x64dbg/x64dbg
x64dbg
/
x64dbg
1
0
Fork 0
Code Releases 4 Activity
4,485 Commits 45 Branches 31 Tags 68 MiB
Commit Graph

4485 Commits

Author SHA1 Message Date
torusrxxx 0baa39c207
Use keys to select in dump 2018-08-07 17:31:40 +08:00
Duncan Ogilvie 7526b7e482
DBG: update TitanEngine 2018-07-19 16:44:44 +02:00
Duncan Ogilvie 1d510d61db
DBG+GUI: update Zydis to fix a crash when disassembling certain instructions 2018-07-15 19:15:02 +02:00
Duncan Ogilvie f042e81a28
LAUNCHER: clean up command line handling and allow the launcher as JIT debugger 2018-07-15 19:14:31 +02:00
Duncan Ogilvie bbf2dc296a
LAUNCHER: fix a bug in forwarding of the command line parameters 
closes #1918
 2018-07-15 19:13:45 +02:00
Duncan Ogilvie 62b6be97e0
DBG: allow the "-p PID -e EVENT" command line for JIT debugging 2018-07-15 19:11:52 +02:00
Duncan Ogilvie 681eb3e2c8
GUI: fix a crash in the CPUSideBar 2018-07-14 20:48:02 +02:00
torusrxxx d09e89687a Allow folding a function when first instruction is selected. Add code fold box tooltip. 2018-07-05 02:44:14 +02:00
torusrxxx 91924de32f Really copy bytes HTML 2018-07-05 02:44:14 +02:00
torusrxxx 8ab605b7f6 Input NaN & Inf into FPU registers 2018-07-05 02:44:14 +02:00
Duncan Ogilvie fa82c80c51
DBG: temporary fix for AutoPatchExporter 2018-07-05 02:41:18 +02:00
Duncan Ogilvie bcb1df389c
DBG: include DIA in deps 2018-07-05 02:41:09 +02:00
Duncan Ogilvie d7eac4598d
DBG: better error messages in PDBDiaFile::open 2018-07-05 02:39:58 +02:00
Duncan Ogilvie 144dbd4c2f DBG: undecorate import/export names 2018-07-04 17:12:37 +02:00
Duncan Ogilvie c11659da23
Merge pull request #1820 from ZehMatt/symcache 
Improved symbol lookups.
 2018-07-01 19:44:51 +02:00
Duncan Ogilvie c1e62605e0
PROJECT: new README 2018-07-01 19:43:32 +02:00
Duncan Ogilvie 9804400df6
DBG: do not step if there is an enable breakpoint at CIP 
closes #1721
 2018-07-01 19:28:08 +02:00
Duncan Ogilvie 7bde267620
GUI: allow collapsing the side bar 2018-07-01 19:28:07 +02:00
Duncan Ogilvie e5467cf966
DBG: correctly update module list when changing module type 2018-07-01 19:28:07 +02:00
Duncan Ogilvie 0c8956f480
DBG+GUI: disable source debugging per default 2018-07-01 19:28:07 +02:00
Duncan Ogilvie 32b400b834
GUI: correctly show address column in search list view 2018-07-01 19:28:07 +02:00
Duncan Ogilvie 8c169ae2ed
DBG+BRIDGE+GUI: fix source loading 2018-07-01 19:28:06 +02:00
Duncan Ogilvie b63402066b
DBG: implement findSourceLineInfo by fileName + line in symbol source 2018-07-01 19:28:06 +02:00
Duncan Ogilvie 47d6efb59e
DBG: do not fully escape debug strings 2018-07-01 19:28:06 +02:00
Duncan Ogilvie b8ae4b1496
DBG: invalidate symbol source when MODINFO is destroyed 2018-07-01 19:28:06 +02:00
Duncan Ogilvie d70ed83a72
DBG: fix a bug in getLabel where jmp [MessageBoxA] would not be recognized correctly 2018-07-01 19:28:06 +02:00
Duncan Ogilvie df31f0da45
DBG: change symbol load order + add debuggee.pdb to the search list 2018-07-01 19:28:05 +02:00
Duncan Ogilvie 717ded10e3
DBG: Fix solution dependency for Zydis 2018-07-01 19:28:05 +02:00
Duncan Ogilvie c8b6abd632
DBG: add pushfq mnemonic redirect 2018-07-01 19:28:05 +02:00
Duncan Ogilvie 4098dc8fb2
DBG: finally fix the handle leak in PDBDiaFile 2018-07-01 19:28:05 +02:00
Duncan Ogilvie 34279ebf08
GUI: fix performance bottleneck with Qt signals 2018-07-01 19:28:04 +02:00
Duncan Ogilvie 8af904fad6
DBG: fix assert in debug mode on pluginunloadall 2018-07-01 19:28:04 +02:00
Duncan Ogilvie 0bf7bd10ef
GUI: fix ReferenceView signals not being called correctly 2018-07-01 19:28:04 +02:00
Duncan Ogilvie d30bd428c6
PROJECT: change default startup project 2018-07-01 19:28:04 +02:00
Duncan Ogilvie 9e68ea3900
DBG: only store file hash in database if there is other data as well 2018-07-01 19:28:03 +02:00
Duncan Ogilvie 7d1afa0940
DBG+GUI: change layout of window title to be more helpful in the task bar 2018-07-01 19:28:03 +02:00
Duncan Ogilvie 05378fabb2
GUI: add copy header VA to disassembly menu 2018-07-01 19:28:03 +02:00
Duncan Ogilvie 2665df4eb3
DBG: added mod.headerva expression function 2018-07-01 19:28:03 +02:00
Duncan Ogilvie 87c3238de8
DBG (WIP): set up DIA file stream for profiling of a handle leak 2018-07-01 19:28:03 +02:00
Duncan Ogilvie 408b6eeff9
GUI: don't filter symbol list when not necessary 2018-07-01 19:28:02 +02:00
Duncan Ogilvie 62cd2bb915
BRIDGE: fix truncation crash in DbgGetLabelAt 2018-07-01 19:28:02 +02:00
Duncan Ogilvie d79586d02b
DBG: fix a crash in the Cleanup in downslib 2018-07-01 19:28:02 +02:00
Duncan Ogilvie 70b3149599
WIP: new symbol gui mostly working 2018-07-01 19:28:02 +02:00
Mattiwatti 0bb2efcb2c
Improve performance and crash resistance when loading PE files containing 1000 or more sections. Tested on https://github.com/corkami/pocs/blob/master/PE/bin/65535sects.exe. Technically performance was already very good, but that was only due to crashing instantly 2018-07-01 19:28:01 +02:00
Mattiwatti f515484790
ReadBaseRelocationTable() refactor. Is it better now? Dunno really. This method may be slightly easier to use with both SEC_COMMIT and SEC_IMAGE mappings in the future if needed, but in the end they pretty much do the same thing. At least some more TitanEngine calls were killed off so that's something I suppose 
Replaced dark and brooding "..."s in error messages with exclamation marks to better emphasise that this stuff is serious
 2018-07-01 19:28:01 +02:00
Mattiwatti 1f485f313e
DBG: more robust debug directory parsing. Validate the RVA, type and size bounds for each debug directory entry, and do not stop after the one unrecognised (non-CV) entry 
Protect against PDB paths that do not have a null terminator in the PE codeview info
 2018-07-01 19:28:01 +02:00
Duncan Ogilvie 14da6c4448
DBG: clean up downslib 2018-07-01 19:28:00 +02:00
Mattiwatti 6df9535ba4
Rewrite ReadTlsCallbacks() to use RtlImageDirectoryEntryToData and remove all TitanEngine calls. Also fix an anti-debug trick I found by accident: it is possible to have working TLS callbacks with a TLS directory size of 0. The loader does not check this field and always executes callbacks if they exist 2018-07-01 19:28:00 +02:00
Mattiwatti 28c03967c7
RvaToVa(): use SizeOfRawData instead of VirtualSize as the upper bound on section RVAs. This matches the behaviour of RtlImageRvaToSection for SEC_COMMIT mappings 2018-07-01 19:28:00 +02:00
Mattiwatti a4638d2ea9
DBG: misc. changes and fixes in SymbolSourceDIA: 
- Rename SetThreadDescription to SetWin10ThreadDescription, to clarify that this function isn't actually useful to anyone. (ha ha, OK... but seriously, the same name is also used by the Windows SDK which apparently takes precedence and gets added as a static import, making it impossible to start the debugger on OSes other than Windows 10)
- Thread names are a good idea and they even kind of work on older Windows versions with NtQueryInformationThread(ThreadQuerySetWin32StartAddress), which is what e.g. Process Explorer and Process Hacker use. What *doesn't* work so well is lambdas. Added static functions SymbolsThread() and SourceLinesThread() to replace these. (before: x64dbg.dll!<lambda_fc00d3fb731b14a9b4857ac068d657c4>::<lambda_invoker_cdecl>. after: x64dbg.dll!SymbolSourceDIA::SymbolsThread). These should probably be file statics instead of class members, but they need access to private class functions
- GetModuleHandleA -> GetModuleHandleW. The former just calls the latter but with an extra string allocation and pointless unicode conversion
- Fix pedantic Clang warnings about member initialization order in ctor
- Qualify type name in call to virtual function in destructor, as this will be statically resolved and won't call any potential future implementations in derived classes (this can be further 'fixed' by making either the function or the class final so you'll get a compile time error if you try to do this later)
 2018-07-01 19:28:00 +02:00