x64dbg

An open-source x64/x32 debugger for windows. Official mirror for China: https://github.com/x64dbg/x64dbg

Go to file

Mattiwatti fc9285ed2e [DBG] Work on modinfo improvements: - Add ImageNtHeaders() (clone of RtlImageNtHeaderEx which doesn't exist on XP) to obtain PE headers given a VA - Add HEADER_FIELD() and THUNK_VAL() macros to module.h to allow accessing header fields independent of process and file bitness - Add IMAGE_NT_HEADERS pointer to MODINFO, since anything related to parsing PEs needs this struct - Read PE headers in GetModuleInfo(). Currently the headers are being parsed every time a TitanEngine helper function is called, the goal is to reduce this to once per module load - GetModuleInfo(): eliminate all TitanEngine calls now that we have the headers - Add RvaToVa() for SEC_COMMIT mappings. This can simultaneously serve as replacement for rva2offset helpers (pass base = 0). Preferably SEC_IMAGE should be used though as that way neither of these would be needed - ReadExportDirectory(): use RtlImageDirectoryEntryToData() to obtain a PIMAGE_EXPORT_DIRECTORY and its size in one go to eliminate TitanEngine helper calls and RVA to offset conversions - Answer burning questions re: Windows loader behaviour when parsing exports in comments - (Minor) fix '>= 0' comparison against unsigned as this will always evaluate to true - Add comment re: PDB search path order since it's wrong atm but I'm too scared of breaking something if I change this code myself		2018-07-01 19:27:59 +02:00
.github	PROJECT: updated issues template	2017-05-05 18:09:01 +02:00
bin	Update the Win32 error and NTSTATUS databases with values added in SDK 10.0.16299.0	2017-10-28 02:47:49 +02:00
deps@de80e8da63	PROJECT: remove keystone	2018-03-04 22:41:00 +01:00
help	PROJECT: moved help https://github.com/x64dbg/docs	2016-07-06 06:51:33 +02:00
hooks	PROJECT: update AStyleWhore (renamed to AStyleHelper)	2017-11-04 18:34:54 +01:00
src	[DBG] Work on modinfo improvements:	2018-07-01 19:27:59 +02:00
.clang-format	PROJECT: added clang-format config file (don't use this yet!)	2017-04-04 17:55:58 +02:00
.editorconfig	PROJECT: added .editorconfig	2016-06-19 00:04:48 +02:00
.gitignore	PROJECT: update AStyleWhore (renamed to AStyleHelper)	2017-11-04 18:34:54 +01:00
.gitmodules	PROJECT: remove capstone	2018-03-04 22:35:01 +01:00
CODE_OF_CONDUCT.md	PROJECT: add code of conduct	2017-10-24 01:11:18 +02:00
CONTRIBUTING.md	Add CodeTriage badge to x64dbg/x64dbg	2018-07-01 19:12:04 +02:00
LICENSE	"x64_dbg"->"x64dbg" + added Nukem	2015-04-10 01:53:32 +02:00
README.md	PROJECT: added sourceforge badge	2017-08-10 23:03:45 +02:00
build.bat	PROJECT: remove capstone	2018-03-04 22:35:01 +01:00
clean.bat	GUI+PROJECT: "build" -> "gui_build"	2015-11-08 01:50:46 -05:00
format.bat	PROJECT: update AStyleWhore (renamed to AStyleHelper)	2017-11-04 18:34:54 +01:00
install.bat	PROJECT: install script	2014-08-05 00:30:12 +02:00
maketranslatetemplate.bat	PROJECT: minimize maketranslatetemplate.bat	2016-09-08 13:03:15 +02:00
release.bat	PROJECT: remove capstone	2018-03-04 22:35:01 +01:00
setenv.bat	PROJECT: updated dependencies + setenv.bat to reflect the wiki	2017-08-25 09:54:35 +02:00
setupdeps.bat	PROJECT: batch file to setup dependencies	2017-07-29 18:30:08 +02:00
x64dbg.sln	PROJECT: remove capstone	2018-03-04 22:35:01 +01:00
x64dbg_scheme.vsd	PROJECT: sceme -> scheme	2015-11-07 01:50:49 -05:00

README.md

x64dbg

Note

Please run install.bat before you start committing code, this ensures your code is auto-formatted to the x64dbg standards.

Compiling

For a complete guide on compiling x64dbg read this.

Downloads

Releases of x64dbg can be found here.

Overview

x64dbg is an open-source x32/x64 debugger for Windows.

Activity Graph

Features

Open-source
Intuitive and familiar, yet new user interface
C-like expression parser
Full-featured debugging of DLL and EXE files (TitanEngine)
IDA-like sidebar with jump arrows
IDA-like instruction token highlighter (highlight registers, etc.)
Memory map
Symbol view
Thread view
Source code view
Content-sensitive register view
Fully customizable color scheme
Dynamically recognize modules and strings
Import reconstructor integrated (Scylla)
Fast disassembler (Capstone)
User database (JSON) for comments, labels, bookmarks, etc.
Plugin support with growing API
Extendable, debuggable scripting language for automation
Multi-datatype memory dump
Basic debug symbol (PDB) support
Dynamic stack view
Built-in assembler (XEDParse/Keystone/asmjit)
Executable patching
Yara Pattern Matching
Decompiler (Snowman)
Analysis

License

x64dbg is licensed under GPLv3, which means you can freely distribute and/or modify the source of x64dbg, as long as you share your changes with us. The only exception is that plugins you write do not have to comply with the GPLv3 license. They do not have to be open-source and they can be commercial and/or private. The only exception to this is when your plugin uses code copied from x64dbg. In that case you would still have to share the changes to x64dbg with us.

Credits

Debugger core by TitanEngine Community Edition
Disassembly powered by Capstone
Assembly powered by XEDParse, Keystone and asmjit
Import reconstruction powered by Scylla
JSON powered by Jansson
Database compression powered by lz4
Advanced pattern matching powered by yara
Decompilation powered by snowman
Bug icon by VisualPharm
Interface icons by Fugue
Website by tr4ceflow

Special Thanks

All the donators!
Everybody adding issues!
People I forgot to add to this list
EXETools community
Tuts4You community
ReSharper
Coverity
acidflash
cyberbob
cypher
Teddy Rogers
TEAM DVT
DMichael
Artic
ahmadmansoor
_pusher_
firelegend
kao
sstrato
kobalicek

Developers

Contributors

See here for a more up-to-date list of contributers.