New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Assembly instructions behave differently as assembly instructions and as debugger commands #2108

Open
yangbowen opened this Issue Jan 22, 2019 · 1 comment

Comments

Projects
None yet
2 participants
@yangbowen
Copy link

yangbowen commented Jan 22, 2019

Some assembly instructions that are valid commands behave differently when entered as a command and when executed as an assembly instruction. For example, the following
mov ecx, [rsp+18]
clears the high 32 bits of RCX when executed as an assembly instruction, but leaves the high 32 bits of rcx unmodified when executed as a debugger command.
If this behaviour is intended, it probably should be mentioned in the help.

Debugger version: Jan 20 2019
OS version: Windows 10 Pro x64 Build 18305

Reproduction steps:
Simply debug an x64 process, modify RCX so that the high 32-bits are not 0, choose an arbitrary value in the stack and decide the instruction. First, enter the command in the command bar at the bottom and execute the command. The low 32-bits of RCX will be written, but the high 32-bits will remain unchanged, Next, use the "assemble" menu command to assemble the instruction and step through it. The high 32-bits of RCX will be cleared.

@mrexodia

This comment has been minimized.

Copy link
Member

mrexodia commented Jan 22, 2019

The script commands are not meant to behave like asm commands, just look like them (for example they also don't update the flags in the native context either for obvious reasons). If you want to write a 32 bit value to rcx you probably should just write rcx = 0x12345 🙂

There is some documentation, but this behavior has been like this since the very first release (before I knew what x64 does to 32 bit registers honestly) so I'm reluctant to change it. Feel free to update the documentation to clarify this: https://github.com/x64dbg/docs/blob/master/introduction/Input.md

If you'd like to add your own script handler you can do so with GuiRegisterScriptLanguage. You could quite easily use this to have a repl-like interface that emulates asm instructions in the native context.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment