Duncan Ogilvie
0e2ff40443
DBG: remove unused parameter from RecursiveAnalysis class
2017-12-17 02:05:53 +01:00
f29d660b6e
Search for function pointer
2017-12-17 02:05:39 +01:00
Duncan Ogilvie
4db8d02cf4
DBG: show operand visibility in Zydis command
2017-11-14 16:00:54 +01:00
3116b3dde0
fixed NTSTATUS name
2017-11-07 20:24:01 +01:00
15b0e73ba0
DGB: fix disp+imm printing in “zydis” command
2017-11-07 20:22:15 +01:00
Duncan Ogilvie
0762182973
DBG: implement DLL breakpoints directly in x64dbg
2017-10-25 21:58:01 +02:00
466d5e9173
Update cmd-misc.cpp
2017-10-25 11:21:44 +00:00
db5c3e23af
Update cmd-misc.cpp
2017-10-25 11:16:01 +00:00
9a2cb20682
enhancement to run until return
2017-10-18 22:49:06 +02:00
390bf4c5ca
Trace recording ( #1736 )
...
* run trace file format
* record opcode
* Successfully recorded sample run trace
* fixed order of thread id and opcode
* use capstone in run trace
* Revised format;Stop tracing when stop debug;Changed ext name
* trace browser(draft)
* Lower bound
* Lower bound
* implemented more funcitons in trace file reader
* Initial trace browser
* trace browser works for single-page traces
* fixed page fault
* Multi-selection, fixed page faults
* copy disassembly
* resize columns
* address label;follow in disassembly
* highlight
* history,comment,breakpoint in trace view
* stricter validation to prevent buffer overflow
* MAX_MEMORY_OPERANDS=32
* fixing bug in memory access count
* Temporary info menu to view registers & memory
* assumed to fix thread id bug
* live update trace view
* Fixed a bug with registers recording (similar to thread id bug)
* Search for constant in trace file
* Fixed bugs with memory operands recording
* File header for trace file; Auto update trace viewer
* fix x64dbg_translations.pro
* Default filename for trace; Start trace from trace view
* Switch to Qt JSON
* Copy selection, file offset and RVA; recent files
* Properly implement MRU menu
* shortcut for tracing
* Fix file names with comma
* added interaction with tab closing
* change default directory for trace file
* fix minor issue
2017-10-16 20:00:26 +02:00
8cf9f63bac
Fixing #1752
2017-10-13 19:43:33 +02:00
c5c3358c52
Add range checks for operand access ( fixes #1750 ) ( #1751 )
...
* DBG: added range checks to operand access
- previously, some instructions could trigger the `DebugBreak` path in `Zydis::operator[]`
* GUI: removed redundant semicolon
2017-10-10 21:01:59 +02:00
3fca5c9191
Ported & renamed `cbInstrCapstone`
2017-10-09 10:02:13 +02:00
af0ff55df3
zydis_wrapper: Better compliance with style-guide
...
- Removed underscores
- Removed redundant “zy” prefix
- Executed `AStyleWhore` (sorreh, I use git on my macOS host, can’t put it into pre-commit-hook)
2017-10-09 10:02:13 +02:00
4c841d85c6
Renamed `Capstone` -> `Zydis`
...
- Prevents name clashes with actual capstone disassembler implementation
2017-10-09 10:02:13 +02:00
5338a0a85b
Replace Capstone with Zydis
...
- While at it, added branch info logic to disassembler class
- Thus reduce direct checks by mnemonic in GUI and analysis code
- Replaced direct disassembler struct access with disassembler class calls where trivially possible
- Removed workarounds for empty segment registers
- Temp. disabled `cbInstrCapstone` command
- Temp. disabled flag stuff in `QBeaEngine`
2017-10-09 10:02:13 +02:00
Duncan Ogilvie
57235b2f24
DBG+EXE+LAUNCHER+BRIDGE: remove _CRT_SECURE_NO_WARNINGS
2017-10-08 16:16:20 +02:00
Duncan Ogilvie
ba6e6dea63
DBG: full unicode support in ResolveShortcut
2017-09-30 14:30:40 +02:00
Duncan Ogilvie
fcda76a470
DBG: fixed LibrarianEnableBreakpoint
2017-09-30 12:52:07 +02:00
mrexodia
082bcc0937
Merge remote-tracking branch 'origin/PLMDebug' into development
2017-09-01 22:54:53 +02:00
690b048c7f
breakpoint, memory and threads view support multi-select ( #1697 )
...
* breakpoint, memory and threads view support multi-select
* fixed
* use older breakpointsview
* fixed
* revert deps change
* command in reference view
* to-do
* fixed deps
2017-09-01 13:57:41 +02:00
mrexodia
80210eb9b0
LAUNCHER+DBG: add support for PID attaching + PLMDebug in the command line
...
closes #1698
2017-08-28 11:41:37 +02:00
mrexodia
010a3bbf7e
DBG: better behaviour for "exhandlers" on XP
2017-08-25 13:02:37 +02:00
mrexodia
652c61f7f7
DBG+BRIDGE+GUI: warn when trying to render a graph with more than 5000 nodes
...
(closes #1321 )
2017-08-21 15:13:02 +02:00
mrexodia
838b03e9d9
DBG: add ModEnum to remove various bottlenecks with module loading
2017-08-21 00:41:04 +02:00
mrexodia
ca296699b0
DBG: added plugreload command
2017-08-17 23:54:43 +02:00
mrexodia
1b27b951ee
DBG+BRIDGE: added more detail in the BRIDGEBP structure (in the padding so backwards-compatible)
2017-08-13 17:17:15 +02:00
mrexodia
b876d3b9f0
DBG: add memory breakpoint size (unimplemented) to breakpoint database
2017-08-13 16:27:55 +02:00
mrexodia
86b623b691
DBG: add module base to label list
2017-08-13 16:24:40 +02:00
mrexodia
dbc6ceb3db
DBG: fixed warning on x64
2017-08-09 03:13:04 +02:00
mrexodia
2ff93e479a
DBG: set temporary labels for visited types
2017-08-09 02:41:00 +02:00
mrexodia
f97439c9f5
DBG: introduce temp labels
2017-08-09 02:32:28 +02:00
b758ea6e9d
DBG: The log now indicates the name of the breakpoint set ( closes #1613 ) ( #1662 )
2017-07-27 22:53:09 +02:00
754ef54968
can use rtu ( #1660 )
2017-07-27 18:24:01 +02:00
18979ef6e9
Fixed some unsafe code ( #1647 )
...
* Fix underflow of commandLine variable. (memset)
* Fix for integer inconsistencies
* fix for possible overflow at line 1841 of debugger.cpp. Offending code:
sprintf_s(command, "bp %p,\"DllMain (%s)\",ss", entry, modname);
2017-07-25 12:54:41 +02:00
mrexodia
73a8a93cbe
DBG+LAUNCHER: fix #1635 (.NET files are now processed correctly)
2017-07-08 18:29:13 +02:00
mrexodia
6a4510ce3a
DBG: bpgoto now no longer refreshes the GUI if not breaking
2017-07-03 10:43:52 +02:00
mrexodia
a2e245299a
DBG: gracefully break a trace when pausing
2017-06-30 14:41:44 +02:00
mrexodia
2588f7dc3e
DBG: workaround for pausing certain applications that are stuck in NtUserGetMessage
2017-06-27 03:13:32 +02:00
mrexodia
53841caab3
DBG: fixed a formatting problem in cbDebugLoadLib
2017-06-25 03:00:47 +02:00
ca060c17c1
Replace undocumented.h with ntdll header and libs ( #1620 )
...
* Remove undocumented.h and replace it with header and .lib files for ntdll
* Replace ntdll function typedef + GetProcAddress combos with static imports
2017-06-21 15:43:23 +02:00
mrexodia
8ba0580626
DBG: fixed up the loadlib and freelib functions
2017-06-06 23:58:24 +02:00
mrexodia
2fd5cedd0d
remove some TitanEngine calls
2017-05-25 03:24:29 +02:00
mrexodia
cb2cb785ea
DBG+GUI: formatting + bigger disasm columns for string search
2017-05-11 06:18:32 +02:00
mrexodia
8979ef70b0
DBG: fixed intermodular calls (closes issue #900 )
2017-05-05 18:56:38 +02:00
mrexodia
60382ae119
DBG: call DbgGetStringAt instead of disasmgetstringatwrapper
2017-05-05 18:09:01 +02:00
mrexodia
1eed1efe4a
DBG: fixed a bug with memory caching in log strings
2017-05-04 10:22:22 +02:00
mrexodia
771103c27a
DBG: include refactor
2017-04-29 19:45:34 +02:00
mrexodia
f4a571a547
DBG: fixed search in modules that have section gaps
2017-04-29 01:57:46 +02:00
33d482e74c
Actions added to Handles/Windows table ( #1561 )
...
- Enable/Disable window
- Follow classproc in disassembler
- Toggle bp in classproc
- Message bp in classproc (not implemented entry)
2017-04-23 00:59:15 +02:00
5ddd4eadc0
internationalization issue fixed ( #1536 )
2017-04-12 15:22:43 +02:00
7e1eb2a8dc
Add a comment for the newly allocated memory. This comment will show in the memory map. ( #1531 )
2017-04-11 12:41:35 +02:00
68f18feec7
added internal command to resolve #1525
2017-04-11 00:20:20 +02:00
mrexodia
6cc5f4d849
DBG: no longer use ThreaderCreateRemoteThread
2017-04-08 15:16:38 +02:00
mrexodia
e58bc13526
DBG+BRIDGE+GUI: nastry hack to force-flush the log on user commands
2017-03-18 16:45:33 +01:00
mrexodia
24cb79324e
DBG: added TraceSetLogFile command
2017-03-17 06:59:37 +01:00
mrexodia
d5e578ee6a
DBG+GUI+BRIDGE+PROJECT: updated AStyle and formatting
2017-03-16 03:32:09 +01:00
033a495925
Initial support for compiling with Clang/C2 from VS2017 (Clang 3.8+) ( #1498 )
2017-03-16 03:13:04 +01:00
mrexodia
65ddc96542
DBG+GUI: updated capstone_wrapper
2017-03-13 03:23:53 +01:00
mrexodia
c7c654c24b
DBG: implemented repeating variants of step commands
2017-03-12 06:51:46 +01:00
mrexodia
955ef47b6d
DBG: improved run command to allow run to X
2017-03-12 05:52:58 +01:00
mrexodia
3b754f0791
BRIDGE+GUI: adjusted behavior for GuiReferenceGetCellContent
2017-03-11 03:51:55 +01:00
mrexodia
5715e1cc27
DBG: allow a title to be specified for refinit
2017-03-11 03:41:48 +01:00
mrexodia
aaf610de54
DBG: show logged line in script info
2017-03-11 03:02:16 +01:00
mrexodia
15bbdd84de
DBG: restore breakpoints when loading database (resolves issue #1479 )
2017-03-10 23:11:51 +01:00
mrexodia
4bb5eb2dee
DBG: allow stirng formatting in labelset
2017-03-10 23:10:56 +01:00
mrexodia
448b6ac64c
DBG: refresh views in commentset
2017-03-10 23:09:36 +01:00
mrexodia
8803a50659
DBG: test for InstructionText in 'capstone' command
2017-03-10 23:08:35 +01:00
mrexodia
378a6c9637
DBG: added string formatting to findasm
2017-03-06 17:23:24 +01:00
mrexodia
b438872319
DBG: drastically improved loop manipulation performance
2017-02-24 20:43:48 +01:00
mrexodia
4f704b81bb
DBG+GUI: fixed some warnings
2017-02-24 19:39:32 +01:00
mrexodia
bf3ccd7e0b
DBG: significant memory usage improvements for database (~5x less memory used)
2017-02-24 19:38:48 +01:00
mrexodia
861686f91e
DBG: allow string formatting in the 'asm' command #1416
2017-02-21 19:52:09 +01:00
mrexodia
6b3d1e71da
DBG: include the member name in struct visiting
2017-02-18 20:35:53 +01:00
b4bc8546a8
Do not add breakpoint if SetBPX fails. ( #1460 )
...
* call SetBPX before BpNew in cbDebugSetBPX to prevent failed bps from being added to the bp map.
* revert previous change. Call BpDelete if SetBPX failed.
* remove commented code.
2017-02-18 14:03:54 +01:00
mrexodia
48df1c4c2c
DBG: updated savedata behavior
2017-02-05 20:31:17 +01:00
mrexodia
8788d66cf5
DBG: improved exinfo and capstone commands
2017-02-04 06:04:36 +01:00
mrexodia
9118d7f9d8
DBG: various small improvements to the mov command
2017-01-10 20:30:54 +01:00
mrexodia
415fe99871
DBG: support multiple string references in one instruction
2017-01-10 12:19:04 +01:00
mrexodia
9f7f649f7e
DBG+GUI: implemented trace switch condition
2017-01-10 12:14:01 +01:00
mrexodia
0f4a5fa074
DBG: workaround for a bug/feature in WOW64 that breaks stepping
2017-01-10 10:34:51 +01:00
mrexodia
04a97b51d6
DBG: fixed default trace condition
2017-01-05 02:31:45 +01:00
mrexodia
1d00a61ba2
Merge branch 'development' of https://github.com/ThunderCls/x64dbg into ThunderCls-development
...
Also made various cleanup changes
2016-12-16 14:30:04 +01:00
22108bd046
Load/Free Modules in Symbols window
...
- Added command "freelib" to free a module previously loaded
- Added menu entries for load/free modules in the symbols view
2016-12-14 00:23:00 -05:00
7bb1198900
Use HTTPS for Microsoft symbol server URL ( #1300 )
...
Update Microsoft symbol server URL to https://msdl.microsoft.com/download/symbols . This is the default sympath in WinDbg 10.0.14321
2016-12-13 02:41:35 +01:00
mrexodia
72eae713db
DBG+BRIDGE+GUI: added various features to restart as admin
2016-12-13 02:11:40 +01:00
4aca3cba64
added extra info prints for access violation exceptions for the exinfo command ( #1361 )
...
* added extra info prints for access violation exceptions for the exinfo command
* reverted to original ExceptionInformation loop in exinfo cmd. added comments for access violation exceptions
2016-12-11 09:06:07 +01:00
694d94cf1f
config command ( #1355 )
...
* config command
* Find window in attach dialog
* attach to hidden process
2016-12-11 09:04:40 +01:00
mrexodia
f61509ad8b
DBG: also remove breakpoints on DbLoad
2016-12-07 22:34:44 +01:00
mrexodia
806cc1757a
DBG: fixed a bug with no specified find_size in findallmem
2016-12-07 22:30:58 +01:00
4510c594d9
Remove breakpoints from module when calling DbClear, resolves #1310 ( #1352 )
2016-12-07 22:22:14 +01:00
mrexodia
6f51d06d88
DBG: various improvements with types #1305
2016-12-01 08:24:59 +01:00
mrexodia
2305b3a6c2
DBG+GUI: fixed some small issues with types #1309 #1305
2016-11-30 21:23:55 +01:00
mrexodia
5e2ab487a9
DBG: fixed ParseTypes reload error #1305
2016-11-30 11:19:28 +01:00
mrexodia
799efc4f31
DBG+BRIDGE+GUI: add (theoretical) support for big endian types
2016-11-27 02:02:45 +01:00
mrexodia
de1951e9ca
DBG+BRIDGE+GUI: initial version of struct viewer
2016-11-27 00:51:24 +01:00
mrexodia
b7ff75abec
DBG: resolved issue #635 #1193 #775 #514 #1273 (cannot get module filename)
2016-11-25 20:44:36 +01:00
mrexodia
688b9fbea5
DBG: full path of debuggee log statement
2016-11-25 19:30:42 +01:00
mrexodia
e4efed3eaf
DBG: added loop commands
2016-11-22 21:09:59 +01:00
mrexodia
9d3d77d8fb
DBG: removed useless ParseType error
2016-11-22 21:09:52 +01:00
Duncan Ogilvie
torusrxxx
Joel Höner
pointerrrr
genuine_
Matthijs Lavrijsen
ThunderCls
changeofpace
ThunderCls
Xiaoyin Liu
Cornel Punga