flat assembler
Message board for the users of flat assembler.

Index > Windows > x64dbg plugin which adds FASM debug info

Author
Thread Post new topic Reply to topic
litrovith



Joined: 19 Feb 2013
Posts: 1
litrovith
x64dbg plugin which adds FASM debug info.


Description: xFasConv bin&source
Download
Filename: xFasConv_bin&source.7z
Filesize: 8.66 KB
Downloaded: 773 Time(s)

Post 17 Sep 2018, 17:34
View user's profile Send private message Reply with quote
bazizmix



Joined: 15 Jan 2016
Posts: 51
bazizmix
Well done!
Post 18 Sep 2018, 12:23
View user's profile Send private message Reply with quote
Jin X



Joined: 06 Mar 2004
Posts: 104
Location: Russia
Jin X
Good for 32-bits.
But doesn't work for 64-bit code Sad
Post 20 Jan 2019, 20:18
View user's profile Send private message Reply with quote
Walter



Joined: 26 Jan 2013
Posts: 148
Walter
Anyone have this working for 64-bit code? x64dbg exits abruptly for me.
Post 27 Apr 2021, 16:49
View user's profile Send private message Reply with quote
bazizmix



Joined: 15 Jan 2016
Posts: 51
bazizmix
You can try this opportunity of FlatC:
bazizmix wrote:
Now you can compile asm files using the FlatC and get debug information in x64dbg format:
fc.exe /debug file.asm
Post 28 Apr 2021, 07:16
View user's profile Send private message Reply with quote
Walter



Joined: 26 Jan 2013
Posts: 148
Walter
bazizmix,

That worked well. Using a "dd64" file could be prefered over the plugin approach.

Would you would care to share the code for the revalent functions that generate the file?
Not asking for the source to the compiler.

Good project you have there!
Post 28 Apr 2021, 15:58
View user's profile Send private message Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 3307
Location: vpcmipstrm
bitRAKE
bazizmix's .dd[32|64] file creator.
https://board.flatassembler.net/topic.php?t=19095

.dd64 are a JSON file of x64dbg's internal database.
https://github.com/x64dbg/x64dbg/blob/development/src/dbg/database.cpp

imho, easiest way to see file format is to play with the options you care about in a small program and then save the database.
Code:
{
 "comments": [
  {
   "module": "win64.exe",
   "address": "0x9C",
   "manual": true,
   "text": "MyComment, this is EntryPoint."
  }
 ],
 "bookmarks": [
  {
   "module": "win64.exe",
   "address": "0xA2",
   "manual": true
  }
 ],
 "breakpoints": [
  {
   "address": "0xAA",
   "enabled": true,
   "oldbytes": "0x8949",
   "type": 0,
   "titantype": "0x0",
   "name": "",
   "module": "win64.exe",
   "breakCondition": "",
   "logText": "",
   "logCondition": "",
   "commandText": "",
   "commandCondition": "",
   "fastResume": false,
   "silent": false
  }
 ],
 "hashAlgorithm": "murmurhash",
 "hash": "0xA77F8A223EFCE0FD"
}    

_________________
¯\(°_o)/¯ unlicense.org
Post 28 Apr 2021, 23:38
View user's profile Send private message Visit poster's website Reply with quote
Walter



Joined: 26 Jan 2013
Posts: 148
Walter
bitRAKE,

Thanks for the pointers.

I'll take your advice and experiment with the database options.
Post 29 Apr 2021, 01:43
View user's profile Send private message Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 3307
Location: vpcmipstrm
bitRAKE
What I found so far is that the addresses must be in hex; the JSON is very strict (i.e. no trailing commas), and "hash": "0" is needed to bypass the check. Almost have fasmg spitting out something that works in about 100 lines of code.

Would be nice to catch the PROC/ENDP and output function references, etc.

Edit: Here is the basic fasmg example,
Code:
include '../../utility/xcalm.inc'

define __x64dbg? __x64dbg
namespace __x64dbg

        virtual at 0
                HexDigits:: db '0123456789ABCDEF'
        end virtual

        collected_source = ''
        collected_$ = $
        collected_$% = $%
        collected_$%% = $%%

        k = 1 + ((bsr __source__) shr 3)
        tmp = __source__ bswap k
        ; assume source file name has an extension, remove it:
        while 1
                if '.' = (tmp and 0xFF)
                        break
                end if
                tmp = tmp shr 8
        end while
        ; how many bytes in file name:
        k = 0
        while 1
                k = k + 8
                b = ((tmp shr k) and 0xFF)
                if b = '/'
                        break
                else if b = '\'
                        break
                else if b = 0
                        break
                end if
        end while
        ; prune path, append new extension:
        tmp = ((((1 shl k)-1) and tmp) shl 24) + 'exe'
        k = 1 + ((bsr __source__) shr 3)
        __MODULE_NAME__ = string (tmp bswap k)

        calminstruction generate
                local   source, $, $%, $%%

            reverse:
                take    source, collected_source
                take    $, collected_$
                take    $%, collected_$%
                take    $%%, collected_$%%
                jyes    reverse

                local   offset
                compute offset, $%

            main:
                take    , $%
                take    , $%%
                take    $%, $%
                jno     done

                check   source
                jno     next

                local   undefined_bytes, defined_bytes
                compute undefined_bytes, $% - $%%
                compute defined_bytes, $%% - offset
                compute offset, $%

                check   defined_bytes
                jno     next
                check   ($ - PE.IMAGE_BASE) >= 0
                jno     next

                local   counter, digit

                asm db 9,9,'{',10
                asm db 9,9,9,'"module": "',__MODULE_NAME__,'",',10
                asm db 9,9,9,'"address": "0x'

                ; offset must be in hexadecimal
                compute counter, 8
            print_offset:
                compute counter, counter - 1
                compute digit, (($ - PE.IMAGE_BASE) shr (counter shl 2)) and 0Fh
                asm load digit:1 from HexDigits:digit
                asm db digit
                check counter
                jyes print_offset

                asm db '",',10
;               asm db 9,9,9,'"manual": true,',10
                asm db 9,9,9,'"text": "',source,'"',10
                asm db 9,9,'},',10

            next:
                take    , source
                take    , $
                jump    main
            done:
        end calminstruction ; generate
end namespace ; __x64dbg

postpone ?
        purge ?
        virtual as 'dd32'
                db '{',10
                ; create comments of source text
                db 9,'"comments": [',10
                __x64dbg.generate
                ; clear trailing comma
                store ' ':1 at $-2
                db 9,'],',10
                db 9,'"hash": "0"',10
                db '}',10
        end virtual
end postpone

calminstruction ? line&
        local tmp
        arrange tmp,line
        stringify tmp
        take __x64dbg.collected_source,tmp
        compute tmp,$ scale 0
        take __x64dbg.collected_$,tmp
        compute tmp,$%
        take __x64dbg.collected_$%,tmp
        compute tmp,$%%
        take __x64dbg.collected_$%%,tmp
        assemble line
end calminstruction

calminstruction restartout? origin
        arrange origin,=restartout origin
        assemble origin
    reset:
        take ,__x64dbg.collected_source
        take ,__x64dbg.collected_$
        take ,__x64dbg.collected_$%
        take ,__x64dbg.collected_$%%
        jyes reset
end calminstruction    
It's essentially a modified 'listing.inc' from the distribution.

I was able to crash the debugger - which is a rare feat at this abstraction.
(I feel another bug report coming.)

_________________
¯\(°_o)/¯ unlicense.org
Post 29 Apr 2021, 03:28
View user's profile Send private message Visit poster's website Reply with quote
bazizmix



Joined: 15 Jan 2016
Posts: 51
bazizmix
Walter wrote:
bazizmix,
Good project you have there!

Thanks!
Post 30 Apr 2021, 05:19
View user's profile Send private message Reply with quote
macgub



Joined: 11 Jan 2006
Posts: 260
Location: Poland
macgub
Nice job litrovith. Thanks for sharing.
Post 22 Jun 2021, 16:43
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.