x64dbg/x64dbg
x64dbg
/
x64dbg
1
0
Fork 0
Code Releases 2 Activity
4,932 Commits 44 Branches 29 Tags 65 MiB
Commit Graph

4932 Commits

Author SHA1 Message Date
Mattiwatti fc9285ed2e
[DBG] Work on modinfo improvements: 
- Add ImageNtHeaders() (clone of RtlImageNtHeaderEx which doesn't exist on XP) to obtain PE headers given a VA
- Add HEADER_FIELD() and THUNK_VAL() macros to module.h to allow accessing header fields independent of process and file bitness
- Add IMAGE_NT_HEADERS pointer to MODINFO, since anything related to parsing PEs needs this struct
- Read PE headers in GetModuleInfo(). Currently the headers are being parsed every time a TitanEngine helper function is called, the goal is to reduce this to once per module load
- GetModuleInfo(): eliminate all TitanEngine calls now that we have the headers
- Add RvaToVa() for SEC_COMMIT mappings. This can simultaneously serve as replacement for rva2offset helpers (pass base = 0). Preferably SEC_IMAGE should be used though as that way neither of these would be needed
- ReadExportDirectory(): use RtlImageDirectoryEntryToData() to obtain a PIMAGE_EXPORT_DIRECTORY and its size in one go to eliminate TitanEngine helper calls and RVA to offset conversions
- Answer burning questions re: Windows loader behaviour when parsing exports in comments
- (Minor) fix '>= 0' comparison against unsigned as this will always evaluate to true
- Add comment re: PDB search path order since it's wrong atm but I'm too scared of breaking something if I change this code myself
 2018-07-01 19:27:59 +02:00
Duncan Ogilvie 013cd1e5f7
DBG: dont copy MODINFO and MODIMPORT/MODEXPORT structures 2018-07-01 19:27:59 +02:00
Duncan Ogilvie 4e88b399fe
Update DIA to 14.13.26128.0 + XP support 2018-07-01 19:27:58 +02:00
Duncan Ogilvie aa8a215895
DBG: use win32 threads instead of std::thread 2018-07-01 19:27:58 +02:00
ZehMatt 72ccf42298
Fix too early stream deletion. 2018-07-01 19:27:58 +02:00
ZehMatt cad8aed97d
Refactor PDB data loading via IStream, explicit file access. 2018-07-01 19:27:58 +02:00
ZehMatt c8af1f9144
Use correct PDBDiaFile instance. 2018-07-01 19:27:57 +02:00
Duncan Ogilvie 45b49995f3
DBG: fall back to resolving modules exports when no symbol is found 2018-07-01 19:27:57 +02:00
Duncan Ogilvie 73a5ffebd9
DBG: use export/import data from modules instead of from memory 2018-07-01 19:27:57 +02:00
Duncan Ogilvie 476bc093bc
DBG: add export and import parsing routines in module.cpp 
#580
 2018-07-01 19:27:57 +02:00
Duncan Ogilvie bee62fbbf0
DBG: add missing locks for ModInfoFromAddr 2018-07-01 19:27:56 +02:00
Duncan Ogilvie a2c52260f7
DBG: remove unused imports field from MODINFO 2018-07-01 19:27:56 +02:00
Duncan Ogilvie 4fa1b9a2a1
DBG: fix a buffer overflow in the symbol autocomplete function 2018-07-01 19:27:56 +02:00
ZehMatt 0cbf519e66
Fix undecorated name being uninitialized. 2018-07-01 19:27:56 +02:00
Duncan Ogilvie d5ae04dce4
DBG: fully implement symdownload command without dbghelp usage 2018-07-01 19:27:56 +02:00
Duncan Ogilvie ff11a39533
DBG: attempt to load symbols from multiple locations 2018-07-01 19:27:55 +02:00
Duncan Ogilvie 637815b63d
DBG: symdownload now works without dbghelp 2018-07-01 19:27:55 +02:00
Duncan Ogilvie ba6ad4cefc
DBG: initial version of Wininet download library 2018-07-01 19:27:55 +02:00
Duncan Ogilvie 3ab836225f
DBG: remove some useless dbghelp calls 2018-07-01 19:27:55 +02:00
Duncan Ogilvie 66017a7442
DBG: refactor SymbolInfo to use VA instead of RVA 2018-07-01 19:27:54 +02:00
Duncan Ogilvie ffc168f44d
DBG: rename SymbolSourcePDB to SymbolSourceDIA 2018-07-01 19:27:54 +02:00
Duncan Ogilvie aec262b88a
GUI: remove unused ColumnCompare class from StdTable 2018-07-01 19:27:54 +02:00
Duncan Ogilvie 73b30ed49b
DBG: actually use findSymbolsByPrefix 2018-07-01 19:27:54 +02:00
Duncan Ogilvie 876abcdf10
DBG: change findSymbolsByPrefix to take a callback 2018-07-01 19:27:53 +02:00
Duncan Ogilvie a6ccf69e5b
DBG: implement SymAddrFromName (untested on large symbols, working on small) 2018-07-01 19:27:53 +02:00
Duncan Ogilvie 550a1ff45a
DBG: correct PDB signature format 2018-07-01 19:27:53 +02:00
Duncan Ogilvie 2ce2470ea1
DBG: implement a much nicer data structure for SymbolSourcePDB 2018-07-01 19:27:53 +02:00
Duncan Ogilvie c7d0f50207
DBG: initial implementation of name-sorted symbol storage 2018-07-01 19:27:52 +02:00
Duncan Ogilvie eb9d55ac61
DBG: read debug directory on ModLoad 2018-07-01 19:27:52 +02:00
Duncan Ogilvie caa5b6273f
DBG: implement DiaLoadCallback for loadDataForExe 2018-07-01 19:27:52 +02:00
Duncan Ogilvie 4fadd01ad4
DBG: move files in 'Symbols' folder 2018-07-01 19:27:52 +02:00
ZehMatt 4a1327a896
Only print on load failure if its not missing. 2018-07-01 19:27:52 +02:00
Duncan Ogilvie b07611387f
GUI: implement initial version of ZehSymbolTable 
beware of race conditions, but it appears to kinda work
 2018-07-01 19:27:51 +02:00
Duncan Ogilvie f68b830069
GUI: fix some weird includes 2018-07-01 19:27:51 +02:00
Duncan Ogilvie 7c30c5993b
GUI: introduce an additional AbstractStdTable layer to prepare for the new symbol view 2018-07-01 19:27:51 +02:00
Duncan Ogilvie 83005bdcda
GUI: remove sorting related functionality from AbstractTableView 2018-07-01 19:27:50 +02:00
ZehMatt ae5bb70203
Fix resolving symbol size always returning true. 2018-07-01 19:27:50 +02:00
ZehMatt 80ad0e7df1
Minor cleanup. 2018-07-01 19:27:50 +02:00
ZehMatt 59d166ecf4
Refactor PDBDiaFile query. 2018-07-01 19:27:50 +02:00
Duncan Ogilvie 82774e2445
DBG: use undocumented __unDNameEx function to significantly speed up symbol loading 
Before:
Loaded 313534 line infos in 47.406
Loaded 140366 symbols in 171.640

After:
Loaded 313534 line infos in 4.187
Loaded 140366 symbols in 9.391
 2018-07-01 19:27:50 +02:00
Duncan Ogilvie a9782ac6c6
DBG: Don't show pointless module size in ModLoad 2018-07-01 19:27:49 +02:00
Duncan Ogilvie 995153cfc0
DBG: fix some truncation issues 2018-07-01 19:27:49 +02:00
ZehMatt 058c14d8bf
Make source file strings unique, reduces a lot of memory. 2018-07-01 19:27:49 +02:00
ZehMatt bd08f67f47
Load symbols and source line in parallel. 2018-07-01 19:27:49 +02:00
ZehMatt 7c6bfcd2c6
Use enumerators Next instead of index, slight performance improvement. 2018-07-01 19:27:48 +02:00
ZehMatt 97fa3c1408
Lock when trying to read source lines. 2018-07-01 19:27:48 +02:00
ZehMatt ae050ea4a1
Fix source lines displayed with disp. 2018-07-01 19:27:48 +02:00
ZehMatt cad369f7a5
Refactor DbgHelp source line query references to new symbol interface. 2018-07-01 19:27:48 +02:00
ZehMatt ac6ee608e4
Add source line queries into new symbol interface. 2018-07-01 19:27:48 +02:00
ZehMatt 2604384853
Refactor source line queries in DIA interface. 2018-07-01 19:27:47 +02:00