Разработка плагинов для x64dbg, ваши идеи

Пилил тут на днях пару плагинов, и задумался — а что вообще сейчас востребовано для x64dbg? Какие идеи есть? Накидывайте, может, что-то годное замутим =)

--- Сообщение объединено, Mar 25, 2025 ---

Ваби Саби темка

Zen Ink



Dark Japandi

 

допилить антидебаг k вмп зверью

 

не до конца понял задачу

 

Там есть фича "Сценарии" - автоматизировать бы.
Часто использую её для просмотра структур, хотя можно и полноценные скрипты писать.
В окно загружаю внешнюю txt-базу, затем в дампе на вкладку "Структуры", и указав имя\адрес получаю заполненный вариант. Вот если по импорту сразу определялся-бы список структур, которые используют функи, было-бы вообще круто. Создать такую базу для всех API конечно не реально, но хотя-бы для Kernel32.dll. Описание самих структур я медленно собираю, просто нужен их список для отлаживаемого на текущий момент софта. Например в таком виде получаю дамп РЕВ:

 

alex_dz

> допилить антидебаг k вмп зверью

Не знаю как на 64, можно сделать на 86wow, на 86 невозможно(только если транслировать код) - прямые sysenter.

 

Кстати у плагина "xAnalyzer" в папке "apis_def" есть уже готовая база для большинства системных DLL:

Code (Text):

1. [GetThreadContext]
2. 1=[ThreadHandle] hThread
3. 2=LPCONTEXT lpContext     <---------------//
4. ParamCount=2
5. Header=kernel32.h.api; windows.h.api;
6. @=GetThreadContext
7.  
8. [Module32First]
9. 1=HANDLE hSnapshot
10. 2=LPMODULEENTRY32 lpme    <---------------//
11. ParamCount=2
12. Header=kernel32.h.api; windows.h.api;
13. @=Module32First
14.  

поэтому остаётся как-то организовать проверку этих параметров функций.

 

да все банально просто - VMP палит дебуггер
сциллахайд не помогает...
https://github.com/x64dbg/ScyllaHide

 

а титанка чё?

--- Сообщение объединено, Mar 26, 2025 ---

Структуры и параметры функций думаю разные задачи =)







Вот пописулькал плагин, вроде как базовый каркас есть, осталось только алгоритмы до ума довести чтобы точные данные выводило.

 

оооо, выглядит впечатляюще - респект!
а можете скинуть скомпилированную dll\dp64 для тестов?

 

Тестить нечего,нужно доделывать с++ код еще.

 

alex_dz

Мы немного посмотрели на кл вмп, покрутил сотню за вечер семплов, пока не понятно, но точно понятно что трассы, скрипты, отладчики и прочая бытовуха не применима, впрочем как и раньше

 

могу подkинуть длл что палится

 

alex_dz,

Не нужно, всё имеется.

 

на своей 64-бит семёрке получаю наг с ошибкой длл.
ладно.. когда понадобится, я скриптом буду искать структуры по своей базе:

 

надо реелиз делать, тогда заведется
(буkвочkа D)

 

там скомпилить делов то, час на установку виртуалки и студии

 

Мне бы пригодился логгер, как в олли. Когда логирует допустим call / ret в пределах текущего модуля (или диапазона). Видел еще люди ищут подобное на реверс-ресурсах. Да, для 32 бит есть Олли (которую х32дбг так и не заменил), но для 64 бит олли не дописана.



Вот это имею ввиду. За 11+ лет вставить каких-то дедов морозов и прочую ерунду, но не сделать функционал старой олли; которую кодил 1 чел ,а не комунити как тут. Я уже молчу про анализ из коробки в Олли был круче, чем даже с "ANALyzer плагин" в х32убд

 

да.. печально что автор (Олег Ющуk) забросил 64 бит версию
но на самом деле он супер kрут!!! человеk-армия прям

Интересно чем он сейчас занят
мож kто в kурсе?

 

та это как два пальца об осфальт

Code (Text):

1. Address,Thread,Module,Instruction,Destination,DestModule,DestSymbol,Time
2. 000000014000240F,28348,test,"ret ",00000000,,"",03:59:36.043
3. 0000000140002E21,28348,test,"ret ",00000000,,"",03:59:36.060
4. 000000014000300E,28348,test,"ret ",00000000,,"",03:59:36.061
5. 000000014000300E,28348,test,"ret ",00000000,,"",03:59:36.062
6. 0000000140002071,28348,test,"ret ",00000000,,"",03:59:36.063
7. 0000000140002EDF,28348,test,"ret ",00000000,,"",03:59:36.065
8. 0000000140001EA4,28348,test,"ret ",00000000,,"",03:59:36.066
9. 00007FF819AF9C06,28348,ucrtbase,"ret ",00000000,,"",03:59:36.091
10. 0000000140002451,28348,test,"ret ",00000000,,"",03:59:36.092
11. 00007FF819DD702C,28348,kernelbase,"ret ",00000000,,"",03:59:36.094
12. 00007FF81C5A770D,28348,ntdll,"ret ",00000000,,"",03:59:36.098
13. 00007FF819DD9185,28348,kernelbase,"ret ",00000000,,"",03:59:36.098
14. 00007FF81C5DED84,28348,ntdll,"ret ",00000000,,"",03:59:36.101
15. 00007FF81C5A3804,28348,ntdll,"ret ",00000000,,"",03:59:36.101
16. 00007FF819AF0482,28348,ucrtbase,"ret ",00000000,,"",03:59:36.102
17. 00007FF819AF91FB,28348,ucrtbase,"ret ",00000000,,"",03:59:36.103
18. 000000014000244A,28348,test,"ret ",00000000,,"",03:59:36.103
19. 00007FF819AF9C17,28348,ucrtbase,"ret ",00000000,,"",03:59:36.104
20. 0000000140002EDF,28348,test,"ret ",00000000,,"",03:59:36.105
21. 00000001400020FF,28348,test,"ret ",00000000,,"",03:59:36.107
22. 000000014000280F,28348,test,"ret ",00000000,,"",03:59:36.128
23. 00007FF819DD702C,28348,kernelbase,"ret ",00000000,,"",03:59:36.131
24. 00007FF81C5A770D,28348,ntdll,"ret ",00000000,,"",03:59:36.135

Code (Text):

1. Address,Thread,Module,Instruction,Destination,DestModule,DestSymbol,Time
2. 0000000140001145,29932,test,"jmp <test.__security_init_cookie>",0000000140002364,test,"__security_init_cookie",04:05:24.230
3. 0000000140002385,29932,test,"jne test.1400023FB",00000001400023FB,test,"",04:05:24.231
4. 0000000140001DC1,29932,test,"jmp <test.__scrt_common_main_seh>",0000000140001B28,test,"__scrt_common_main_seh",04:05:24.233
5. 00000001400011D1,29932,test,"jmp <test.__scrt_initialize_crt>",0000000140002038,test,"__scrt_initialize_crt",04:05:24.233
6. 000000014000203E,29932,test,"jne test.140002047",0000000140002047,test,"",04:05:24.234
7. 000000014000119A,29932,test,"jmp <test.__isa_available_init>",0000000140002B58,test,"__isa_available_init",04:05:24.234
8. 0000000140002BB1,29932,test,"jne test.140002C0E",0000000140002C0E,test,"",04:05:24.237
9. 0000000140002BD0,29932,test,"je test.140002BFA",0000000140002BFA,test,"",04:05:24.237
10. 0000000140002BD7,29932,test,"je test.140002BFA",0000000140002BFA,test,"",04:05:24.237
11. 0000000140002BDE,29932,test,"je test.140002BFA",0000000140002BFA,test,"",04:05:24.238
12. 0000000140002BE8,29932,test,"ja test.140002C0E",0000000140002C0E,test,"",04:05:24.238
13. 0000000140002C25,29932,test,"jl test.140002C8C",0000000140002C8C,test,"",04:05:24.239
14. 0000000140002C44,29932,test,"jae test.140002C51",0000000140002C51,test,"",04:05:24.240
15. 0000000140002C54,29932,test,"jl test.140002C6F",0000000140002C6F,test,"",04:05:24.241
16. 0000000140002C77,29932,test,"jl test.140002C8C",0000000140002C8C,test,"",04:05:24.242
17. 0000000140002CBB,29932,test,"jae test.140002CD8",0000000140002CD8,test,"",04:05:24.243
18. 0000000140002CDC,29932,test,"jae test.140002E0D",0000000140002E0D,test,"",04:05:24.244
19. 0000000140002CF6,29932,test,"jae test.140002DF2",0000000140002DF2,test,"",04:05:24.245
20. 0000000140002D04,29932,test,"jne test.140002DF2",0000000140002DF2,test,"",04:05:24.245
21. 0000000140002D29,29932,test,"je test.140002D88",0000000140002D88,test,"",04:05:24.246
22. 0000000140002D5B,29932,test,"jne test.140002D8F",0000000140002D8F,test,"",04:05:24.247
23. 0000000140002D65,29932,test,"jne test.140002D88",0000000140002D88,test,"",04:05:24.247
24. 0000000140002D86,29932,test,"jmp test.140002D8F",0000000140002D8F,test,"",04:05:24.248
25. 0000000140002D93,29932,test,"jae test.140002DA1",0000000140002DA1,test,"",04:05:24.248
26. 0000000140002DA6,29932,test,"jae test.140002DF2",0000000140002DF2,test,"",04:05:24.248
27. 0000000140002DF7,29932,test,"jae test.140002E0D",0000000140002E0D,test,"",04:05:24.248
28. 0000000140001037,29932,test,"jmp <test.__scrt_stub_for_acrt_initialize>",000000014000300C,test,"__scrt_stub_for_acrt_initialize",04:05:24.250
29. 0000000140002053,29932,test,"jne test.140002059",0000000140002059,test,"",04:05:24.250
30. 0000000140001177,29932,test,"jmp <test.__scrt_stub_for_acrt_initialize>",000000014000300C,test,"__scrt_stub_for_acrt_initialize",04:05:24.251
31. 0000000140002060,29932,test,"jne test.14000206B",000000014000206B,test,"",04:05:24.251
32. 0000000140001B43,29932,test,"je test.140001C7F",0000000140001C7F,test,"",04:05:24.252
33. 00000001400011A9,29932,test,"jmp <test.__scrt_acquire_startup_lock>",0000000140001E70,test,"__scrt_acquire_startup_lock",04:05:24.252
34. 00000001400010A5,29932,test,"jmp <test.__scrt_is_ucrt_dll_in_use>",0000000140002ED4,test,"__scrt_is_ucrt_dll_in_use",04:05:24.274
35. 0000000140001E7B,29932,test,"je test.140001E9E",0000000140001E9E,test,"",04:05:24.276
36. 0000000140001E8A,29932,test,"jmp test.140001E91",0000000140001E91,test,"",04:05:24.276
37. 0000000140001E9C,29932,test,"jne test.140001E8C",0000000140001E8C,test,"",04:05:24.276
38. 0000000140001B61,29932,test,"je test.140001C8A",0000000140001C8A,test,"",04:05:24.277
39. 0000000140001B69,29932,test,"jne test.140001BB5",0000000140001BB5,test,"",04:05:24.277
40. 0000000140002F44,29932,test,"jmp qword ptr ds:[<_initterm_e>]",00007FF819AF51F0,ucrtbase,"_initterm_e",04:05:24.278

Code (Text):

1. Address,Thread,Module,Instruction,Destination,DestModule,DestSymbol,Time
2. 0000000140001DB8,14720,test,"call test.140001145",0000000140001145,test,"",04:07:18.755
3. 0000000140001B3C,14720,test,"call test.1400011D1",00000001400011D1,test,"",04:07:18.758
4. 0000000140002047,14720,test,"call test.14000119A",000000014000119A,test,"",04:07:18.759
5. 000000014000204C,14720,test,"call test.140001037",0000000140001037,test,"",04:07:18.773
6. 0000000140002059,14720,test,"call test.140001177",0000000140001177,test,"",04:07:18.774
7. 0000000140001B51,14720,test,"call test.1400011A9",00000001400011A9,test,"",04:07:18.775
8. 0000000140001E74,14720,test,"call test.1400010A5",00000001400010A5,test,"",04:07:18.776
9. 0000000140001B83,14720,test,"call <test._initterm_e>",0000000140002F44,test,"_initterm_e",04:07:18.778
10. 00007FF819AF5217,14720,ucrtbase,"call qword ptr ds:[7FF819B98B28]",00007FF819B254C0,ucrtbase,"",04:07:18.801
11. 0000000140001A03,14720,test,"call <test._set_app_type>",0000000140002F20,test,"_set_app_type",04:07:18.802
12. 0000000140001A08,14720,test,"call test.1400010EB",00000001400010EB,test,"",04:07:18.803
13. 0000000140001A0F,14720,test,"call <test._set_fmode>",0000000140002F56,test,"_set_fmode",04:07:18.803
14. 00007FF819AF91E5,14720,ucrtbase,"call ucrtbase.7FF819AF044C",00007FF819AF044C,ucrtbase,"",04:07:18.804
15. 00007FF819AF0456,14720,ucrtbase,"call qword ptr ds:[<GetLastError>]",00007FF819DD7020,kernelbase,"GetLastError",04:07:18.805
16. 00007FF819AF0464,14720,ucrtbase,"call qword ptr ds:[<FlsGetValue>]",00007FF819DD9150,kernelbase,"FlsGetValue",04:07:18.805
17. 00007FF819DD9164,14720,kernelbase,"call qword ptr ds:[<RtlFlsGetValue>]",00007FF81C5A76B0,ntdll,"RtlFlsGetValue",04:07:18.806
18. 00007FF819AF046F,14720,ucrtbase,"call qword ptr ds:[<SetLastError>]",00007FF81C5A37C0,ntdll,"RtlRestoreLastWin32Error",04:07:18.809
19. 00007FF81C5A37FB,14720,ntdll,"call ntdll.7FF81C5DED70",00007FF81C5DED70,ntdll,"",04:07:18.811
20. 0000000140001A14,14720,test,"call test.1400010CD",00000001400010CD,test,"",04:07:18.813
21. 0000000140001A1B,14720,test,"call <test.__p__commode>",0000000140002F86,test,"__p__commode",04:07:18.814
22. 0000000140001A27,14720,test,"call test.140001073",0000000140001073,test,"",04:07:18.814
23. 0000000140002096,14720,test,"call test.1400010A5",00000001400010A5,test,"",04:07:18.815
24. 0000000140001A30,14720,test,"call test.1400010FF",00000001400010FF,test,"",04:07:18.819
25. 0000000140001A3C,14720,test,"call test.1400010AF",00000001400010AF,test,"",04:07:18.842
26. 00000001400022C4,14720,test,"call test.140001046",0000000140001046,test,"",04:07:18.843
27. 0000000140002267,14720,test,"call <test._crt_atexit>",0000000140002FA4,test,"_crt_atexit",04:07:18.844
28. 00007FF819AF4424,14720,ucrtbase,"call qword ptr ds:[<GetLastError>]",00007FF819DD7020,kernelbase,"GetLastError",04:07:18.845
29. 00007FF819AF4432,14720,ucrtbase,"call qword ptr ds:[<FlsGetValue>]",00007FF819DD9150,kernelbase,"FlsGetValue",04:07:18.846
30. 00007FF819DD9164,14720,kernelbase,"call qword ptr ds:[<RtlFlsGetValue>]",00007FF81C5A76B0,ntdll,"RtlFlsGetValue",04:07:18.847
31. 00007FF819AF443D,14720,ucrtbase,"call qword ptr ds:[<SetLastError>]",00007FF81C5A37C0,ntdll,"RtlRestoreLastWin32Error",04:07:18.851
32. 00007FF81C5A37FB,14720,ntdll,"call ntdll.7FF81C5DED70",00007FF81C5DED70,ntdll,"",04:07:18.853

для 32bit также нормально работает

Code (Text):

1. Address,Thread,Module,Instruction,Destination,DestModule,DestSymbol,Time
2. 00401D9E,26280,test,"call test.401208",00401208,test,"",04:28:58.680
3. 00401B51,26280,test,"call test.401078",00401078,test,"",04:28:58.684
4. 00401B58,26280,test,"call test.401190",00401190,test,"",04:28:58.687
5. 00401F8B,26280,test,"call test.4010EB",004010EB,test,"",04:28:58.689
6. 004029BD,26280,test,"call dword ptr ds:[<IsProcessorFeaturePresent>]",7626C120,kernel32,"IsProcessorFeaturePresent",04:28:58.690
7. 00401F90,26280,test,"call test.401172",00401172,test,"",04:28:58.726
8. 00401F9D,26280,test,"call test.401177",00401177,test,"",04:28:58.727
9. 00401B6F,26280,test,"call test.4011B3",004011B3,test,"",04:28:58.729
10. 00401E46,26280,test,"call test.4010E6",004010E6,test,"",04:28:58.730
11. 00401B9B,26280,test,"call <test.__initterm_e>",004031ED,test,"__initterm_e",04:28:58.734
12. 00401A4C,26280,test,"call <test.__set_app_type>",004031C9,test,"__set_app_type",04:28:58.787
13. 00401A51,26280,test,"call test.40107D",0040107D,test,"",04:28:58.788
14. 00401A57,26280,test,"call <test.__set_fmode>",004031FF,test,"__set_fmode",04:28:58.789
15. 00401A5C,26280,test,"call test.4010A5",004010A5,test,"",04:28:58.803
16. 00401A63,26280,test,"call <test.___p__commode>",0040322F,test,"___p__commode",04:28:58.804
17. 00401A6C,26280,test,"call test.4010B9",004010B9,test,"",04:28:58.805
18. 00401FDF,26280,test,"call test.4010E6",004010E6,test,"",04:28:58.807
19. 00401A7B,26280,test,"call test.401005",00401005,test,"",04:28:58.811
20. 00401A85,26280,test,"call test.401104",00401104,test,"",04:28:58.873
21. 004021E2,26280,test,"call test.40111D",0040111D,test,"",04:28:58.874
22. 00402188,26280,test,"call <test.__crt_atexit>",0040324D,test,"__crt_atexit",04:28:58.875
23. 00401A8A,26280,test,"call test.401181",00401181,test,"",04:28:59.116
24. 00401A90,26280,test,"call <test.__configure_narrow_argv>",004031D5,test,"__configure_narrow_argv",04:28:59.117
25. 00401A9B,26280,test,"call test.40104B",0040104B,test,"",04:29:01.976
26. 004022CE,26280,test,"call dword ptr ds:[<InitializeSListHead>]",7704CB80,ntdll,"RtlInitializeSListHead",04:29:01.977
27. 00401AA0,26280,test,"call test.401118",00401118,test,"",04:29:01.978
28. 00401AB4,26280,test,"call test.4011F9",004011F9,test,"",04:29:01.979
29. 00401AB9,26280,test,"call test.401023",00401023,test,"",04:29:01.980
30. 00401ABE,26280,test,"call test.4011D6",004011D6,test,"",04:29:01.980
31. 004022F6,26280,test,"call <test.__controlfp_s>",00403259,test,"__controlfp_s",04:29:01.981
32. 00401AC3,26280,test,"call test.401168",00401168,test,"",04:29:01.996
33. 00401AC9,26280,test,"call <test.__configthreadlocale>",00403223,test,"__configthreadlocale",04:29:01.997
34. 00401ACF,26280,test,"call test.4011B8",004011B8,test,"",04:29:02.019
35. 00401AD8,26280,test,"call <test.__initialize_narrow_environment>",004031DB,test,"__initialize_narrow_environment",04:29:02.020
36. 00401ADD,26280,test,"call test.40116D",0040116D,test,"",04:29:02.033
37. 00401AE2,26280,test,"call test.401122",00401122,test,"",04:29:02.034
38. 00401B1E,26280,test,"call test.4010CD",004010CD,test,"",04:29:02.085
39. 0040231F,26280,test,"call test.4011C2",004011C2,test,"",04:29:02.085
40. 0040232D,26280,test,"call test.4011EA",004011EA,test,"",04:29:02.086
41. 00401BC1,26280,test,"call <test.__initterm>",004031E7,test,"__initterm",04:29:02.137
42. 00401B28,26280,test,"call test.4011DB",004011DB,test,"",04:29:02.180
43. 00402554,26280,test,"call dword ptr ds:[<SetUnhandledExceptionFilter>]",7626D360,kernel32,"SetUnhandledExceptionFilter",04:29:02.181
44. 00401B2D,26280,test,"call test.4010C3",004010C3,test,"",04:29:02.741
45. 00401B33,26280,test,"call <test.__set_new_mode>",00403229,test,"__set_new_mode",04:29:02.742
46. 00401BDC,26280,test,"call test.4010D2",004010D2,test,"",04:29:02.800
47. 00402126,26280,test,"call test.4010E6",004010E6,test,"",04:29:02.801
48. 00401BE2,26280,test,"call test.40102D",0040102D,test,"",04:29:02.804
49. 00401C0A,26280,test,"call test.40101E",0040101E,test,"",04:29:02.805
50. 00401C28,26280,test,"call <test.__get_initial_narrow_environment>",004031E1,test,"__get_initial_narrow_environment",04:29:02.806
51. 00401C2F,26280,test,"call <test.___p___argv>",0040320B,test,"___p___argv",04:29:02.807
52. 00401C36,26280,test,"call <test.___p___argc>",00403205,test,"___p___argc",04:29:02.808
53. 00401C3F,26280,test,"call test.4011A9",004011A9,test,"",04:29:02.809
54. 0040198B,26280,test,"call test.401073",00401073,test,"",04:29:02.810
55. 00401A17,26280,test,"call dword ptr ds:[<__acrt_iob_func>]",75C30490,ucrtbase,"__acrt_iob_func",04:29:02.810
56. 00401A29,26280,test,"call test.4011C2",004011C2,test,"",04:29:02.812
57. 00401A33,26280,test,"call dword ptr ds:[<__stdio_common_vfprintf>]",75C37D90,ucrtbase,"__stdio_common_vfprintf",04:29:02.813
58. 00401997,26280,test,"call test.401073",00401073,test,"",04:29:03.913
59. 00401A17,26280,test,"call dword ptr ds:[<__acrt_iob_func>]",75C30490,ucrtbase,"__acrt_iob_func",04:29:03.914
60. 00401A29,26280,test,"call test.4011C2",004011C2,test,"",04:29:03.916
61. 00401A33,26280,test,"call dword ptr ds:[<__stdio_common_vfprintf>]",75C37D90,ucrtbase,"__stdio_common_vfprintf",04:29:03.920
62. 004019A8,26280,test,"call test.401073",00401073,test,"",04:29:04.362
63. 00401A17,26280,test,"call dword ptr ds:[<__acrt_iob_func>]",75C30490,ucrtbase,"__acrt_iob_func",04:29:04.363
64. 00401A29,26280,test,"call test.4011C2",004011C2,test,"",04:29:04.365
65. 00401A33,26280,test,"call dword ptr ds:[<__stdio_common_vfprintf>]",75C37D90,ucrtbase,"__stdio_common_vfprintf",04:29:04.366
66. 004019AD,26280,test,"call test.4011E0",004011E0,test,"",04:29:04.898
67. 0040151E,26280,test,"call test.401073",00401073,test,"",04:29:04.899
68. 00401A17,26280,test,"call dword ptr ds:[<__acrt_iob_func>]",75C30490,ucrtbase,"__acrt_iob_func",04:29:04.900
69. 00401A29,26280,test,"call test.4011C2",004011C2,test,"",04:29:04.902
70. 00401A33,26280,test,"call dword ptr ds:[<__stdio_common_vfprintf>]",75C37D90,ucrtbase,"__stdio_common_vfprintf",04:29:04.903
71. 00401530,26280,test,"call test.401073",00401073,test,"",04:29:05.811
72. 00401A17,26280,test,"call dword ptr ds:[<__acrt_iob_func>]",75C30490,ucrtbase,"__acrt_iob_func",04:29:05.812
73. 00401A29,26280,test,"call test.4011C2",004011C2,test,"",04:29:05.814
74. 00401A33,26280,test,"call dword ptr ds:[<__stdio_common_vfprintf>]",75C37D90,ucrtbase,"__stdio_common_vfprintf",04:29:05.814
75. 00401566,26280,test,"call test.401082",00401082,test,"",04:29:06.308
76. 00401588,26280,test,"call test.401082",00401082,test,"",04:29:06.311
77. 004015AA,26280,test,"call test.401082",00401082,test,"",04:29:06.315
78. 004015CC,26280,test,"call test.401082",00401082,test,"",04:29:06.319
79. 004015EC,26280,test,"call test.401073",00401073,test,"",04:29:06.323
80. 00401A17,26280,test,"call dword ptr ds:[<__acrt_iob_func>]",75C30490,ucrtbase,"__acrt_iob_func",04:29:06.324
81. 00401A29,26280,test,"call test.4011C2",004011C2,test,"",04:29:06.326
82. 00401A33,26280,test,"call dword ptr ds:[<__stdio_common_vfprintf>]",75C37D90,ucrtbase,"__stdio_common_vfprintf",04:29:06.327
83. 00401619,26280,test,"call test.401073",00401073,test,"",04:29:06.831
84. 00401A17,26280,test,"call dword ptr ds:[<__acrt_iob_func>]",75C30490,ucrtbase,"__acrt_iob_func",04:29:06.832
85. 00401A29,26280,test,"call test.4011C2",004011C2,test,"",04:29:06.834
86. 00401A33,26280,test,"call dword ptr ds:[<__stdio_common_vfprintf>]",75C37D90,ucrtbase,"__stdio_common_vfprintf",04:29:06.835
87. 00401625,26280,test,"call test.40109B",0040109B,test,"",04:29:07.407
88. 00401646,26280,test,"call test.401073",00401073,test,"",04:29:07.411
89. 00401A17,26280,test,"call dword ptr ds:[<__acrt_iob_func>]",75C30490,ucrtbase,"__acrt_iob_func",04:29:07.411
90. 00401A29,26280,test,"call test.4011C2",004011C2,test,"",04:29:07.413
91. 00401A33,26280,test,"call dword ptr ds:[<__stdio_common_vfprintf>]",75C37D90,ucrtbase,"__stdio_common_vfprintf",04:29:07.414
92. 00401669,26280,test,"call test.40109B",0040109B,test,"",04:29:08.324
93. 00401681,26280,test,"call test.401073",00401073,test,"",04:29:08.329
94. 00401A17,26280,test,"call dword ptr ds:[<__acrt_iob_func>]",75C30490,ucrtbase,"__acrt_iob_func",04:29:08.329
95. 00401A29,26280,test,"call test.4011C2",004011C2,test,"",04:29:08.331
96. 00401A33,26280,test,"call dword ptr ds:[<__stdio_common_vfprintf>]",75C37D90,ucrtbase,"__stdio_common_vfprintf",04:29:08.332
97. 004016A4,26280,test,"call test.40109B",0040109B,test,"",04:29:09.051
98. 004016C4,26280,test,"call test.401073",00401073,test,"",04:29:09.056
99. 00401A17,26280,test,"call dword ptr ds:[<__acrt_iob_func>]",75C30490,ucrtbase,"__acrt_iob_func",04:29:09.057
100. 00401A29,26280,test,"call test.4011C2",004011C2,test,"",04:29:09.058
101. 00401A33,26280,test,"call dword ptr ds:[<__stdio_common_vfprintf>]",75C37D90,ucrtbase,"__stdio_common_vfprintf",04:29:09.059
102. 004016E5,26280,test,"call test.401073",00401073,test,"",04:29:09.979
103. 00401A17,26280,test,"call dword ptr ds:[<__acrt_iob_func>]",75C30490,ucrtbase,"__acrt_iob_func",04:29:09.980
104. 00401A29,26280,test,"call test.4011C2",004011C2,test,"",04:29:09.982
105. 00401A33,26280,test,"call dword ptr ds:[<__stdio_common_vfprintf>]",75C37D90,ucrtbase,"__stdio_common_vfprintf",04:29:09.983
106. 00401713,26280,test,"call test.401159",00401159,test,"",04:29:10.459
107. 00401735,26280,test,"call test.401159",00401159,test,"",04:29:10.462
108. 00401757,26280,test,"call test.401159",00401159,test,"",04:29:10.465
109. 00401779,26280,test,"call test.401159",00401159,test,"",04:29:10.469
110. 004017A0,26280,test,"call test.401082",00401082,test,"",04:29:10.473
111. 004017C2,26280,test,"call test.40109B",0040109B,test,"",04:29:10.476
112. 004017E7,26280,test,"call test.401159",00401159,test,"",04:29:10.479
113. 0040181B,26280,test,"call test.401073",00401073,test,"",04:29:10.484
114. 00401A17,26280,test,"call dword ptr ds:[<__acrt_iob_func>]",75C30490,ucrtbase,"__acrt_iob_func",04:29:10.484
115. 00401A29,26280,test,"call test.4011C2",004011C2,test,"",04:29:10.486
116. 00401A33,26280,test,"call dword ptr ds:[<__stdio_common_vfprintf>]",75C37D90,ucrtbase,"__stdio_common_vfprintf",04:29:10.487
117. 00401830,26280,test,"call test.401073",00401073,test,"",04:29:10.798
118. 00401A17,26280,test,"call dword ptr ds:[<__acrt_iob_func>]",75C30490,ucrtbase,"__acrt_iob_func",04:29:10.799
119. 00401A29,26280,test,"call test.4011C2",004011C2,test,"",04:29:10.801
120. 00401A33,26280,test,"call dword ptr ds:[<__stdio_common_vfprintf>]",75C37D90,ucrtbase,"__stdio_common_vfprintf",04:29:10.802
121. 00401840,26280,test,"call test.401073",00401073,test,"",04:29:11.128
122. 00401A17,26280,test,"call dword ptr ds:[<__acrt_iob_func>]",75C30490,ucrtbase,"__acrt_iob_func",04:29:11.129
123. 00401A29,26280,test,"call test.4011C2",004011C2,test,"",04:29:11.131
124. 00401A33,26280,test,"call dword ptr ds:[<__stdio_common_vfprintf>]",75C37D90,ucrtbase,"__stdio_common_vfprintf",04:29:11.132
125. 004019C5,26280,test,"call test.401073",00401073,test,"",04:29:11.464
126. 00401A17,26280,test,"call dword ptr ds:[<__acrt_iob_func>]",75C30490,ucrtbase,"__acrt_iob_func",04:29:11.465
127. 00401A29,26280,test,"call test.4011C2",004011C2,test,"",04:29:11.467
128. 00401A33,26280,test,"call dword ptr ds:[<__stdio_common_vfprintf>]",75C37D90,ucrtbase,"__stdio_common_vfprintf",04:29:11.469
129. 004019CF,26280,test,"call test.401073",00401073,test,"",04:29:11.680
130. 00401A17,26280,test,"call dword ptr ds:[<__acrt_iob_func>]",75C30490,ucrtbase,"__acrt_iob_func",04:29:11.681
131. 00401A29,26280,test,"call test.4011C2",004011C2,test,"",04:29:11.683
132. 00401A33,26280,test,"call dword ptr ds:[<__stdio_common_vfprintf>]",75C37D90,ucrtbase,"__stdio_common_vfprintf",04:29:11.684
133. 004019DC,26280,test,"call test.401073",00401073,test,"",04:29:11.818
134. 00401A17,26280,test,"call dword ptr ds:[<__acrt_iob_func>]",75C30490,ucrtbase,"__acrt_iob_func",04:29:11.819
135. 00401A29,26280,test,"call test.4011C2",004011C2,test,"",04:29:11.821
136. 00401A33,26280,test,"call dword ptr ds:[<__stdio_common_vfprintf>]",75C37D90,ucrtbase,"__stdio_common_vfprintf",04:29:11.822
137. 00401C49,26280,test,"call test.4011BD",004011BD,test,"",04:29:12.350
138. 004024FF,26280,test,"call dword ptr ds:[<GetModuleHandleW>]",7626C7F0,kernel32,"GetModuleHandleW",04:29:12.351
139. 00401CBE,26280,test,"call <test._exit>",004031F3,test,"_exit",04:29:12.356
140.  

--- Сообщение объединено, Mar 29, 2025 at 7:57 AM ---

Если будет мало шагов для трассировки, увеличивайте значение в коде DbgCmdExec("TraceIntoConditional 0,50000.....
с 50к на подходящее)

Позже в окно настроек выведу, чтобы удобнее было.

--- Сообщение объединено, Mar 29, 2025 at 12:19 PM ---

Думаю на свой вкус уже можно подгонять)

 

А жив ли он? За эти годы (аккурат с 2014, когда он пропал) столько ушло..
pr0mix тоже пропал +- в те же годы, его жаль очень.

galenkane, спасибо, полезная вещь; буду тестить, на хелловорде отработало хорошо.

--- Сообщение объединено, Mar 29, 2025 at 7:46 PM ---

[InstrLogger] IsTracingAvailable: Debugger is running, not paused
[InstrLogger] Tracing is not available at this time
[InstrLogger] Tracing is not available. Make sure you are debugging an application.

Почему так? Я присоединяюсь к программе, ставлю паузу и включаю, но не идет. Без паузы тоже не идет.