Index
> Windows > x64dbg plugin which adds FASM debug info |
| Author |
|
|
litrovith 17 Sep 2018, 17:34
x64dbg plugin which adds FASM debug info.
|
|||||||||||
17 Sep 2018, 17:34 |
|
|
bazizmix 18 Sep 2018, 12:23
Well done!
|
|||
|
18 Sep 2018, 12:23 |
|
|
Jin X 20 Jan 2019, 20:18
Good for 32-bits.
But doesn't work for 64-bit code  |
|||
|
20 Jan 2019, 20:18 |
|
|
Walter 27 Apr 2021, 16:49
Anyone have this working for 64-bit code? x64dbg exits abruptly for me.
|
|||
|
27 Apr 2021, 16:49 |
|
|
Walter 28 Apr 2021, 15:58
bazizmix,
That worked well. Using a "dd64" file could be prefered over the plugin approach. Would you would care to share the code for the revalent functions that generate the file? Not asking for the source to the compiler. Good project you have there! |
|||
|
28 Apr 2021, 15:58 |
|
|
bitRAKE 28 Apr 2021, 23:38
bazizmix's .dd[32|64] file creator.
https://board.flatassembler.net/topic.php?t=19095 .dd64 are a JSON file of x64dbg's internal database. https://github.com/x64dbg/x64dbg/blob/development/src/dbg/database.cpp imho, easiest way to see file format is to play with the options you care about in a small program and then save the database. Code: { "comments": [ { "module": "win64.exe", "address": "0x9C", "manual": true, "text": "MyComment, this is EntryPoint." } ], "bookmarks": [ { "module": "win64.exe", "address": "0xA2", "manual": true } ], "breakpoints": [ { "address": "0xAA", "enabled": true, "oldbytes": "0x8949", "type": 0, "titantype": "0x0", "name": "", "module": "win64.exe", "breakCondition": "", "logText": "", "logCondition": "", "commandText": "", "commandCondition": "", "fastResume": false, "silent": false } ], "hashAlgorithm": "murmurhash", "hash": "0xA77F8A223EFCE0FD" } |
|||
|
28 Apr 2021, 23:38 |
|
|
Walter 29 Apr 2021, 01:43
bitRAKE,
Thanks for the pointers. I'll take your advice and experiment with the database options. |
|||
|
29 Apr 2021, 01:43 |
|
|
bitRAKE 29 Apr 2021, 03:28
What I found so far is that the addresses must be in hex; the JSON is very strict (i.e. no trailing commas), and "hash": "0" is needed to bypass the check. Almost have fasmg spitting out something that works in about 100 lines of code.
Would be nice to catch the PROC/ENDP and output function references, etc. Edit: Here is the basic fasmg example, Code: include '../../utility/xcalm.inc' define __x64dbg? __x64dbg namespace __x64dbg virtual at 0 HexDigits:: db '0123456789ABCDEF' end virtual collected_source = '' collected_$ = $ collected_$% = $% collected_$%% = $%% k = 1 + ((bsr __source__) shr 3) tmp = __source__ bswap k ; assume source file name has an extension, remove it: while 1 if '.' = (tmp and 0xFF) break end if tmp = tmp shr 8 end while ; how many bytes in file name: k = 0 while 1 k = k + 8 b = ((tmp shr k) and 0xFF) if b = '/' break else if b = '\' break else if b = 0 break end if end while ; prune path, append new extension: tmp = ((((1 shl k)-1) and tmp) shl 24) + 'exe' k = 1 + ((bsr __source__) shr 3) __MODULE_NAME__ = string (tmp bswap k) calminstruction generate local source, $, $%, $%% reverse: take source, collected_source take $, collected_$ take $%, collected_$% take $%%, collected_$%% jyes reverse local offset compute offset, $% main: take , $% take , $%% take $%, $% jno done check source jno next local undefined_bytes, defined_bytes compute undefined_bytes, $% - $%% compute defined_bytes, $%% - offset compute offset, $% check defined_bytes jno next check ($ - PE.IMAGE_BASE) >= 0 jno next local counter, digit asm db 9,9,'{',10 asm db 9,9,9,'"module": "',__MODULE_NAME__,'",',10 asm db 9,9,9,'"address": "0x' ; offset must be in hexadecimal compute counter, 8 print_offset: compute counter, counter - 1 compute digit, (($ - PE.IMAGE_BASE) shr (counter shl 2)) and 0Fh asm load digit:1 from HexDigits:digit asm db digit check counter jyes print_offset asm db '",',10 ; asm db 9,9,9,'"manual": true,',10 asm db 9,9,9,'"text": "',source,'"',10 asm db 9,9,'},',10 next: take , source take , $ jump main done: end calminstruction ; generate end namespace ; __x64dbg postpone ? purge ? virtual as 'dd32' db '{',10 ; create comments of source text db 9,'"comments": [',10 __x64dbg.generate ; clear trailing comma store ' ':1 at $-2 db 9,'],',10 db 9,'"hash": "0"',10 db '}',10 end virtual end postpone calminstruction ? line& local tmp arrange tmp,line stringify tmp take __x64dbg.collected_source,tmp compute tmp,$ scale 0 take __x64dbg.collected_$,tmp compute tmp,$% take __x64dbg.collected_$%,tmp compute tmp,$%% take __x64dbg.collected_$%%,tmp assemble line end calminstruction calminstruction restartout? origin arrange origin,=restartout origin assemble origin reset: take ,__x64dbg.collected_source take ,__x64dbg.collected_$ take ,__x64dbg.collected_$% take ,__x64dbg.collected_$%% jyes reset end calminstruction I was able to crash the debugger - which is a rare feat at this abstraction. (I feel another bug report coming.) |
|||
|
29 Apr 2021, 03:28 |
|
|
bazizmix 30 Apr 2021, 05:19
Walter wrote: bazizmix, Thanks! |
|||
|
30 Apr 2021, 05:19 |
|
|
macgub 22 Jun 2021, 16:43
Nice job litrovith. Thanks for sharing.
|
|||
|
22 Jun 2021, 16:43 |
|
< Last Thread | Next Thread > |
Forum Rules:
|