New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature Request: the disassembled result to log window #1939

Open
marunguy opened this Issue May 1, 2018 · 5 comments

Comments

Projects
None yet
5 participants
@marunguy

marunguy commented May 1, 2018

  • Apr 5 2018
  • Windows 8.1 64bit

I posted a question at google groups a few days ago, but I have no answer.
https://groups.google.com/forum/#!topic/x64dbg/lFrbKW3DxaY

Is there the command to ouput the disassembled result to log window?

The disasm command don't output the disassembled result to log window.
http://help.x64dbg.com/en/latest/commands/gui/disasm.html

In windbg, u command display the disassembled result to log window.

0:000> u USER32!GetMessageW
USER32!GetMessageW:
00007ff8`026f2660 fff3            push    rbx
00007ff8`026f2662 4883ec20        sub     rsp,20h
00007ff8`026f2666 418bc0          mov     eax,r8d
00007ff8`026f2669 458bd1          mov     r10d,r9d
00007ff8`026f266c 488bd9          mov     rbx,rcx
00007ff8`026f266f 410bc1          or      eax,r9d
00007ff8`026f2672 a90000feff      test    eax,0FFFE0000h
00007ff8`026f2677 0f8503700500    jne     USER32!GetMessageW+0x57020 (00007ff8`02749680)
@torusrxxx

This comment has been minimized.

Member

torusrxxx commented May 1, 2018

@marunguy

This comment has been minimized.

marunguy commented May 1, 2018

Copy your selection and paste in log.

Thank you for your reply.

I often analyze the app hooked by security solutions.
Some Win32 apis -CreateFileW, NtOpenFile ...- are hooked many times by security solutions.
Also the first partes of these apis are changed.

When trace these changes, it is very inconvenient to stop at breakpoints every time.
So, I like to use Log Text and Command Text in Edit Breakpint Dialog.
It is efficient to output it to the log window and analyze it.

I can use the log command, of course, but it is not easy to read and compare the outputs.

log "{mem;10@USER32.GetMessageW}"
FFF34883EC20418BC0458BD1488BD941
@mrexodia

This comment has been minimized.

Member

mrexodia commented May 1, 2018

You can use the log string “{i:cip}” to log a single instruction if that’s what you mean.

As for the Google group, I saw the email but I’m really busy moving these days :) in general Github is a better place to post though...

@blaquee

This comment has been minimized.

Contributor

blaquee commented May 1, 2018

I like this idea, it seems like something that can be done with a plugin too. @mrexodia can output be formatted in the log window?

@IssuehuntBot

This comment has been minimized.

IssuehuntBot commented Jun 29, 2018

@0maxxam0 funded this issue with $2. Visit this issue on Issuehunt

@mrexodia mrexodia added the feature label Jul 1, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment