When CTRL+F2 to restart, x32dbg crashed. And I attached the crashed x32dbg, maybe found the problem: Firstly check the crashed thread, the stack is: the source code is:

Secondly, check all thread stack which may do stuff with static CRITICAL_SECTION criticalSection;, I found in the main thread: and the source code is: So, that's maybe the problem.

@mrexodia I'm try to run program with long line parameters throw "InitDbg" command. But fail to run because of 1024 symbols limit. How can I extend command line length limit? My command line is about 2500 symbols

This is an old CTF (crackme). I was using x64DBG to try and see if I could get as much info from this debugger as I could IDA Pro (v6.8). Unfortunately, loading the EXE from within the debugger causes it to hang. The only thing I can see is at the very bottom of the debugger UI which states, "System breakpoint reached!". Only option is the force-close the debugger.

https://ctftime.org/task/834

Debugger version: x32dbg v25 (Compiled on: Feb 28 2017, 05:07:48)

Operating system version and Service Pack (including 32 or 64 bits): Windows 7 x64 Service Pack 1

Brief description of the issue:

When setting a breakpoint on a function (INT3 software breakpoint) and clicking submit on the debugee in order to trigger the breakpoint, x32dbg hangs completely. I can't click anything and if I can't minimize/maximize it. I can tell all input has stopped because my volume keys stop working.

Elaborate reproduction steps for the bug/issue being reported:

• Start byond.exe
• Attach to byond.exe
• Set a breakpoint on DungPager::Login (exported subroutine)
• Go back to debugee and login with an account

In x32dbg, the 80bit (extended) value 3FFF8CCCCCCCCCCCCD00 is displayed incorrectly as 3.100000000000000089. The correct value is 1.1000000000000000060. The problem is bit 10, 3FFF8CCCCCCCCCCCCB00 works OK.

Operating System

Windows 11 64bit, build 22000

x64dbg Version

May 14 2022

Describe the issue

Toolbars and many other controls are not scaled correctly. Also, tweaking the program's compatibility configuration doesn't help.

Commit a031e03.

Steps to reproduce

Simply run x64dbg

Attachments

What it looks like for version 2022.05.14 at 200% scale.

And for old version

This issue is extremely hard to reproduce, but does not really impact x64dbg since it only happens on exit. You lose the changed INI settings, but the database should be saved correctly.

Environmental notes:

• Windows 8.1 x64
• Happened to me in lots of x64dbg versions
• x64dbgpy
• I have Wacom_Tablet.dll driver installed (for Wacom Intuos Manga), but the thing is not plugged in. Also includes Wintab32.dll
• Start8_64.dll is also loaded
• Working from total commander

Reproduction (somewhat consistent, but takes a few tries):

• download AdR.Samples.NativeCallingCLR.ClrAssembly.dll
• Right click -> open in x64dbg
• Try to close x64dbg as fast as possible
• It will crash with 0xC0020043 RPC_NT_INTERNAL_ERROR

Some analysis results:

• RpcReportFatalError throws this exception when certain asserts are triggered in LRPC_CASSOCIATION::IoCompleted (rpcrt4.dll)
• Actual problem: STATUS_INVALID_HANDLE is returned from NtAlpcSendWaitReceivePort (this might actually be STATUS_OBJECT_TYPE_MISMATCH instead)
• WinDbg completely messes up the call stack and leads you to Ndr64SystemHandleBufferSize which is not at all relevant
• Lots of threads are just waiting around (and loads of them inside RpcpReportFatalErrorExceptionFilter!)
• One of the threads is chilling in msvcr90.dll!free, called from x64dbgpy but I think this is just random.
• There appears to be a thread with qt5network
• RPC error also happened: 0xC0000008

I've only been able to check some of the snapshots to confirm that the source view doesn't show any code since after the 2016-05-16 snapshot - I don't have 17-20th to check/verify, the next snapshots i have are 21st, 23rd, 24th and 25th of May and source view doesn't show anything in this. Last version i have that does show source view code is 16th May.

Trace record is the next major feature I'd like to introduce. When enabled on a page/module, it will record any location the executable have accessed/executed, and show they with different color in disassambly so you know you've been there before. It works only if you're stepping and no exception or thread switching occurs.

Here's highlighting ecx:

See how it difficult to notice and the color is similar to "rbp". Before it was a red underline, much more visible. Please revert. Thanks.

This allows selecting multiple rows in e. g. the Breakpoints view without having to use the mouse.

New hotkeys:

• Select all: (ctrl+a)
• Select first row (ctrl+home)
• Select last row (ctrl+end)
• Expand selection upwards (shift+up)
• Expand selection downwards (shift+down)

Related issue: #1304

Feature type

Debugging

Describe the feature

I need to find all constant values in code, not a specific value. searching in the range of 2 values also maybe very useful.

Feature type

Other

Describe the feature

I want to deselect all red-marked patches, as they are a lot !, and leave the white marked ones. It is very time consuming and frustrating searching for them manually.

Alternatively, to have an option tp export the white-marked ones only.

Feature type

Quality of life

Describe the feature

Since import/export patches functionality already exists, it would be so nice to have them to be auto imported when reloading certain binaries

As a suggestion, maybe an option appears when you right click on the module in left side that says "Auto reload patches" or something like that

And for auto saving the "module_name.1337" (patches file) that's needed for auto reload feature, I think "./db" directory is a good place for it.

I wish I knew c++ and qt to try implement this, I really hope that this feature or similar to it gets added.

Thank you for x64dbg.

Operating System

Windows 7

x64dbg Version

Dec 6 2022

Describe the issue

It is found that when the parameter ≥ 512 will overflow and display as blank

Steps to reproduce

1. print("A"*512)
2. setjit use the value[print("A"*512)] setjit AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA At this point the value has been written to the registry, but the parameter content recognized by x64dbg is empty
3. Watch JIT information

Attachments

No response

Operating System

Windows 7

x64dbg Version

Dec 6 2022

Describe the issue

This option is not blank before setting

Set the following options Available, but when you want to uncheck this option, the following message is prompted Because of the default system settings, there is no Just In Time Debugger, resulting in the non-existence of the old Just In Time Debugger,It is not possible to uncheck the checked Just In Time Debugger

The Just In Time Debugger is not blank at the beginning, although it can be unset with the following command setjit x32 or setjit the presence of parameters such as: 1, so that the program crashes will not call x64dbg

Steps to reproduce

1. Just In Time Debugger's status is blank

2. Check this option Just In Time Debugger Unable to restore the default state

Attachments

No response

Operating System

Windows10 64bit 19044.1889

x64dbg Version

snapshot_2022-12-06_11-40

Describe the issue

After open the exe file and reached the EntryPoint breakpoint, it starts to reporting the bug below constantly:

The module at 740C0000 (msvbvm50.dll) triggers a weird bug, please report an issue

The program(Afkayas.1.Exe) it self can run perfectly after all. And here is the details , NO plugin added.

Files in the directory of Afkayas.1.Exe : Afkayas.1.Exe MSVBVM50.DLL get these files in attachments. ^_^

Log:

正在初始化等待对象…… 正在初始化调试器…… 正在初始化调试器函数…… 正在设置JSON内存管理函数…… 正在初始化 Zydis... 正在获取目录信息…… 读取文件线程开始…… 正在获取系统调用编号... 符号路径： D:\Administrator\Downloads\snapshot_2022-12-06_11-40\release\x32\symbols 正在分配消息堆栈…… 正在初始化全局脚本变量…… 正在注册调试器命令…… 正在注册GUI命令接收器…… 正在注册表达式函数…… 正在注册格式函数…… 正在注册脚本DLL命令接收者…… 正在初始化命令执行循环…… 初始化成功！ 正在载入插件…… 正在处理命令行…… "D:\Administrator\Downloads\snapshot_2022-12-06_11-40\release\x32\x32dbg.exe" 已加载系统调用编号！ 成功载入错误码数据库！ 成功载入异常码数据库！ 成功载入NTSTATUS码数据库！ 窗口常数数据库已载入！ 正在读取笔记文件…… 文件读取线程完成！ 正在调试：D:\适合破解新手的160个crackme练手\Afkayas.1.Exe The module at 740C0000 (msvbvm50.dll) triggers a weird bug, please report an issue 数据库文件： D:\Administrator\Downloads\snapshot_2022-12-06_11-40\release\x32\db\Afkayas.1.Exe.dd32 进程已启动： 00400000 D:\适合破解新手的160个crackme练手\Afkayas.1.Exe "D:\适合破解新手的160个crackme练手\Afkayas.1.Exe" argv[0]: D:\适合破解新手的160个crackme练手\Afkayas.1.Exe 断点已设置在 00401124 (入口断点) ！ DLL已载入： 77A10000 C:\Windows\SysWOW64\ntdll.dll DLL已载入： 77440000 C:\Windows\SysWOW64\kernel32.dll DLL已载入： 76D00000 C:\Windows\SysWOW64\KernelBase.dll Thread 12896 created, Entry: ntdll.77A45900, Parameter: 00694F00 DLL已载入： 740C0000 D:\Administrator\Downloads\适合破解新手的160个crackme练手\MSVBVM50.DLL DLL已载入： 76510000 C:\Windows\SysWOW64\user32.dll DLL已载入： 75E50000 C:\Windows\SysWOW64\win32u.dll DLL已载入： 76CD0000 C:\Windows\SysWOW64\gdi32.dll DLL已载入： 77590000 C:\Windows\SysWOW64\gdi32full.dll DLL已载入： 758E0000 C:\Windows\SysWOW64\msvcp_win.dll DLL已载入： 75E70000 C:\Windows\SysWOW64\ucrtbase.dll Thread 9832 created, Entry: ntdll.77A45900, Parameter: 00694F00 Thread 5364 created, Entry: ntdll.77A45900, Parameter: 00694F00 DLL已载入： 75B10000 C:\Windows\SysWOW64\advapi32.dll DLL已载入： 77100000 C:\Windows\SysWOW64\msvcrt.dll DLL已载入： 76490000 C:\Windows\SysWOW64\sechost.dll DLL已载入： 77310000 C:\Windows\SysWOW64\rpcrt4.dll DLL已载入： 77010000 C:\Windows\SysWOW64\ole32.dll DLL已载入： 776C0000 C:\Windows\SysWOW64\combase.dll DLL已载入： 75D10000 C:\Windows\SysWOW64\oleaut32.dll 已到达系统断点！ The module at 740C0000 (msvbvm50.dll) triggers a weird bug, please report an issue The module at 740C0000 (msvbvm50.dll) triggers a weird bug, please report an issue The module at 740C0000 (msvbvm50.dll) triggers a weird bug, please report an issue The module at 740C0000 (msvbvm50.dll) triggers a weird bug, please report an issue DLL已载入： 76460000 C:\Windows\SysWOW64\imm32.dll INT3 breakpoint "入口断点" at <afkayas.1.EntryPoint> (00401124)! The module at 740C0000 (msvbvm50.dll) triggers a weird bug, please report an issue The module at 740C0000 (msvbvm50.dll) triggers a weird bug, please report an issue The module at 740C0000 (msvbvm50.dll) triggers a weird bug, please report an issue The module at 740C0000 (msvbvm50.dll) triggers a weird bug, please report an issue DLL已载入： 74DD0000 C:\Windows\SysWOW64\kernel.appcore.dll DLL已载入： 766B0000 C:\Windows\SysWOW64\bcryptprimitives.dll DLL已载入： 6FD40000 C:\Windows\SysWOW64\uxtheme.dll DLL已载入： 73950000 C:\Program Files (x86)\Moo0\AlwaysOnTop 1.24\WindowMenuPlusDll.dll DLL已载入： 77430000 C:\Windows\SysWOW64\psapi.dll DLL已载入： 75460000 C:\Windows\SysWOW64\version.dll DLL已载入： 76710000 C:\Windows\SysWOW64\shell32.dll DLL已载入： 72200000 C:\Windows\SysWOW64\winspool.drv DLL已载入： 721A0000 C:\Windows\SysWOW64\oleacc.dll DLL已载入： 77230000 C:\Windows\SysWOW64\msctf.dll DLL已载入： 77530000 C:\Windows\SysWOW64\coml2.dll DLL已载入： 72930000 C:\Windows\SysWOW64\TextInputFramework.dll DLL已载入： 72610000 C:\Windows\SysWOW64\CoreUIComponents.dll DLL已载入： 72890000 C:\Windows\SysWOW64\CoreMessaging.dll DLL已载入： 771C0000 C:\Windows\SysWOW64\ws2_32.dll DLL已载入： 75F90000 C:\Windows\SysWOW64\SHCore.dll DLL已载入： 74D80000 C:\Windows\SysWOW64\ntmarta.dll DLL已载入： 736D0000 C:\Windows\SysWOW64\WinTypes.dll DLL已载入： 02CA0000 C:\Windows\SysWOW64\WinTypes.dll DLL已卸载： 02CA0000 wintypes.dll DLL已载入： 739A0000 C:\Windows\SysWOW64\TextShaping.dll The module at 740C0000 (msvbvm50.dll) triggers a weird bug, please report an issue The module at 740C0000 (msvbvm50.dll) triggers a weird bug, please report an issue The module at 740C0000 (msvbvm50.dll) triggers a weird bug, please report an issue The module at 740C0000 (msvbvm50.dll) triggers a weird bug, please report an issue The module at 740C0000 (msvbvm50.dll) triggers a weird bug, please report an issue Thread 12896 exit Thread 9832 exit Thread 5364 exit 进程已停止，退出码为 0x0 (0)正在将数据库保存于 D:\Administrator\Downloads\snapshot_2022-12-06_11-40\release\x32\db\Afkayas.1.Exe.dd32 0毫秒 调试结束！

Steps to reproduce

1. open the x32dbg.exe
2. open the Afkayas.1.Exe
3. run and get over the first breakpoint
4. watch the log window

Attachments

适合破解新手的160个crackme练手.zip