Duncan Ogilvie
ebf3db1095
DBG: add forgotten CBSELCHANGED in pluginload
2020-01-08 01:34:49 +01:00
Duncan Ogilvie
b6b1cce7ba
DBG: force a terminating command at the end of a script
2019-11-26 13:26:35 +01:00
ec451897a5
DBG: Fix function boundary computation when getting x64 stack frames
...
RUNTIME_FUNCTION range: [BeginAddress, EndAddress)
Old code:
Find `func` where:
`func.BeginAddress <= rva <= func.EndAddress`
New code:
Find `func` where:
`func.BeginAddress <= rva < func.EndAddress`
2019-11-26 13:26:15 +01:00
Duncan Ogilvie
824100eea8
DBG: implement memcpy command
2019-11-13 01:13:06 +01:00
Duncan Ogilvie
b23c0dfe37
DBG: remove leading whitespace when loading script to correctly handle tabs
2019-11-12 23:55:56 +01:00
Duncan Ogilvie
fae8434284
DBG: fix a buffer overflow in a terrible 5-year old API
...
Thanks to dudeme for finding a reliable way to reproduce this!
2019-11-12 23:55:23 +01:00
b0ba7d40e1
Fixed #2228 ( #2244 )
...
* Fixed #2228
2019-11-11 22:15:46 +01:00
Duncan Ogilvie
e2a20266d1
DBG: close #2245
...
fix by lynnux
2019-11-10 23:15:29 +01:00
Duncan Ogilvie
c65f65f3b1
DBG: better script cleanup
2019-11-05 00:55:22 +01:00
Duncan Ogilvie
eca2f7f99a
DBG: refactor scripting functionality to allow executing script branches in the GUI
2019-11-05 00:33:32 +01:00
Duncan Ogilvie
6d6df1ff6f
DBG: stop skipping exceptions when pausing on certain debug events
2019-11-04 20:45:27 +01:00
Duncan Ogilvie
3fc1bdebc9
DBG: remove some unused functionality related to pausing
2019-11-04 20:45:26 +01:00
Duncan Ogilvie
03c5406b4b
DBG+EXE: compile on latest Visual Studio 2019 without MFC
2019-10-31 15:31:23 +01:00
Duncan Ogilvie
3efe95135b
DBG: improve savedata command
2019-10-31 15:27:51 +01:00
e0e977c88a
DBG: try querying the process cookie before adding breakpoints
2019-10-31 15:18:27 +01:00
16d9e5a777
DBG: do not add breakpoints to query process cookie when attaching
2019-10-31 15:18:27 +01:00
44c9d81e60
DBG: fix invalid handle exception on terminating attach after run
2019-10-31 15:17:23 +01:00
894ce7842d
DBG: remove duplicate variable and single cycle loop in advanced analysis
2019-10-31 15:17:05 +01:00
e975fc813d
DBG: verify that the decoded instruction or data reference fits into the memory range
2019-10-31 15:17:05 +01:00
382231eff8
DBG: reject wildcard only patterns
...
closes #2212
2019-10-23 12:22:48 +02:00
Duncan Ogilvie
83e1705985
DBG: sync mnemdb with the latest idaref
2019-10-12 16:00:04 +02:00
2952170189
DBG: fix call stack on x64
2019-10-12 15:41:29 +02:00
Duncan Ogilvie
31443c2c78
DBG: allow various more advanced pattern finding techniques
...
closes #2197
2019-09-01 17:28:48 +02:00
Duncan Ogilvie
12cf712ec2
DBG: add bswap format function
2019-09-01 17:28:43 +02:00
Duncan Ogilvie
8e2fb7f0b7
DBG: use patterntransform in the find command
...
see #2197
2019-09-01 15:45:29 +02:00
Duncan Ogilvie
249d5382c1
DBG: update patterntransform to reject invalid patterns
2019-09-01 15:44:28 +02:00
Duncan Ogilvie
d50675ca02
DBG: fix some edge cases with page protections in the memory map
2019-08-23 00:48:20 +02:00
Duncan Ogilvie
2c37afcc9e
DBG: truncate copy data in DISASM_INSTR
...
closes #2028
2019-08-23 00:48:19 +02:00
Duncan Ogilvie
d6b27324f4
DBG: fix bugfix
...
closes #2206
2019-08-22 17:50:30 +02:00
Duncan Ogilvie
bbc93a9426
DBG: improve symbol handling
2019-08-22 17:21:37 +02:00
Duncan Ogilvie
7212e853fb
DBG: better heuristics for detecting the debuggee did not terminate after 10 seconds
2019-08-19 15:39:13 +02:00
Duncan Ogilvie
8a07bd2d7e
DBG+GUI: implement auto completion for exports in goto dialog
...
closes #1987
2019-08-17 17:38:58 +02:00
Duncan Ogilvie
593b5f1752
DBG: fix out of bounds access in valapifromstring
...
closes #2190
2019-08-17 16:30:23 +02:00
Duncan Ogilvie
de2d930d8f
DBG+GUI: add transparent exception stepping option
2019-08-17 12:19:08 +02:00
Duncan Ogilvie
60e1dff147
DBG: fix signature verification for PDB v2.0 and improve symbol log
...
closes #2193
2019-08-09 20:55:59 +02:00
Duncan Ogilvie
d17852b63b
DBG: fix a weird bug where dll breakpoints could not be deleted in certain cases
2019-06-25 21:17:45 +02:00
Duncan Ogilvie
0b7d840b60
DBG+BRIDGE+GUI: fix bugs and add Graph+Memory Map+Symbol Module plugin menus
2019-06-22 16:44:45 +02:00
Duncan Ogilvie
c345647e85
DBG: allow plugstop to indicate FreeLibrary should not be called
2019-06-22 13:22:58 +02:00
Duncan Ogilvie
7114c71fe3
DBG: trim debug strings before showing them
2019-06-22 13:22:29 +02:00
Duncan Ogilvie
3c5a1ad13a
DBG: fix _plugin_menuentrysetvisible
2019-06-21 16:39:03 +02:00
Duncan Ogilvie
cc30f105de
DBG: implement DbgFunctions()->ModSymbolStatus
2019-06-19 00:12:43 +02:00
Duncan Ogilvie
80d84e7108
DBG: implement symunload command
2019-06-19 00:12:38 +02:00
Duncan Ogilvie
728f0eaa8d
DBG: fix various issues pointed out by Visual Studio code analysis
2019-06-19 00:12:31 +02:00
Duncan Ogilvie
d62f7f431c
disable warnings for dbghelp.h
2019-06-19 00:12:31 +02:00
Duncan Ogilvie
0a77a1cb00
DBG: add expression functions for exception information
2019-06-13 13:17:15 +02:00
Duncan Ogilvie
1e075142a5
DBG: add symload command to manually load a PDB
2019-06-12 16:51:19 +02:00
72d76bb9bc
Add GetExports and GetImports to the module scripting API.
2019-05-09 20:46:13 +02:00
4273fce56e
Fix export name is not parsed correctly
2019-05-09 20:45:04 +02:00
Duncan Ogilvie
b244c8177f
DBG: removed sortedlru
...
closes #2124
2019-04-30 15:27:47 +02:00
Duncan Ogilvie
c664ad1b4a
DBG: add dis.iscallsystem expression function
2019-04-30 15:05:36 +02:00
Duncan Ogilvie
2cbafa369d
DBG: add mod.isexport expression function
2019-04-30 15:05:36 +02:00
36741fdaf8
Fix ThreadGetSuspendCount if the suspend count limit is reached
...
Use a better method of querying the suspend count on Windows >= 8.1 that doesn't involve suspending and resuming
2019-04-28 21:24:59 +02:00
1874da8657
Fix export name parsing
2019-04-28 16:40:21 +02:00
Duncan Ogilvie
425a531535
DBG: fix use after free derp
...
closes #2149
2019-04-22 11:45:38 +02:00
ed5d085fa3
Fix compilation in VS2019
2019-04-17 19:34:00 +02:00
Duncan Ogilvie
1d9df16898
DBG: fix missing module name in symbol log and implement source mapping
2019-04-17 19:30:59 +02:00
Duncan Ogilvie
d13b2eefe1
GUI: better handling of xbegin tokenizing
2019-04-17 18:10:19 +02:00
Duncan Ogilvie
6bc16f8bac
PROJECT: remove and ignore vcxproj.user files
2019-04-12 17:51:56 +02:00
Duncan Ogilvie
4af8ff6174
DBG: (performance) improvements to SymbolSourceDIA
2019-04-12 16:51:37 +02:00
Duncan Ogilvie
3b8469ba55
DBG: print rex info in Zydis command
2019-04-09 15:47:22 +02:00
Duncan Ogilvie
386e242645
DBG+GUI: removed yara
2019-04-06 13:18:16 +02:00
Duncan Ogilvie
41978f961c
DBG: show full command line near 'Process Started' log entry
2019-04-06 12:40:51 +02:00
Duncan Ogilvie
ee411b0c30
DBG: some more improvements to safely reading the PE info
2019-04-06 12:40:50 +02:00
6e18613e37
DBG: ReadExportDirectory: put upper bound on the number of imports
2019-03-17 19:46:33 +01:00
e38adf1265
DBG: AddressOfNameOrdinals is WORD[], not DWORD[]
2019-03-17 19:46:33 +01:00
c54c96816e
DBG: ReadExportDirectory: do bounds checks on all export dir entries before indexing into arrays
...
Fixes #2105 (second case/malware sample)
2019-03-17 19:46:33 +01:00
e36779d7a4
DBG: more robust validation of PE directory sizes
2019-03-17 19:46:33 +01:00
Duncan Ogilvie
7d53b1ae08
DBG: fix potential crashes in GetModuleInfo
2019-01-20 22:41:26 +01:00
Duncan Ogilvie
9f5ce5041d
DBG: fix a mistake in MemUpdateMap
...
closes #2101
2019-01-20 20:45:47 +01:00
Duncan Ogilvie
85e96353cb
DBG+BRIDGE+GUI: put in the title whether x64dbg is elevated or not
2019-01-20 20:43:39 +01:00
Duncan Ogilvie
223ea586bb
DBG: add some more helpful format functions
...
ascii, ansi, utf8, utf16, disasm, modname
2019-01-10 23:54:31 +01:00
Duncan Ogilvie
d04288cbc1
DBG: improve performance of MemoryMapUpdate
2019-01-10 23:45:24 +01:00
Duncan Ogilvie
e5e96f7cbb
DBG: analyze all xrefs in the module with XrefsAnalysis
2019-01-10 23:44:51 +01:00
Duncan Ogilvie
cc15cdec9f
DBG: correctly handle executables with entry points inside the MZ header
...
closes #1994
2019-01-10 23:44:07 +01:00
Duncan Ogilvie
f1fbfd98b3
DBG: don't use CreateProcessInfo->lpStartAddress because it is broken
...
closes #2099
2019-01-10 23:43:05 +01:00
Duncan Ogilvie
688e2ccc04
DBG+GUI: AStyle
2018-11-18 15:50:13 +01:00
Duncan Ogilvie
418541e46e
DBG: improve the skipInt3Stepping feature to work for long int3 instructions
2018-11-18 15:49:43 +01:00
1e9bf1ab7c
DBG: Fix mapped area overrun in ReadDebugDirectory for bogus debugDirSize
2018-11-18 15:20:38 +01:00
0adb663a91
Fixed Symbol::GetList() for symbols without undecorated name
...
* Such symbols have "" instead of nullptr in SYMBOLINFO.undecoratedSymbol
* This fix greatly improves Snowman's decompiled results, example: comctl32!ListBox_SetCurSelHandler
2018-11-13 12:10:36 +01:00
836a544287
Run "AStyleWhore"
2018-11-13 10:01:22 +08:00
5162450ff3
Fix yara crash when used with a single argument
2018-11-04 23:14:31 +01:00
c7107374d2
DBG: remove capstone references
2018-11-04 23:14:04 +01:00
de678aec21
Fixed incorrect error message when memory could not be allocated
2018-11-02 15:31:14 +00:00
0c87d87fe6
DBG: fix getting raw int value for float typed watch points
2018-10-31 12:39:00 +01:00
e0052d6b2b
ZYDIS: Use ZydisOperandAction as an enum instead of a flag
2018-10-31 12:38:40 +01:00
0065f204a3
Add DLL ordinal to symbol table and fix symbol table comparator
2018-10-31 12:38:00 +01:00
5a4f15e9f5
DBG: add OptionalHeader.AddressOfEntryPoint to the displayed symbols
2018-10-31 12:37:48 +01:00
Duncan Ogilvie
fba7af6bcd
Merge branch 'torusrxxx-patch00000092' into development
2018-10-29 13:38:56 +01:00
5669e13485
temporary
2018-10-16 18:15:01 +02:00
ae9bf8c49e
st(X) can be edited
2018-10-16 18:15:01 +02:00
cf1498786c
Merge branch 'development' into patch00000092
2018-10-12 20:50:28 +08:00
d149f6d794
Do not leave empty or corrupt PDBs in the store if a download failed. Fixes a crash in LoadDataFromIStream in MS DIA 14.15
2018-10-10 15:50:40 +02:00
Duncan Ogilvie
da69e828ea
DBG: improve memory usage and performance with line numbers
2018-10-10 15:45:32 +02:00
Duncan Ogilvie
25a67b778e
DBG: fix buffer overflow and assert when tracing fxsave or invalid instructions
2018-10-10 15:44:37 +02:00
Duncan Ogilvie
22861d69e5
Add some analysis for exceptions containing FACILITY_VISUALCPP in exinfo
2018-10-10 15:44:37 +02:00
Duncan Ogilvie
b1188c3c04
DBG: fix crash in stackgetsuspectedcallstack when CSP is not pointing to valid memory
2018-10-10 15:44:37 +02:00
Duncan Ogilvie
521195eea9
DBG: small refactor for SymAutoComplete
2018-10-10 15:44:37 +02:00
Duncan Ogilvie
d7f1dadb52
DBG: exclude some invalid imports + give ordinal imports a name
2018-10-10 15:44:37 +02:00
Duncan Ogilvie
70cfec4094
DBG: add (undocumented) option to force load PDB
2018-10-10 15:44:37 +02:00
03f596c162
Stricter ordinal name check
2018-10-09 11:20:55 +08:00
Duncan Ogilvie
now-raymond
mappzor
Bálint Faragó
Matthaeus Puehringer
pxf_god
Matt
Zhang Li
Mattiwatti
Alexander Miloslavskiy
torusrxxx