Open 0xbc opened 6 years ago
wangray
commented
6 years ago So the x64dbg API has a function that can tell you whether there is an active debugger.
In the case of WinDBG, you simply can't run commands without an attached debugger, I think.
This PR is a proposed fix, what do you think: https://github.com/x64dbg/x64dbgpylib/pull/11
wangray
commented
6 years ago But in general, other places in the code will throw an error if you don't have something being debugged. Like modules will also give Corruped UNICODE_STRING if nothing's being debugged. I'm not too concerned about this, but please add some checks using isDebugging if you like.
mrexodia
commented
6 years ago can't we just fully block all mona commands if isDebugging is false?
wangray
commented
6 years ago I guess some commands should be able to run without a running executable, such as cyclic pattern or assemble.
mrexodia
commented
6 years ago Yeah true, perhaps add a bool in command registration whether the command can be run while not debugging (similar to x64dbg commands)? On Fri, 8 Dec 2017 at 23:02, Ray Wang notifications@github.com wrote:
I guess some commands should be able to run without an attached process, such as cyclic pattern or assemble.
— You are receiving this because you commented.
Reply to this email directly, view it on GitHub https://github.com/x64dbg/x64dbgpylib/issues/10#issuecomment-350383450, or mute the thread https://github.com/notifications/unsubscribe-auth/ACWCmTBSLUb2LlAWgmwYKD0NL0jvgSsqks5s-bIDgaJpZM4Qz8Wa .
0xbc
commented
6 years ago Cheers - the fix looks good to me!
I agree adding a flag to command registration would be a good idea - just wondering though what the aim is here re. merging back to upstream mona? As in, is the plan eventually to close the x64dbg fork of mona once it's all working, and in that case, is Peter going to accept API changes like that?
mrexodia
commented
6 years ago I don’t think mona is actually being actively developed anymore but the changes aren’t too invasive, only improvements. On Fri, 8 Dec 2017 at 23:45, Ben Cheney notifications@github.com wrote:
Cheers - the fix looks good to me!
I agree adding a flag to command registration would be a good idea - just wondering though what the aim is here re. merging back to upstream mona? As in, is the plan eventually to close the x64dbg fork of mona once it's all working, and in that case, is Peter going to accept API changes like that?
— You are receiving this because you commented.
Reply to this email directly, view it on GitHub https://github.com/x64dbg/x64dbgpylib/issues/10#issuecomment-350390933, or mute the thread https://github.com/notifications/unsubscribe-auth/ACWCmQUY2O2uwuZRI7sKZxl3SVr4P8buks5s-bvSgaJpZM4Qz8Wa .
wangray
commented
6 years ago I'm not in a hurry to get this merged upstream any time soon — I'm all for making whatever changes we need for x64dbg without worrying what happens with Immunity/WinDBG.
The Immunity and WinDBG backends are rather different, anyways.
Hi,
First of all, thanks so much for working on mona support for x64dbg - awesome job!
I got mona up and running successfully in x64dbg, and one of the first commands I tried was
pc:The root cause here seems to be that there was nothing being debugged at the time, and so the pointer returned by
getPEBInfois garbage (which is then used to try and get the name of the process being debugged). I had a bit of a dig around to try and make a fix for this but was a bit unsure how to proceed - ideally I thought there might be a flag to check inx64dbgpylib.Debuggeras to whether the debugger is attached to something, but I coudn't see anything (I may just have missed it!)I also checked
getDebuggedPid, which did return a value which I assume is also garbage. I noticed that the equivalent code in windbglib didn't have any extra checks, so I assume that the backend there behaves differently in this case?Cheers, Ben