x64dbg / gleebug Goto Github PK
View Code? Open in Web Editor NEWDebugging Framework for Windows.
License: MIT License
Debugging Framework for Windows.
License: MIT License
there should be an abstract layer around dbghelp
so it is possible to add DWARF
support later. and caching, lots of caching (up to the point where the PDB files are not loaded in memory at all)
FPU, MMX, SSE, AVX registers with FPU flags and everything.
functionality for pretty-printing an address
there should be an option that automatically acquires debug privileges
have an interface to store function boundaries
write a loader to support DLL debugging directly
GleeBug/GleeBug/Debugger.Thread.cpp
Lines 42 to 56 in cd01d22
I run a test with following code, taget<void()>
always return nullptr
. So I can't use this to check if two std::function
are equal.
#include <vector>
#include <functional>
typedef std::function<void()> StepCallback;
std::vector<StepCallback> stepCallbacks;
void StepInto(const StepCallback& cbStep)
{
auto target = cbStep.target<void()>();
for (const auto& cb : stepCallbacks)
{
// always get null
if (target == cb.target<void()>())
{
puts("duplicate StepInto callback detected!");
return;
}
}
stepCallbacks.push_back(cbStep);
}
void fun1() {}
void fun2() {}
int main()
{
StepInto(fun1);
StepInto(fun1);
StepInto(fun2);
StepInto([]() {});
StepInto(std::bind([]() {}));
return 0;
}
output:
duplicate StepInto callback detected!
duplicate StepInto callback detected!
duplicate StepInto callback detected!
duplicate StepInto callback detected!
According to cppreference, the template type of target<>
seems very strict. Or there is something wrong with my test?
find references in code
maybe something like unicorn can be used for this.
should have the ability to modify the file layout, delete/reorder/modify sections, abstract access to data directories, work with overlays, serialize/deserialize a PE file
there should be tracing support (with single step/hardware breakpoint/memory breakpoint/software breakpoint) that builds up a buffer with all the useful information (modified registers, complete context, modified memory and some surrounding data)
have support for storing memory modifications so they can be reverted later
preferably with capstone
The debugger application locks up after a period of time. This does not appear to be dependent on the executable used. It happens consistently after a period of time using the debugger. The environment is VirtualBox 6.1.14 on macOS 10.15.7.
This behavior does not exist using VMWare Fusion. Is it reproducible on a different set of hardware running the same version of macOS. The operating system does not lock up. Keyboard works and ctrl-alt-delete works. Mouse is able to move, but nothing is clickable and focus does not follow the mouse. Using the keyboard to navigate to Task Manager and then ending debugger task, the mouse is still not usable. However, running the debugger again fresh gets everything working again and after that point the mouse is usable as normal.
store loaded libraries and their imports/exports also deserialize them using the class from #4 and optionally recursively deserialize their dependencies
it should be easy to add and modify modules to have a different behavior.
When I try to load an exe, it says that file not found.
When I try to load a dll, it crashes.
Let me know if that's just me, I'll try to provide more details.
memory breakpoints with a variable size window allowing for accesses in the page to be narrowed down to specific addresses (as an alternative for hardware breakpoints)
might be useful in the future.
There should be a container line threadsafe_map
and threadsafe_vector
that uses SRW locks (or critical sections for XP support).
Source code of interest: https://github.com/x64dbg/x64dbg/blob/development/src/dbg/threading.h
there should be functionality for extracting strings from raw data, easing analysis
can probably be done by injecting some code in the process and updating the CONTEXT in a way that other debuggers can JIT and resume execution on detach.
stuff like single step detection should be mitigated as well as specific anti-debug tricks (will comment here later)
Taken from x64dbg/x64dbg#388
WaitForDebugEventEx
https://msdn.microsoft.com/en-us/library/windows/desktop/mt171594(v=vs.85).aspx
documentation should highlight limitations or warnings for various functions.
have an interface for storing bookmarks on specific addresses
probably quite hard to come up for automated tests with debugging, but I think it's possible
Hi Duncan :)
So I updated x64dbg and accepted the offer to try out the new engine, GleeBug. I've used it for several hours with no apparent issues, until, at some moment, it crashed. I wasn't prepared for troubleshooting so I didn't have symbols and such, but from the location of the crash and the source code it looks like it crashed here on line 26:
GleeBug/GleeBug/Debugger.Process.cpp
Lines 24 to 26 in 9fd62da
with thread
holding a NULL pointer.
All I did was smashing F8 to step over.
That's not much, but here's a screenshot of handling the exception as a JIT debugger:
have an interface for storing label addresses
GleeBug should have support for remote usage.
mIsDebugging
determines if the context is read directly or lazilythis could be useful if people want to generate scripts, possibly also provide a functionality to repeat recorded actions
coding guidelines are very important for contributers. also document in the code why certain decisions were made so it makes the project more accessible to new collaborators
A minimal high level interface should be defined so GleeBug can be used in a cross-platform setting.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.