Giter Site home page Giter Site logo

therealdreg / dbgchild Goto Github PK

View Code? Open in Web Editor NEW
261.0 20.0 36.0 2.47 MB

Debug Child Process Tool (auto attach)

Home Page: https://rootkit.es/

License: Other

C++ 13.37% C 85.89% Assembly 0.52% Batchfile 0.22%
x64 x86 debugging-tool hooking x64dbg-plugin ollydbg standalone windows ntdll reversing

dbgchild's People

Contributors

mrexodia avatar mrfearless avatar nvsofts avatar therealdreg avatar upiter avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

mrexodia techlord-rce mrfearless hackmycontrolsystem nvsofts bronxc jerry-bond explife0011 fcccode rootjacker peterg75 denise-amiga upiter zhuhuibeishadiao tools-env reversetools jimpeter521 fengjixuchui baby-233 kinglyu masterscott dnangle kazuyabr marciopocebon clayne 5l1v3r1 yiivon gmh5225 1320014053 ttkko fzxcp3 debuggertechnique iulove amesianx a1swartz

dbgchild's Issues

Don't know how to use it

Failed to open the debugger debug child process
Don't know how to use it
can provide video?

OllyDbg and Immunity plugin [$3000]

Support for DbgChild can be extended to OllyDbg and Immunity debugger if so required via crowdfunding:

Bountysource

It will be like the x64dbg plugin:

x64dbg image

The money will be split amongst the following projects and contributors:

40% x64dbg
35% DbgChild
15% Contributors
10% Capstone

ERROR: ReadDirectoryChangesW - Watching: Z:\x64dbg\x32\CPIDS

When opening processwatcher.exe I get a continous loop of this errors

TID[1500] - ERROR: ReadDirectoryChangesW.
TID[1500] - Watching: Z:\x64dbg\x64\CPIDS

 TID[3892] - ERROR: ReadDirectoryChangesW.
TID[3892] - Watching: Z:\x64dbg\x32\CPIDS

 TID[1500] - ERROR: ReadDirectoryChangesW.
TID[1500] - Watching: Z:\x64dbg\x64\CPIDS

 TID[3892] - ERROR: ReadDirectoryChangesW.
TID[3892] - Watching: Z:\x64dbg\x32\CPIDS

 TID[1500] - ERROR: ReadDirectoryChangesW.
TID[1500] - Watching: Z:\x64dbg\x64\CPIDS

 TID[3892] - ERROR: ReadDirectoryChangesW.
TID[3892] - Watching: Z:\x64dbg\x32\CPIDS

 TID[1500] - ERROR: ReadDirectoryChangesW.
TID[1500] - Watching: Z:\x64dbg\x64\CPIDS

 TID[3892] - ERROR: ReadDirectoryChangesW.
TID[3892] - Watching: Z:\x64dbg\x32\CPIDS

 TID[1500] - ERROR: ReadDirectoryChangesW.
TID[1500] - Watching: Z:\x64dbg\x64\CPIDS

 TID[3892] - ERROR: ReadDirectoryChangesW.
TID[3892] - Watching: Z:\x64dbg\x32\CPIDS

I am using Windows 7 SP1 x86 right out of the box on a VirtualBox VM.
I only download x64dbg and copied the plugin inside the folder.
No logs are created.
I don't know why it shows error in the x64 folder since it is an x86 platform. I even deleted the x64 folder and it is still showing in the error.

Problem with installation

I don’t understand how to install it. it is written that you have to extract the contents of the archive in the x64dbg folder, but the contents are totally different from what is described in the readme:
It may be:
CreateProcessPatch.exe - Hook ZwCreateUserProcess (two separate exe files for x86 and x64) and loads DbgChildHookDLL.dll
DbgChildHookDLL.dll - (two separate dll files for x86 and x64) - outputs process id's to CPIDS folder
NTDLLEntryPatch.exe - Patches or unpatches LdrInitializeThunk (two separate exe files for x86 and x64)
DbgChild.dp32 - x64dbg plugin x86
DbgChild.dp64 - x64dbg plugin x64
NewProcessWatcher.exe - Watches for new child processes from the CPIDS folder
x64_post.unicode.txt - Support file
x64_pre.unicode.txt - Support file
x86_post.unicode.txt - Support file
x86_pre.unicode.txt - Support file

how can I install it as plugin for x64dbg?
Thanks for any reply.

parent process crashed

The parent process is x86, and the child process is x64. When enabled dbgchild plugin in x32dbg and spawn the child, the parent will simply crash and the debugging of both parent and child processes failed

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.