70203
Fix resolving symbol size always returning true.
2018-07-01 19:27:50 +02:00
80ad0e7df1
Minor cleanup.
2018-07-01 19:27:50 +02:00
59d166ecf4
Refactor PDBDiaFile query.
2018-07-01 19:27:50 +02:00
Duncan Ogilvie
82774e2445
DBG: use undocumented __unDNameEx function to significantly speed up symbol loading
...
Before:
Loaded 313534 line infos in 47.406
Loaded 140366 symbols in 171.640
After:
Loaded 313534 line infos in 4.187
Loaded 140366 symbols in 9.391
2018-07-01 19:27:50 +02:00
Duncan Ogilvie
a9782ac6c6
DBG: Don't show pointless module size in ModLoad
2018-07-01 19:27:49 +02:00
Duncan Ogilvie
Austin Richards
franco martinelli
Matt
Zhang Li
Mattiwatti
torusrxxx
dl471
raiseman
Bálint Faragó
Alexander Miloslavskiy
Atvaark
Wolfgang Schoechl
Manuel
Ta Thanh Dinh
Hank McCord