This is a plugin for the project x64_dbg. It detect win32api calls and add useful comments at found parameters for easier analysis. It supports x86 and x64. The plugin delivers a comprehensive list (3304 descriptions of functions) of function prototypes. *These were crafted by hand and RegEx, so please respect the credits and license.
It fully supports the x64 calling convention:
It even detects different argument order. Notice that the prototype is
int GetModuleFileNameW(DWORD nBufferSize,LPTSTR lpBuffer,HMODULE hModule)
but the plugin recognize the order of the arguments
Hence it knows, that in this case the argument order changed.
Due some stack emulation it is possible to analyse MingGW parameter passing to the stack
See release page for lastest compiled plugin. The source of the latest release is in the branch "stable".
This master branch may contains experimental code and the latest commits.
Make sure that you installed the "Microsoft Visual C++ 2013 Redistributatble Package". (http://www.microsoft.com/en-us/download/details.aspx?id=40784)
- auto comments on parameters for api-function
- real stack emulator for MinGW-arguments detection
- real register emulator for x64 calling convention
- supports x86 and x64 targets
- function-finder (function body, xrefs, function returns)
- case-switch detection
- "MB_OK"-like symbols
- loop-detection
- flow-heuristic against obfuscation instead of linear scanning
GLPv3