type struct parsing enhancements #1305

stonedreamforest opened this Issue Nov 29, 2016 · 10 comments


None yet

2 participants

stonedreamforest commented Nov 29, 2016 edited

a. if .h have #pragma once the "struct" error:line 1, col 1: unexpected character '#'

b. if .h have array[0x50-0x30](or array[0x50*0x30]/array[0x50+0x30]/array[(0x50*0x30)/4]) the "struct" error:[line 78:5] expected ], got - or expected number token or other errors

c. if .h have

typedef int( __fastcall *ExampleFunction )(char *arg1 , int arg2);  //or __stdcall or __thiscall
struct ExampleStruct {
	ExampleFunction			Fun;		//...

error [line 1:7] token ( is not a type...

d. if ialt+f2 the “struct windows” not clear

r. if i chang.hstruct the “struct windows” not refresh. i already usef5and load .h again

f. if i had parse.hthe x64dbg did not remember it

g. the "struct wiodnws" value option can't display hex(i hope can Select a particular item display dec or hex

h. the "struct wiodnws" have not real-time update

i. var type can't surport __int64(or __int32 __int16\PVOID\UINT32\QWORD )and more...

suggestion: surport include other header file. for example:

//sys header
#include "windows.h"
#include "windns.h"
#include <winsock.h>
#include <emmintrin.h>
#include "xmmintrin.h"
#include <math.h>

//user header
#include "ExampleHeader1.H"		
#include "ExampleHeader2.H"		
#include "ExampleHeader3.H"	

if first attach exe(or breakpoint) the stack windows not Refresh

such as address “0x0000000064632180
i set first memory breakpoint suncess
but i set secnond memory breakpoint at address “0x0000000064632188” failed
error :Memory breakpoint already set!

mrexodia commented Nov 29, 2016 edited

1a. There are no plans to support #pragma directives.
1b. There are no plans to support constant expression optimizations or any kind of expressions.
1c. I will eventually add support for function definitions, for now use void*.
1d. That is a good point, it will be adjusted.
1r. The refresh button will not reload any kind of files from disk (in fact the original location is not remembered) it is only used to refresh the values displayed.
1f. For now you can add a global initialization script that calls the ParseTypes command for all scripts you want to load on start.
1g. This is planned, currently I chose the most sensible defaults but probably I'll change them to display multiple types and eventually you can choose your own display type.
1h. For now this is avoided because it might take a lot of processing power for no reason, you can use F5 to manually refresh.
1i. You can use typedef int64_t __int64; to define your own types. Here you can see the primitive types supported or you can use EnumTypes.
1j. You have to use a C preprocessor. See here or here for more information. I have no plans to write a preprocessor myself.
2. I opened a separate issue, see #1306.
3. This is not a bug you can place memory breakpoints on (a multiple of) 0x1000 pages only.

@mrexodia mrexodia changed the title from problem to struct parsing enhancements Nov 29, 2016
stonedreamforest commented Nov 30, 2016 edited

if .h have "struct" for Example:

struct ExampleStruct{
	bool a;

now, i add new var:

struct ExampleStruct
	bool a;
	int	b;		//new


struct ExampleStruct
	int a;	//chang here (chang type or var name)

reload .h ->parse header ->visit type->.....

the struct windows not chang(add var or chang type or chang name) .
it must exit x64dbg can success

you can try it

## new problem:

a. if .h had

struct ExampleStruct
	int a;	
	int b;
	ExampleStruct	 ExaStr;		//be ignored
	ExampleStruct 	*pExaStr;

the third var be ignored

b. if struct too biggerit make parse too slower

mrexodia commented Nov 30, 2016 edited

However, I will check it out...

Okay I forgot to clear all types from my.h before ParseTypes that should be fixed now. About nested types, just don't do it. It will mess up.

@mrexodia mrexodia added a commit that referenced this issue Nov 30, 2016
@mrexodia mrexodia DBG: fixed ParseTypes reload error #1305 5e2ab48
@mrexodia mrexodia added a commit that referenced this issue Nov 30, 2016
@mrexodia mrexodia DBG+GUI: fixed some small issues with types #1309 #1305 2305b3a
stonedreamforest commented Dec 1, 2016 edited

char often display error if too bigger or too small

struct ExampleStruct
	char	ExampleChar[10];

i think int8_t/int8/char/signed char .... ->can display this:

struct windows:
ExampleChar[10] = "abcdefg";

   char ExampleChar[10]			00000000002af9f8			0XA			"abcdefg"
		ExampleChar[0]													97 'a'		// 97(dec) can dispaly hex
		ExampleChar[1]													98 'b'	
		ExampleChar[2]													99 'c'	
		ExampleChar[3]													100 'd'	
		ExampleChar[4]													101 'e'	
		ExampleChar[5]													102 'f'	
		ExampleChar[6]													103 'g'	
		ExampleChar[7]													0 '\0'	
		ExampleChar[8]													0 '\0'	
		ExampleChar[9]													0 '\0'	

you can refer to visual studio.


i write a union:

union UnionTest64 {
	int8_t			_pchar[8];
	uint8_t			_puchar[8];
	int16_t			_pshort[4];
	uint16_t		_pushort[4];
	int32_t			_pint[2];
	uint32_t		_puint[2];
	float			_pfloat[2];
	double			_double;
	int64_t			_ll64;

and struct:

struct ExampleStruct
	UnionTest64 u;

the addrss is error 👎

the right adress:

	int8_t			_pchar[ 8 ];	//address:	1EFDFD0
	uint8_t			_puchar[ 8 ];	//address:	1EFDFD0
	int16_t			_pshort[ 4 ];	//address:	1EFDFD0
	uint16_t		_pushort[ 4 ];	//address:	1EFDFD0
	int32_t			_pint[ 2 ];		//address:	1EFDFD0
	uint32_t		_puint[ 2 ];	//address:	1EFDFD0
	float			_pfloat[ 2 ];	//address:	1EFDFD0
	double			_double;		//address:	1EFDFD0
	int64_t			_int64;			//address:	1EFDFD0
@mrexodia mrexodia added a commit that referenced this issue Dec 1, 2016
@mrexodia mrexodia DBG: various improvements with types #1305 6f51d06
mrexodia commented Dec 1, 2016

some improvements have been made. visiting types should also be much much faster now...

mrexodia commented Dec 1, 2016

Also, thanks for your feedback!


Faster than before
but i test use:

struct ExampleStruct
	int8_t array[0x10000];

still very slow....

mrexodia commented Dec 1, 2016
stonedreamforest commented Dec 1, 2016 edited

and this:

struct ExampleStruct
	UnionTest64 u;	//right address: 00007FFC23435574
	UnionTest64 u1;	//right address: 00007FFC2343557c	+0x8
	UnionTest64 u2;	//right address: 00007FFC23435584	+0x8

i think list display like this:



@mrexodia mrexodia changed the title from struct parsing enhancements to type struct parsing enhancements Dec 11, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment