flat assembler
Message board for the users of flat assembler.
Index
> Projects and Ideas > FDBG - win64 Linux64 UEFI x64 AMD64 debugger Goto page Previous 1, 2, 3 ... 8, 9, 10, 11, 12 Next |
Author |
|
magicSqr 06 Aug 2012, 23:30
Hi,
I'm only just starting coding in x64 and downloaded fdbg0023. When I click 'open executable' I don't get any dialog box to choose a file. Same with Ctrl-E. Downloaded fdbg0022 and same problem. I'm running Win7 Home Premium 64-bit |
|||
06 Aug 2012, 23:30 |
|
Feryno 07 Aug 2012, 09:15
hi, strange...
I'm always using server versions of x64 win but the kernels should be identical to "workstation" versions (the preference of servers is because they are available to download from microsoft few weeks earlier than workstations) you can still run the executable from command line without necessity of Open File Dialog, command like fdbg yourprog.exe not so comfortable as gui but should work and bypasses open file dialog years ago I found that open file dialog produced some exception with exotic error number (no result what the error code means) and wasn't able to find where is the problem, I can't remember exactly whether it appeared in win 2008 server (the same kernel as vista) or in win2008 R2 (the same kernel as win 7) the exception generated by open file dialog is handled transparently and silently ingored, appears only when you run fdbg from another debugger or when adding exception handling into fdbg I've never observed the exception in win 2003 server (win XP x64) the gui seems to be only a source of problems, maybe I should do win version to be command line (like Linux, UEFI), I just wanted it to be very easy for everybody running debugger for the first time in the life (max. 2-3 clicks and some result available already = debuggee halted at entrypoint, registers visible, code / stack / memory dump visible, ...) |
|||
07 Aug 2012, 09:15 |
|
magicSqr 07 Aug 2012, 09:47
ok, thanks Feryno,
I'll go with command line then magicĀ² |
|||
07 Aug 2012, 09:47 |
|
XVilka 14 Aug 2012, 09:41
Feryno: can you put code of fdbg into one of versioning system? It will be great and let improve by others too At least i want contribute in it (bit later - this autumn, i suppose)
|
|||
14 Aug 2012, 09:41 |
|
Feryno 16 Aug 2012, 11:42
Hi,
you can post you work here and don't forget to add you to the list of developers cores of all 3 free versions of debugger are healthy gui of win version should be rewritten from base Linux version seems to be finished (I don't see anything to improve there) in uefi version there should be added choice of entering register as input (not only hexa values, e.g. d rsi instead of d 264e00, also something like r rip=rip-1, etc.) disasm engine lacks of updates for years (disassembling of instructions using 256 bit multimedia registers is not implemented although core of all versions support them) in uefi support for symbols should be added in uefi version I slightly improved loading of executable to be more clean and readable so update these parts before you start to contribute: a00.asm Code: format PE64 dll efi at 0 on 'nul' ; possible subsystems are: EFI, EFIBOOT, EFIRUNTIME entry start include 'uefi.inc' include 'keycodes.inc' include 'padAMD64.inc' include 'constants.inc' include 'registers.inc' section '.text' code readable executable start: ; rcx = ImageHandle ; rdx = SystemTable push rbx rsi rdi sub rsp,8*(4+0) mov rax,[rdx+60h] ; EFI_BOOT_SERVICES mov [ImageHandle],rcx mov [SystemTable],rdx mov [BootServicesTable],rax call set_best_text_mode lea rcx,[msg_welcome] call print call check_lahf_sahf call cpu_features_enable lea rcx,[msg_executable] call print call get_executable_name jc egzyd call load_executable jc egzyd ; rax = image handle mov rbx,rax mov rcx,rax call get_executable_base_and_size ; CF=0 -> rax = base, rdx = size ; CF=1 -> error jnc .L1 .L0: mov rcx,rbx call unload_executable jmp egzyd .L1: ; rax = base, rdx = size mov rsi,rax mov rdi,rdx ; mov rdx,rdx mov rcx,rax call PE32x64_AddressOfEntryPoint jc .L0 ; rax = AddressOfEntryPoint, this is an offset add rax,rsi ; rax = virtual memory of the image entrypoint call set_SW_BP ; or should we call set_temporary_execute_HW_BP call hook_exceptions xor r8,r8 xor edx,edx mov rcx,rbx ; ImageHandle mov rax,[BootServicesTable] call qword [rax+0D0h] ; EFI_IMAGE_START call unhook_exceptions call remove_all_HW_BP_SW_BP lea rcx,[msg_executable_exited] call print egzyd: if EFI_SUCCESS = 0 xor eax,eax else mov rax,EFI_SUCCESS end if add rsp,8*(4+0) pop rdi rsi rbx ret exec.asm Code: align 10h get_executable_name: ; out: CF=0 success ; CF=1 errror push rax rcx rdx rsi rdi call cli_reset get_executable_name_wait_for_key: call get_key ; eax=key cmp eax,key_ENTER jz get_executable_name_done call cli_update ; update command line interface with the new key received lea rcx,[msg_clt_all] call print ; print the updated command line jmp get_executable_name_wait_for_key get_executable_name_done: call print_new_line lea rsi,[msg_clt] lea rdi,[path_to_exec] ; mov ecx,[msg_clt_pointer] mov ecx,[msg_clt_pointer + rsi-msg_clt] ; rsi = msg_clt ; jrcxz get_executable_name_fail or ecx,ecx jz get_executable_name_fail cld mov eax,060404h stosd mov eax,'\' stosw ;align 10h get_executable_name_convert_01: cmp word [rsi],ax jnz get_executable_name_convert_02 add rsi,2 loop get_executable_name_convert_01 get_executable_name_convert_02: ; jrcxz get_executable_name_fail or ecx,ecx jz get_executable_name_fail get_executable_name_convert_03: call more_backslashes jnz get_executable_name_convert_06 ;align 10h get_executable_name_convert_05: ; ax = '\' add word [path_to_exec+2],2 cmp word [rsi],ax movsw loopnz get_executable_name_convert_05 or ecx,ecx jnz get_executable_name_convert_03 get_executable_name_convert_06: ; the last backslash has to be removed at my UEFI else LoadImage fails cmp word [path_to_exec+2],6 jz get_executable_name_convert_07 ; remove the last '\' sub word [path_to_exec+2],2 sub rdi,2 get_executable_name_convert_07: xor eax,eax add word [path_to_exec+2],2 stosw ; path node done ; now executable node mov eax,040404h stosd lea rdx,[rdi-2] lea eax,[rcx+rcx*1] add word [rdx],ax repz movsw ; suffix '.efi' mov rcx,[rdi-8] mov rax,0020002000200000h or rcx,rax ; convert capitals to lowercase mov rax,'.' + ('e' shl 16) + ('f' shl 32) + ('i' shl 48) cmp rcx,rax jz get_executable_name_convert_08 stosq add word [rdx],8 get_executable_name_convert_08: xor eax,eax stosw ; 0-terminator add word [rdx],2 ; end node: mov eax,04FF7Fh stosd call cli_reset clc ; success get_executable_name_epi: pop rdi rsi rdx rcx rax ret get_executable_name_fail: call cli_reset stc ; failure jmp get_executable_name_epi align 10h more_backslashes: ; in: RSI unicode string ; in: ECX string size ; out: ZF=0 no more backslashes ; out: ZF=1 backslash found push rax rcx rdi lea rdi,[rsi] mov eax,'\' cld repnz scasw pop rdi rcx rax ret align 10h load_executable: ; returns: CF=0 success, RAX = image handle ; CF=1 failure push rbx rbp struc load_executable_frame { .reserved rq 4 .fifth_param dq ? .sixth_param dq ? .img_handle dq ? .full_path dq ? .img_dev_handle dq ? .loaded_image dq ? .dev_path_util_protocol dq ? } virtual at 0 tmp_load_executable_frame load_executable_frame sizeof_load_executable_frame = $ end virtual a=1 ; return address from procedure b=2 ; pushed qwords d=(sizeof_load_executable_frame+7)/8 ; stack frame in qwords c=(a+b+d) and 1 ; align stack at 10h sub rsp,8*(c+d) virtual at rsp ld_exec_f load_executable_frame end virtual xor ebx,ebx ; status mov rbp,[BootServicesTable] lea r8,[ld_exec_f.dev_path_util_protocol] xor edx,edx lea rcx,[EFI_DEVICE_PATH_UTILITIES_PROTOCOL_GUID] call qword [rbp+140h] ; EFI_LOCATE_PROTOCOL if EFI_SUCCESS = 0 or rax,rax else cmp rax,EFI_SUCCESS end if jnz load_executable_result mov dword [ld_exec_f.sixth_param],EFI_OPEN_PROTOCOL_GET_PROTOCOL and qword [ld_exec_f.fifth_param],0 mov r9,[ImageHandle] lea r8,[ld_exec_f.loaded_image] ; LoadedImage lea rdx,[EFI_LOADED_IMAGE_PROTOCOL_GUID] mov rcx,[ImageHandle] call qword [rbp+118h] ; EFI_OPEN_PROTOCOL if EFI_SUCCESS = 0 or rax,rax else cmp rax,EFI_SUCCESS end if jnz load_executable_result virtual at 0 LIP EFI_LOADED_IMAGE_PROTOCOL end virtual mov dword [ld_exec_f.sixth_param],EFI_OPEN_PROTOCOL_GET_PROTOCOL and qword [ld_exec_f.fifth_param],0 mov r9,[ImageHandle] lea r8,[ld_exec_f.img_dev_handle] ; ImageDevicePath lea rdx,[EFI_DEVICE_PATH_PROTOCOL_GUID] mov rax,[ld_exec_f.loaded_image] ; LoadedImage mov rcx,[rax + LIP.DeviceHandle] call qword [rbp+118h] ; EFI_OPEN_PROTOCOL if EFI_SUCCESS = 0 or rax,rax else cmp rax,EFI_SUCCESS end if jnz load_executable_failure_close_protocol lea rdx,[path_to_exec] mov rcx,[ld_exec_f.img_dev_handle] ; ImageDevicePath mov rax,[ld_exec_f.dev_path_util_protocol] ; EFI_DEVICE_PATH_UTILITIES_PROTOCOL call qword [rax+8*2] ; AppendDevicePath or rax,rax jz load_executable_failure_close_protocols mov [ld_exec_f.full_path],rax lea rax,[ld_exec_f.img_handle] ; Pointer to the returned image handle that is created when the image is successfully loaded. mov [ld_exec_f.sixth_param],rax ; ImageHandle and qword [ld_exec_f.fifth_param],0 xor r9,r9 mov r8,[ld_exec_f.full_path] ; path to execute mov rdx,[ImageHandle] ; ParentImageHandle xor ecx,ecx call qword [rbp+0C8h] ; EFI_IMAGE_LOAD if EFI_SUCCESS = 0 or rax,rax else cmp rax,EFI_SUCCESS end if setz bl ; status mov rcx,[ld_exec_f.full_path] call qword [rbp+48h] ; FreePool load_executable_failure_close_protocols: xor r9,r9 mov r8,[ImageHandle] lea rdx,[EFI_DEVICE_PATH_PROTOCOL_GUID] mov rax,[ld_exec_f.loaded_image] ; LoadedImage mov rcx,[rax + LIP.DeviceHandle] call qword [rbp+120h] ; EFI_CLOSE_PROTOCOL load_executable_failure_close_protocol: xor r9,r9 mov r8,[ImageHandle] lea rdx,[EFI_LOADED_IMAGE_PROTOCOL_GUID] mov rcx,[ImageHandle] call qword [rbp+120h] ; EFI_CLOSE_PROTOCOL load_executable_result: sub bl,1 mov rax,[ld_exec_f.img_handle] load_executable_epi: lea rsp,[rsp+8*(c+d)] ; the LEA doesn't touch Carry flag pop rbp rbx ; neither the POP alters CF ret align 10h unload_executable: ; in: RCX ImageHandle ; out: CF=0 success ; CF=1 error sub rsp,8*(4+1) mov rax,[BootServicesTable] ; mov rcx,rcx call qword [rax+0E0h] ; EFI_IMAGE_UNLOAD add rsp,8*(4+1) if EFI_SUCCESS <> 0 sub rax,EFI_SUCCESS end if add rax,-1 ret align 10h get_executable_base_and_size: ; in: RCX ImageHandle ; out: CF=0 success, rax=base, rdx=size ; CF=1 error push rbx rsi rdi sub rsp,8*(4+4) mov rbx,rcx mov dword [rsp+8*(4+1)],EFI_OPEN_PROTOCOL_GET_PROTOCOL and qword [rsp+8*(4+0)],0 mov r9,[ImageHandle] lea r8,[rsp+8*(4+3)] ; Interface lea rdx,[EFI_LOADED_IMAGE_PROTOCOL_GUID] ; mov rcx,rcx mov rax,[BootServicesTable] call qword [rax+118h] ; EFI_OPEN_PROTOCOL mov [rsp+8*(4+2)],rax ; status if EFI_SUCCESS = 0 or rax,rax else cmp rax,EFI_SUCCESS end if jnz get_executable_base_and_size_epi mov rdx,[rsp+8*(4+3)] mov rsi,[rdx + LIP.ImageBase] mov rdi,[rdx + LIP.ImageSize] xor r9,r9 mov r8,[ImageHandle] lea rdx,[EFI_LOADED_IMAGE_PROTOCOL_GUID] mov rcx,rbx mov rax,[BootServicesTable] call qword [rax+120h] ; EFI_CLOSE_PROTOCOL get_executable_base_and_size_epi: if EFI_SUCCESS <> 0 sub qword [rsp+8*(4+2)],EFI_SUCCESS end if add qword [rsp+8*(4+2)],-1 ; CF=0 if STATUS_SUCCESS, CF=1 otherwise mov rax,rsi ; base mov rdx,rdi ; size lea rsp,[rsp+8*(4+4)] ; the LEA doesn't change CF (the ADD does !!!) pop rdi rsi rbx ret align 10h PE32x64_AddressOfEntryPoint: ; in: RCX ImageBase ; RDX ImageSize ; out: CF=0 success, RAX = AddressOfEntryPoint (this is an offset) ; CF=1 error push rsi include 'WinNT.h.inc' virtual at 0 .pehdr0 IMAGE_DOS_HEADER sizeof.IMAGE_DOS_HEADER = $ end virtual cmp rdx,sizeof.IMAGE_DOS_HEADER jc PE32x64_AddressOfEntryPoint_epi virtual at rcx .pehdr IMAGE_DOS_HEADER end virtual cmp [.pehdr.e_magic],IMAGE_DOS_SIGNATURE jnz PE32x64_AddressOfEntryPoint_fail mov eax,[.pehdr.e_lfanew] lea rsi,[rcx+rax*1] virtual at rsi .nthdr IMAGE_NT_HEADERS64 end virtual virtual at 0 .nthdr0 IMAGE_NT_HEADERS64 sizeof.IMAGE_NT_HEADERS64 = $ end virtual add rax,sizeof.IMAGE_NT_HEADERS64 cmp rdx,rax jc PE32x64_AddressOfEntryPoint_epi ; we don't have enough of image to access it (have only part of image) cmp [.nthdr.Signature],IMAGE_NT_SIGNATURE jnz PE32x64_AddressOfEntryPoint_fail cmp [.nthdr.FileHeader.Machine],IMAGE_FILE_MACHINE_AMD64 jnz PE32x64_AddressOfEntryPoint_fail cmp [.nthdr.FileHeader.SizeOfOptionalHeader],IMAGE_SIZEOF_NT_OPTIONAL64_HEADER jnz PE32x64_AddressOfEntryPoint_fail cmp [.nthdr.OptionalHeader.Magic],IMAGE_NT_OPTIONAL_HDR64_MAGIC jnz PE32x64_AddressOfEntryPoint_fail ; cmp [.nthdr.OptionalHeader.DllCharacteristics], ; bullshit ; bullshits ; movzx eax,[.nthdr.OptionalHeader.Subsystem] ; cmp eax,IMAGE_SUBSYSTEM_EFI ; jz img_OK_0 ; cmp eax,IMAGE_SUBSYSTEM_EFIBOOT ; jz img_OK_0 ; cmp eax,IMAGE_SUBSYSTEM_EFIRUNTIME ; jnz PE32x64_AddressOfEntryPoint_fail ; ;img_OK_0: mov eax,[.nthdr.OptionalHeader.SizeOfImage] cmp rdx,rax jc PE32x64_AddressOfEntryPoint_epi mov eax,[.nthdr.OptionalHeader.AddressOfEntryPoint] cmp rdx,rax ; CF set if AddressOfEntryPoint is more than ImageSize ; clc ; success ; no need as the above CMP cleared Carry Flag PE32x64_AddressOfEntryPoint_epi: pop rsi ret PE32x64_AddressOfEntryPoint_fail: stc pop rsi ret |
|||
16 Aug 2012, 11:42 |
|
alorent 29 Aug 2012, 10:42
Hi Feryno,
I have tried FDBG under Windows 8 x64 but it fails with exception in most cases (before fully loading all child Windows) When I click on "Open Executable" there are no Windows dialogs to open a file. Please, do we need any special settings to make it work under Windows 8? Thanks for you great work! Also, I saw you HDBG project. Can I purchase it? I don't see any payment link Thanks! |
|||
29 Aug 2012, 10:42 |
|
Feryno 03 Sep 2012, 07:51
Hi alorent, I saw that under developmental versions of win8 and was unable to find where is the problem. As I wrote previously the GUI should be completely rewritten.
hdbg - it is not question of money - some parts were developed for somebody else so obtaining hdbg requires their permission (identifying PID/TID of running thread using hypervisor, identifying context switches using hypervisor, freezing/unfreezing running thread using hypervisor, walking + dumping memory of given process using hypervisor - after these parts were done and my tasks were succesfully finished I had an idea that I can extend that and make a debugger) |
|||
03 Sep 2012, 07:51 |
|
Feryno 19 Sep 2012, 06:37
support for most important symbols from UEFI spec
command k (kill program) GPR64 and RIP as input on some commands link for all-in one pack with emulator for everybody not owning UEFI hardware (external link, the archive doesn't fit to board because of board quota limit) http://fdbg.x86asm.net/fdbg.uefi.0002.qemu.zip (see the images and run the bat file)
|
|||||||||||
19 Sep 2012, 06:37 |
|
Feryno 01 Oct 2012, 09:48
windows server 2012 / windows 8 users shouldn't suffer anymore
|
|||||||||||
01 Oct 2012, 09:48 |
|
farrier 01 Oct 2012, 14:26
Feryno,
Thanks for your fine program, I am just getting started in the 64 bit world and fdbg has made it possible to find out what is actually happening, as opposed to what I thought should happen. farrier _________________ Some Assembly Required It's a good day to code! U.S.Constitution; Bill of Rights; Amendment 1: ... the right of the people peaceably to assemble, ... The code is dark, and full of errors! |
|||
01 Oct 2012, 14:26 |
|
Feryno 02 Oct 2012, 05:18
Hi, farrier,
thank for your report. When I started the project years ago (maybe 7 or 8 years) I wanted to create something like turbo debugger (td.exe) for win64. Just 2-3 clicks and your program already loaded in debugger, some keystrokes and see result what is your program doing. Easy-to-use. For everybody compiling its first program trying to observe what the program is really doing. I grew up on turbo debugger in ms dos era, interner was in nappies, no so much documentation, no so much source code, learned most from debugging some small demos / viruses. Later I found CPU manuals but at that time I already knew most important instructions. When release candidates of win x64 came I realized there is a need for something similar as turbo debugger for win x64. btw the problem causing crashes in win 8 / win server 2012 was 6 years old and silent through older win x64 versions (appeared in fdbg000B) |
|||
02 Oct 2012, 05:18 |
|
yoshimitsu 14 Oct 2012, 18:27
fdbg is a must-have.
|
|||
14 Oct 2012, 18:27 |
|
XVilka 22 Oct 2012, 08:02
About serial and USB debugging - it is possible to use standard UEFI's feature - Debugport protocol. Its GUID:
Code: #define EFI_DEBUGPORT_PROTOCOL_GUID \ {0xEBA4E8D2,0x3858,0x41EC,0xA2,0x81,0x26,0x47,\ 0xBA,0x96,0x60,0xD0} Protocol Interface Structure Code: typedef struct { EFI_DEBUGPORT_RESET Reset; EFI_DEBUGPORT_WRITE Write; EFI_DEBUGPORT_READ Read; EFI_DEBUGPORT_POLL Poll; } EFI_DEBUGPORT_PROTOCOL; Parameters Reset Resets the debugport hardware. Write Send a buffer of characters to the debugport device. Read Receive a buffer of characters from the debugport device. Poll Determine if there is any data available to be read from the debugport device. See Section 17.3 of UEFI 2.3 specification |
|||
22 Oct 2012, 08:02 |
|
dmitriy566 17 Dec 2012, 09:59
Hello!
I have a question. Why when i load 32-bit executable into fdbg it happens nothing? Why it cannot debug it? I think it will be useful to debug any executable in fdbg, despite it is 64-bit. |
|||
17 Dec 2012, 09:59 |
|
Feryno 19 Dec 2012, 10:59
Hi, only 64 bits supported. There are some free debuggers for 32 bits available. At the time I started fdbg (years ago) there was only windbg for x64 which is not trivial to use for beginners so I decided to write x64 debugger with functionality close to turbo debugger (I used 16 bit td.exe under ms dos a lot).
|
|||
19 Dec 2012, 10:59 |
|
mm1991 27 Dec 2012, 16:23
Hello Feryno and thanks for your nice work but I have some ideas
can you make only the current instruction ribbon moving not whole code window while stepping the code ? also can you add a just in time assembler and some asm coloring really fdbg is getting better but can you implement those features ? Really with those features fdbg will be the best available x64 debugger last but not least thank you for your nice work |
|||
27 Dec 2012, 16:23 |
|
Feryno 28 Dec 2012, 16:09
mm1991 wrote:
use the second code window (only ribbon is moving, the address where the disasm starts doesn't change), to update this window just click on the start address and write RIP there (3 bytes string, no need to write hexa number) I don't plane to add inline asm either coloring (but the source is open - ask Tomasz for permission to use FASM and put them together) If I improve something it will be adding new multimedia instructions in disasm but I doubt I'll have time/power for that. |
|||
28 Dec 2012, 16:09 |
|
a rabbit 13 Apr 2013, 18:25
Hi Feryno,
Do you mind if I fork your source on GitHub? |
|||
13 Apr 2013, 18:25 |
|
Feryno 15 Apr 2013, 09:46
Hi, you may do anything you want. Maybe you will be the only one fdbg developer at GitHub, but I wish you to attract more developers.
I don't have enough time to improve fdbg, it is usable and stable for few years but no much progress in it. Especially it lacks support for disassembling new instructions (but the core is already capable, only the disasm not yet). The first supported platform was win x64, the second Linux x64, the third UEFI x64. When I have enough time I will attempt fourth port and it will be platform independent, a hypervisor will be running and controlling guest (no matter OS), communication via null modem serial cable and second PC. SMP support and virtualization of physical memory. Intel CPU only, newer models with unrestricted guest. Hypervisor loaded before OS (under BIOS similarly to bootkit, under UEFI as boot menu). I'm not sure whether it will be successfull or not. I will start to work on in after about 1 month if nothing more relevant appear. Such source won't be shared for public, only binaries (because high risk that somebody insane will use this technology to create ugly malware). |
|||
15 Apr 2013, 09:46 |
|
Goto page Previous 1, 2, 3 ... 8, 9, 10, 11, 12 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.