79e335277e
lazy load mnemonic data and save 3MB memory
2017-11-07 20:24:01 +01:00
990bccfffc
add mem.isstring()
2017-11-07 20:24:01 +01:00
e6297423f9
Add NTSTATUS fmt;show str in locals tab;fix div by 0 in data copy dlg.
2017-11-07 20:24:01 +01:00
d67031a089
DBG: remove \\n replacement in string formatting
2017-11-07 20:23:25 +01:00
15b0e73ba0
DGB: fix disp+imm printing in “zydis” command
2017-11-07 20:22:15 +01:00
Duncan Ogilvie
ae20041edb
DBG: proper workaround for 0x prefix in GUI
...
also closes #1792
2017-11-04 18:08:44 +01:00
Duncan Ogilvie
4870eebd87
DBG: correctly handle imports by ordinal
...
closes #1795
2017-11-04 16:34:52 +01:00
Duncan Ogilvie
9c639ddc5f
DBG: small improvements to winerror format function
2017-10-30 00:35:54 +01:00
Duncan Ogilvie
2f26a80b78
DBG+BRIDGE+GUI: deprecate DbgGetRegDump
2017-10-29 02:18:06 +02:00
ec0555dc0d
Added winerror format function and show help message for last error in reg view
2017-10-28 02:52:13 +02:00
d5582c6a1f
- DbgGetRegDumpEx(): copy lastStatus NTSTATUS name if requested struct size is >= sizeof(REGDUMP_V2)
...
- RegistersView: replace usages of REGDUMP with REGDUMP_V2 to access LastStatus register
2017-10-28 02:47:49 +02:00
8c9b11ecc9
Remove LastStatus from THREADALLINFO to preserve plugin compatibility
2017-10-28 02:47:49 +02:00
6f1b6b77bb
dbg changes for TEB->LastStatusValue:
...
- Add LASTSTATUS struct
- Add LastStatus members to REGDUMP and THREADALLINFO
- Add ThreadGetLastStatus()/ThreadGetLastStatusTEB()
- Make "laststatus" a supported pseudo-register in isregister() / getregister() / setregister() similar to "lasterror"
- _dbg_getregdump(): copy the full name of the last NTSTATUS value
- ThreadGetList(): add the last status value to the thread list for each thread
- TraceRecordManager: account for the size change of REGDUMP to keep REGDUMPWORD the same size
2017-10-28 02:47:49 +02:00
8f0f83bdf3
ntdll.h: Update PEB and TEB structs for Windows 10 RS3, and correct offset of TEB->LastStatusValue on x86
2017-10-28 02:47:49 +02:00
787b86cd1f
Add DbgGetRegDumpEx to bridge API
...
Public SDK changes:
- Add LASTSTATUS struct
- Add REGDUMP_V2 struct with LASTSTATUS member
- Add DbgGetRegDumpEx(REGDUMP* regdump, size_t size);
Internal changes:
- Change typedef of _dbg_getregdump to add a size parameter
- Make DbgGetRegDump() pass sizeof(REGDUMP) to _dbg_getregdump to preserve existing behaviour. DbgGetRegDumpEx() forwards the size that was passed to it
2017-10-27 00:02:39 +02:00
0fbb1aa056
Don't add autocomments on "mov edi,edi"( #1775 )
2017-10-26 00:43:54 +02:00
Duncan Ogilvie
0762182973
DBG: implement DLL breakpoints directly in x64dbg
2017-10-25 21:58:01 +02:00
466d5e9173
Update cmd-misc.cpp
2017-10-25 11:21:44 +00:00
db5c3e23af
Update cmd-misc.cpp
2017-10-25 11:16:01 +00:00
Duncan Ogilvie
ecbea6d9d8
GUI: fix Sonar issues
2017-10-22 17:07:45 +02:00
9a2cb20682
enhancement to run until return
2017-10-18 22:49:06 +02:00
390bf4c5ca
Trace recording ( #1736 )
...
* run trace file format
* record opcode
* Successfully recorded sample run trace
* fixed order of thread id and opcode
* use capstone in run trace
* Revised format;Stop tracing when stop debug;Changed ext name
* trace browser(draft)
* Lower bound
* Lower bound
* implemented more funcitons in trace file reader
* Initial trace browser
* trace browser works for single-page traces
* fixed page fault
* Multi-selection, fixed page faults
* copy disassembly
* resize columns
* address label;follow in disassembly
* highlight
* history,comment,breakpoint in trace view
* stricter validation to prevent buffer overflow
* MAX_MEMORY_OPERANDS=32
* fixing bug in memory access count
* Temporary info menu to view registers & memory
* assumed to fix thread id bug
* live update trace view
* Fixed a bug with registers recording (similar to thread id bug)
* Search for constant in trace file
* Fixed bugs with memory operands recording
* File header for trace file; Auto update trace viewer
* fix x64dbg_translations.pro
* Default filename for trace; Start trace from trace view
* Switch to Qt JSON
* Copy selection, file offset and RVA; recent files
* Properly implement MRU menu
* shortcut for tracing
* Fix file names with comma
* added interaction with tab closing
* change default directory for trace file
* fix minor issue
2017-10-16 20:00:26 +02:00
9959278863
Properly exit x64dbg
2017-10-15 16:18:48 +02:00
Duncan Ogilvie
f6590e6465
DBG: fixed a typo
2017-10-14 17:31:11 +02:00
Duncan Ogilvie
d6ca58efd1
DBG: fixed another problem with Zydis
2017-10-14 15:42:02 +02:00
Duncan Ogilvie
6f7af9b8da
DBG: fixed various small issues with Zydis
...
ping @athre0z
2017-10-14 00:32:34 +02:00
Duncan Ogilvie
c9e17df1c0
DBG+LAUNCHER: correctly handle mixed mode executables
...
fixes #1758
2017-10-13 23:38:53 +02:00
8cf9f63bac
Fixing #1752
2017-10-13 19:43:33 +02:00
c5c3358c52
Add range checks for operand access ( fixes #1750 ) ( #1751 )
...
* DBG: added range checks to operand access
- previously, some instructions could trigger the `DebugBreak` path in `Zydis::operator[]`
* GUI: removed redundant semicolon
2017-10-10 21:01:59 +02:00
5b1cf81f55
zydis_wrapper: Fixed x32 build
2017-10-09 10:02:13 +02:00
3fca5c9191
Ported & renamed `cbInstrCapstone`
2017-10-09 10:02:13 +02:00
af0ff55df3
zydis_wrapper: Better compliance with style-guide
...
- Removed underscores
- Removed redundant “zy” prefix
- Executed `AStyleWhore` (sorreh, I use git on my macOS host, can’t put it into pre-commit-hook)
2017-10-09 10:02:13 +02:00
ca9401fdb7
Moved “zydis_wrapper” into root repo
...
- Instead, we directly use Zydis as a submodule now
2017-10-09 10:02:13 +02:00
4c841d85c6
Renamed `Capstone` -> `Zydis`
...
- Prevents name clashes with actual capstone disassembler implementation
2017-10-09 10:02:13 +02:00
5338a0a85b
Replace Capstone with Zydis
...
- While at it, added branch info logic to disassembler class
- Thus reduce direct checks by mnemonic in GUI and analysis code
- Replaced direct disassembler struct access with disassembler class calls where trivially possible
- Removed workarounds for empty segment registers
- Temp. disabled `cbInstrCapstone` command
- Temp. disabled flag stuff in `QBeaEngine`
2017-10-09 10:02:13 +02:00
Duncan Ogilvie
103866eafe
DBG+EXE+GUI: fixed some more sonar warnings
2017-10-08 20:19:32 +02:00
Duncan Ogilvie
57235b2f24
DBG+EXE+LAUNCHER+BRIDGE: remove _CRT_SECURE_NO_WARNINGS
2017-10-08 16:16:20 +02:00
Duncan Ogilvie
d121cd9dc2
DBG+LAUNCHER: fix exception handling in GetPeArch.h
...
Thanks to digitalboy for the report!
2017-10-05 17:08:34 +02:00
Duncan Ogilvie
ba6e6dea63
DBG: full unicode support in ResolveShortcut
2017-09-30 14:30:40 +02:00
Duncan Ogilvie
1143621eb1
DBG: make sure the debugger is signaled as initialized before loading plugins
...
Fixes #1734
2017-09-30 13:01:24 +02:00
Duncan Ogilvie
fcda76a470
DBG: fixed LibrarianEnableBreakpoint
2017-09-30 12:52:07 +02:00
7627fce15c
Tripleslash for scriptapi_misc functions
2017-09-11 15:00:30 +02:00
mrexodia
ef6bf04fb0
DBG: find the plugin name for the currently-loading plugin name (thanks to testuser!)
2017-09-07 23:04:48 +02:00
mrexodia
2d7c929c64
DBG: fixed a deadlock while unloading plugins
...
closes #1710
2017-09-06 03:50:46 +02:00
mrexodia
7c93a0ef48
DBG: QueryWorkingSetEx with GetProcAddress (restored XP support)
2017-09-04 22:57:49 +02:00
mrexodia
9cc8e779e9
DBG: some small improvements to plugin functions and added idle detection for time wasted
2017-09-04 22:57:48 +02:00
mrexodia
082bcc0937
Merge remote-tracking branch 'origin/PLMDebug' into development
2017-09-01 22:54:53 +02:00
mrexodia
037504643b
DBG+GUI: option to query the working set before attempting to read a memory page
...
workaround for http://www.triplefault.io/2017/08/detecting-debuggers-by-abusing-bad.html
2017-09-01 22:53:50 +02:00
mrexodia
4104c0a004
GUI: formatting + fixed a warning
2017-09-01 18:52:06 +02:00
fa92a9c474
Add Xref for switch cases; Follow switch cases in CPU.
2017-09-01 13:58:33 +02:00
bf43f7eb97
graph for switch statements
2017-09-01 13:58:33 +02:00
690b048c7f
breakpoint, memory and threads view support multi-select ( #1697 )
...
* breakpoint, memory and threads view support multi-select
* fixed
* use older breakpointsview
* fixed
* revert deps change
* command in reference view
* to-do
* fixed deps
2017-09-01 13:57:41 +02:00
2b4a9bc9dc
Fixes #1699 Arch-Indep-Registers ( #1700 )
...
* Arch-Indep-Registers Fix 1
* Run format.bat
2017-08-31 20:55:11 +02:00
mrexodia
80210eb9b0
LAUNCHER+DBG: add support for PID attaching + PLMDebug in the command line
...
closes #1698
2017-08-28 11:41:37 +02:00
mrexodia
d678ad1e82
DBG: fixed a warning on x64 about the cookie
2017-08-26 15:54:52 +02:00
mrexodia
88fec2a1d3
DBG: correctly remove librarian breakpoints on exit + remove hwbp on detach
2017-08-25 13:18:13 +02:00
mrexodia
fa2784792c
DBG+GUI: query the process cookie on startup ( #489 #1418 #1412 )
2017-08-25 13:17:14 +02:00
mrexodia
da77f37c4f
DBG: moved tracing code out of debugger.cpp
2017-08-25 13:14:46 +02:00
mrexodia
010a3bbf7e
DBG: better behaviour for "exhandlers" on XP
2017-08-25 13:02:37 +02:00
mrexodia
652c61f7f7
DBG+BRIDGE+GUI: warn when trying to render a graph with more than 5000 nodes
...
(closes #1321 )
2017-08-21 15:13:02 +02:00
mrexodia
1c4607e25b
DBG: change ReadBaseRelocationTable to read the relocation directory from disk instead of memory
2017-08-21 00:44:21 +02:00
mrexodia
838b03e9d9
DBG: add ModEnum to remove various bottlenecks with module loading
2017-08-21 00:41:04 +02:00
mrexodia
2bd32aee32
DBG: fixed typo in pluginreload command
2017-08-18 00:08:37 +02:00
mrexodia
ca296699b0
DBG: added plugreload command
2017-08-17 23:54:43 +02:00
8c797ef42d
Fix "requires a narrowing conversion" error when compiling with vs2015 ( #1687 )
2017-08-17 13:06:58 +02:00
mrexodia
a404f63960
DBG: fixed Script::Flags implementation
2017-08-14 16:24:29 +02:00
6587cbc564
underline relocated bytes in disassembly view ( #1683 )
...
* DBG: add relocation info to module
* GUI: underline relocated bytes
* DBG: remove unnecessary wrapper function
* DBG: store relocations in sorted vector instead of set
* GUI: warn about patches in relocation regions (closes #263 )
2017-08-14 00:17:47 +02:00
mrexodia
a64bdef223
DBG+GUI: minor fixes
2017-08-13 18:10:59 +02:00
mrexodia
f484108fd7
DBG: added MemBpSize function
2017-08-13 17:17:37 +02:00
mrexodia
1b27b951ee
DBG+BRIDGE: added more detail in the BRIDGEBP structure (in the padding so backwards-compatible)
2017-08-13 17:17:15 +02:00
mrexodia
b876d3b9f0
DBG: add memory breakpoint size (unimplemented) to breakpoint database
2017-08-13 16:27:55 +02:00
mrexodia
9fcfb5b39e
DBG: various improvements to the breakpoint api
2017-08-13 16:26:46 +02:00
mrexodia
5e9db68c71
DBG: improved performance of valapifromstring
2017-08-13 16:25:38 +02:00
mrexodia
86b623b691
DBG: add module base to label list
2017-08-13 16:24:40 +02:00
mrexodia
0cd8078256
DBG: added EnumExceptions
2017-08-13 16:23:59 +02:00
mrexodia
b79f1bd35b
DBG+GUI: implemented _plugin_menuremove and _plugin_menuentryremove
2017-08-10 20:25:18 +02:00
mrexodia
d69e9726b1
DBG+GUI: properly implemented _plugin_menuclear
2017-08-10 20:00:33 +02:00
mrexodia
9b314ef740
DBG: separate menu entries from the menus
2017-08-10 19:07:20 +02:00
mrexodia
a951d060bb
Revert "DBG: allow duplicate hEntry for _plugin_menuaddentry"
...
This reverts commit 42b9b0f9dc
2017-08-10 18:50:27 +02:00
mrexodia
42b9b0f9dc
DBG: allow duplicate hEntry for _plugin_menuaddentry
2017-08-10 18:27:55 +02:00
mrexodia
e9cfedd722
DBG: fixed an invalid handle exception
2017-08-10 06:03:04 +02:00
mrexodia
dbc6ceb3db
DBG: fixed warning on x64
2017-08-09 03:13:04 +02:00
mrexodia
2ff93e479a
DBG: set temporary labels for visited types
2017-08-09 02:41:00 +02:00
mrexodia
5a34b54fb2
DBG: show label of memory address in auto comments
2017-08-09 02:40:32 +02:00
mrexodia
f97439c9f5
DBG: introduce temp labels
2017-08-09 02:32:28 +02:00
mrexodia
5cb7917630
DBG+BRIDGE+GUI: added menu preparation plugin event
2017-08-08 01:39:04 +02:00
mrexodia
caae4a9d6a
DBG: fixed a bug in _plugin_menuclear (now it no longer deletes the menu itself)
2017-08-08 01:17:25 +02:00
mrexodia
7ab339fa3b
DBG: various small improvements
2017-08-07 19:41:32 +02:00
mrexodia
6f38e2b0f5
GUI: AA_EnableHighDpiScaling
2017-08-03 16:49:49 +02:00
mrexodia
9cdd399dde
DBG: added CFLAGS support in _scriptapi_register.h (thanks to krzywix)
2017-08-01 23:59:12 +02:00
mrexodia
43458b0881
DBG: also set pDebuggedBase and check hash on attach ( fixes #1674 )
2017-08-01 22:33:54 +02:00
b758ea6e9d
DBG: The log now indicates the name of the breakpoint set ( closes #1613 ) ( #1662 )
2017-07-27 22:53:09 +02:00
754ef54968
can use rtu ( #1660 )
2017-07-27 18:24:01 +02:00
mrexodia
db9f8c845b
DBG: remove explicit size for memset in command line
2017-07-25 13:39:23 +02:00
18979ef6e9
Fixed some unsafe code ( #1647 )
...
* Fix underflow of commandLine variable. (memset)
* Fix for integer inconsistencies
* fix for possible overflow at line 1841 of debugger.cpp. Offending code:
sprintf_s(command, "bp %p,\"DllMain (%s)\",ss", entry, modname);
2017-07-25 12:54:41 +02:00
mrexodia
73a8a93cbe
DBG+LAUNCHER: fix #1635 (.NET files are now processed correctly)
2017-07-08 18:29:13 +02:00
mrexodia
4631fbfc0f
DBG: fixed various cppcheck warnings
2017-07-06 16:15:57 +02:00
66c006d703
Small code improvement ( #1637 )
...
* Check index before array access
* fix for va_list leaks
* mismatch in new-delete pair
2017-07-04 17:26:01 +02:00
mrexodia
6a4510ce3a
DBG: bpgoto now no longer refreshes the GUI if not breaking
2017-07-03 10:43:52 +02:00
mrexodia
a2e245299a
DBG: gracefully break a trace when pausing
2017-06-30 14:41:44 +02:00
torusrxxx
Mack Stump
Joel Höner
Duncan Ogilvie
Mattiwatti
roL
Rajarshi Vaidya aka gmastergreatee
Georgeto
pointerrrr
genuine_
Maksim Derbasov