flat assembler
Message board for the users of flat assembler.
Index
> Projects and Ideas > FDBG - win64 Linux64 UEFI x64 AMD64 debugger Goto page Previous 1, 2, 3, ... 10, 11, 12 Next |
Author |
|
vid 01 Oct 2006, 21:48
great work, really.
|
|||
01 Oct 2006, 21:48 |
|
Feryno 02 Oct 2006, 09:02
2 mazegen:
You can't close child win but you can minimize it so it occupies small area about 10x30 pixels. Or you can have it in the background and your favorite win (usualy win showing opcodes) on the top. This way should be better for every coder trying debugger for his first time, because he can't close any child win with some CPU registers or some debuggee memory area and then he needn't to spend the time by serching where the win is. For coder with more experiences with debugging it could be better to turn off every unnecessary child win and not to minimize it only. I know, waiting about 2 seconds for minimizing 14 children on dbg startup isn't much comfortable. Maybe I should think about idea not to destroy child win (DestroyWindow) but hide it only (ShowWindow). It could be easier to do than destroy it and then create it on demand again. 1 question for people having higher screen resolution (on 1024*786 the default small font is on the border of comfortable readability): Which suitable font/size/height did you find? During weekend I managed to update disasm engine of fdbg for Linux x64 and I did one small improvement in 't' command (trace over call loop rep instructions). So don't inspect big differences like in fdbg for win64. Everything looks like in previous version. Misdisassembled were some of SIB index opcodes like [r13+r12*2+4] http://www.sandpile.org/aa64/opc_sib.htm edit from 20070103 deleted attachment Last edited by Feryno on 03 Jan 2007, 06:05; edited 1 time in total |
|||
02 Oct 2006, 09:02 |
|
vid 02 Oct 2006, 12:35
hiding them could be nice idea, worth of trying.
and i think 64bit debugging is still not area in which you need to focus at newbies try to add this: when you are in code window window, "R" would automaticaly bring GPR window to front, "S" would bring stack window etc. focus will remain on code window. i hope you understand |
|||
02 Oct 2006, 12:35 |
|
Feryno 03 Oct 2006, 12:14
vid, this is great idea and it needn't much work to do it
|
|||
03 Oct 2006, 12:14 |
|
vid 12 Oct 2006, 20:18
feryno: i just installed 64bit gentoo, so you will be recieving some more feedback since now
|
|||
12 Oct 2006, 20:18 |
|
Feryno 30 Oct 2006, 12:31
next release,
- added initial and simple debug symbols support (thanx to dbghelp.dll, about 5 APIs only...) - Rambo menu is back (I was very happy successfully debugging Vista x64 slc.dll using IsDebuggerPresent fight - don't play with this dll if you don't know what you want... this dll is for me the first known stuff from ms with antidebug protection - ms know why they protected it in this way...) - switching among processes/threads tested on Vista x64 RC2 and win2003 server x64 Would somebody test it under XP x64 please - especially installation with original dbghelp.dll would be appreciated for debug symbols support - use C sample from attachment (make the same path for it or recompile it if you put it in another path) debug symbols support is only in an initial stage, you can see labels on begin of instruction, like: mainCTRStartup: sub rsp,38 an you can see detailed symbols in Explore->Symbols (Ctrl-S) like: StartSelection Address=000000001C001020h PID=000009D4h ModBase=000000001C000000h Flags=00000000h Value=0000000000000000h Register=00000000h d:\asm\prog\fasm64\p006\fdbg000c_samples\debug_symbols\dll\select.c LineNumber=66 FirstInstructionAddress=000000001C001020h I plane to upgrade disasm engine to expand things like mov rax,[rsi+rcx*8+20] (todays) mov rax,[rsi+rcx*8+20] ; [00000001000035B0]=7785FA60=kernel32.CloseHandle (my dreams) edit from 20070103 deleted attachment Last edited by Feryno on 03 Jan 2007, 06:06; edited 1 time in total |
|||
30 Oct 2006, 12:31 |
|
vid 30 Oct 2006, 13:22
great work... what's SLC.DLL?
|
|||
30 Oct 2006, 13:22 |
|
Feryno 31 Oct 2006, 09:07
SLC maybe Software Licence Control ?
One API from slc.dll is usefull for me, because my home PC isn't connected to internet (because I use it only for asm coding, I don't have there soft from internet so I feels there very safe and malware-free without antivir soft...). I hate telefons too, but Vista RC2 requires 30 days to activate... I don't want to connect PC to inet (although I can easily ask my neighbour just opposite our door...) and I don't want to call anywhere (even it is free call) so I looked for other way of activation... I suppose this is impossible todays but I found another way - staying unactivated but reset activation timeout. It is quite easy, just calling 1 API without any param: slc.dll SLReArmWindows Then I wonderd what this API did, so I traced it, and I was happy because this DLL uses antidebugs and I like antidebug. You just have to turn on IsDebuggerPresent camouflage and enter some calls (don't press F8 on every CALL especially when there is garbage after call instruction which not seems like real instructions, entered calls - press F7 to do it - have pushf instruction in prologues and popf at epilogues and they return in other address than the address after instruction of call because procedure modifies return address in the stack) Great on Vista RC2 is the fact, that you can turn off Drivers signing control on the boot (I refuse to pay for signing 2-3 kB drivers written in FASM used for fun and maybe like education samples) and not much important Aero seems to work event Vista isn't activated. So I don't plane to upgrade to RTM version of Vista... and I want to stay unactivated more than 30 days... If it is an heretic idea on this forum, please admin correct some thoughs from this post, I will be out of internet for 2 months (thus unable to edit this post erlier than on new year) |
|||
31 Oct 2006, 09:07 |
|
comrade 08 Dec 2006, 18:31
great job
i guess Feryno didn't get his internet back |
|||
08 Dec 2006, 18:31 |
|
Feryno 03 Jan 2007, 06:10
new version for Win
you can see now content of memory after disassembled instruction exe is compressed in an experimental way (original exe is too big for asm project) Last edited by Feryno on 15 Jan 2007, 06:42; edited 1 time in total |
|||
03 Jan 2007, 06:10 |
|
vid 12 Jan 2007, 10:05
feryno: your linux version uses just console, or X, or some other GUI?
|
|||
12 Jan 2007, 10:05 |
|
Feryno 12 Jan 2007, 10:24
Yes, only console, that's a pitty.
I did some GUI samples under Linux, but they required too much time even they were the most simple programs. So I'm afraid that I'm not able to make nice GUI interface under Linux. Currently I'm finishing support for debug symbols (well documented in one manual from year 1997 !!! quite easy task to do). |
|||
12 Jan 2007, 10:24 |
|
vid 12 Jan 2007, 10:39
glad to hear that. console suits me for linux, as i haven't installed any Xs yet. got to try it
|
|||
12 Jan 2007, 10:39 |
|
Feryno 15 Jan 2007, 06:43
Linux version
it has help file (win asm beginers may find some usefull simple info how to debug without debug symbols at the end of help) it supports debug symbols edit from 2007 february 21: deleted attachment (quota limit reached) Last edited by Feryno on 21 Feb 2007, 06:37; edited 1 time in total |
|||
15 Jan 2007, 06:43 |
|
ds316 22 Jan 2007, 07:58
An absolutely awesome app. The only thing that could really do better is a 64-bit version of OllyDbg, but I can't see that happening in the future.
Also when I was running the 000C version the exe I downloaded kept trying to execute an instruction that didn't exist. All I did was replace the suspect instruction with 9090 and everything ran sweetly. 000D is working fine though. |
|||
22 Jan 2007, 07:58 |
|
Feryno 22 Jan 2007, 09:41
Hello ds316, would you send me that instruction or its address ? (incompactibility between AMD64 and EM64T ? - I tested it only in AMD64)
I try to make fdbg app for it's usage to be the most simple for asm beginners (priority No 1.) and powerfull enough for experienced users (priority No. 2). Key shortcuts have been taken from legendary Borland Turbo Debugger, you can simple change them in source code if you used to debug with Olly or GoBug - it is to difficult to adapt to new shortcuts after years of usage of another debugger. Functionality is good now, but there are some tasks which I'm not able to do better yet (e.g. terminating debugging works but isn't the best solution...). fdbg has it's own exception handler so it shows you possible buggy instructions after testing it in Vista RC2 I had to correct about 10 errors in procedures' prologues (unaligned stack, ...) which was silent in older versions of win but caused problems in Vista. The most difficult problem of unaligned stack is that instruction causing exception is in win DLL when API tries to access parameters in the stack with movdqa instruction. During the evolution of ms win more and more APIs access stack with movdqa instructions. I hope there amÝn't stack unaligned procedures calling APIs in fdbg anymore. I'm still finding mistakes and missing parts in disasm engine, e.g. the last is imul reg,[mem],value it doesn't display the content on [mem] and shows incorrectly$úeg32 for reg16 operations... More users of fdbg, more time of work with it -> more mistakes uncovered and fixed. ds316 thanx for report and usage |
|||
22 Jan 2007, 09:41 |
|
mattst88 22 Jan 2007, 17:31
Awesome program firstly.
Is there any chance you can add the ability to show XMM registers' values as both 4 singles and 2 doubles? It's very difficult to try and debug something using two doubles currently. Keep up the great work. |
|||
22 Jan 2007, 17:31 |
|
Feryno 24 Jan 2007, 07:58
special edition for mattst88
edit from 2007 february 21: deleted attachment (quota limit reached) Last edited by Feryno on 21 Feb 2007, 06:38; edited 1 time in total |
|||
24 Jan 2007, 07:58 |
|
mattst88 27 Jan 2007, 03:34
Awesome. Thanks
Keep up the great work. |
|||
27 Jan 2007, 03:34 |
|
Goto page Previous 1, 2, 3, ... 10, 11, 12 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.