have support for storing memory modifications so they can be reverted later

there should be functionality for extracting strings from raw data, easing analysis

There should be a container line threadsafe_map and threadsafe_vector that uses SRW locks (or critical sections for XP support).

Source code of interest: https://github.com/x64dbg/x64dbg/blob/development/src/dbg/threading.h

probably quite hard to come up for automated tests with debugging, but I think it's possible

GleeBug should have support for remote usage.

Here's a gif demonstrating the bug. Another limitation is that a new breakpoint can't be set at that location until you step out of it.

there should be tracing support (with single step/hardware breakpoint/memory breakpoint/software breakpoint) that builds up a buffer with all the useful information (modified registers, complete context, modified memory and some surrounding data)

find references in code

write a loader to support DLL debugging directly

I run a test with following code, taget<void()> always return nullptr. So I can't use this to check if two std::function are equal.

#include <vector>
#include <functional>

typedef std::function<void()> StepCallback;

std::vector<StepCallback> stepCallbacks;

void StepInto(const StepCallback& cbStep)
{
	auto target = cbStep.target<void()>();
	for (const auto& cb : stepCallbacks)
	{
                // always get null
		if (target == cb.target<void()>())
		{
			puts("duplicate StepInto callback detected!");
			return;
		}
	}
	stepCallbacks.push_back(cbStep);
}

void fun1() {}

void fun2() {}

int main()
{
	StepInto(fun1);
	StepInto(fun1);
	StepInto(fun2);
	StepInto([]() {});
	StepInto(std::bind([]() {}));
	return 0;
}

output:

duplicate StepInto callback detected!
duplicate StepInto callback detected!
duplicate StepInto callback detected!
duplicate StepInto callback detected!

According to cppreference, the template type of target<> seems very strict. Or there is something wrong with my test?

CreateFileMapping and MapViewOfFile

maybe something like unicorn can be used for this.

should have the ability to modify the file layout, delete/reorder/modify sections, abstract access to data directories, work with overlays, serialize/deserialize a PE file

Taken from x64dbg/x64dbg#388

WaitForDebugEventEx

https://msdn.microsoft.com/en-us/library/windows/desktop/mt171594(v=vs.85).aspx

functionality for pretty-printing an address

• thread-safety
• mIsDebugging determines if the context is read directly or lazily

• Debugger: Oct 2 2020 (GleeBug)
• OS: Windows 10 Pro 1903 18362.329

The debugger application locks up after a period of time. This does not appear to be dependent on the executable used. It happens consistently after a period of time using the debugger. The environment is VirtualBox 6.1.14 on macOS 10.15.7.

This behavior does not exist using VMWare Fusion. Is it reproducible on a different set of hardware running the same version of macOS. The operating system does not lock up. Keyboard works and ctrl-alt-delete works. Mouse is able to move, but nothing is clickable and focus does not follow the mouse. Using the keyboard to navigate to Task Manager and then ending debugger task, the mouse is still not usable. However, running the debugger again fresh gets everything working again and after that point the mouse is usable as normal.

preferably with capstone

store loaded libraries and their imports/exports also deserialize them using the class from #4 and optionally recursively deserialize their dependencies

this is a really hard problem, but the basic idea @Nukem9 came up with was to have some sort of queue that processes registered callbacks sequentially, similar to the Intel PIN tool. Details should be discussed or mentioned here.

http://www.ragestorm.net/blogs/?p=45

stuff like single step detection should be mitigated as well as specific anti-debug tricks (will comment here later)

When I try to load an exe, it says that file not found.
When I try to load a dll, it crashes.
Let me know if that's just me, I'll try to provide more details.

have an interface for storing bookmarks on specific addresses

documentation should highlight limitations or warnings for various functions.

it should be easy to add and modify modules to have a different behavior.

x64dbg/x64dbg#227

A minimal high level interface should be defined so GleeBug can be used in a cross-platform setting.

Hello!

I started to use new version with GleeBug engine. Version is "Oct 2 2020"
To reproduce the bug:

• set any hardware break point on a memory
• delete this breakpoint
• set another hardware breakpoint on the same address

Hi Duncan :)

So I updated x64dbg and accepted the offer to try out the new engine, GleeBug. I've used it for several hours with no apparent issues, until, at some moment, it crashed. I wasn't prepared for troubleshooting so I didn't have symbols and such, but from the location of the crash and the source code it looks like it crashed here on line 26:

with thread holding a NULL pointer.

All I did was smashing F8 to step over.

That's not much, but here's a screenshot of handling the exception as a JIT debugger:

there should be an option that automatically acquires debug privileges

x64dbg/x64dbg#161

have an interface for storing label addresses

memory breakpoints with a variable size window allowing for accesses in the page to be narrowed down to specific addresses (as an alternative for hardware breakpoints)

this could be useful if people want to generate scripts, possibly also provide a functionality to repeat recorded actions

have an interface to store function boundaries

might be useful in the future.

there should be an abstract layer around dbghelp so it is possible to add DWARF support later. and caching, lots of caching (up to the point where the PDB files are not loaded in memory at all)

FPU, MMX, SSE, AVX registers with FPU flags and everything.

can probably be done by injecting some code in the process and updating the CONTEXT in a way that other debuggers can JIT and resume execution on detach.

coding guidelines are very important for contributers. also document in the code why certain decisions were made so it makes the project more accessible to new collaborators