Magic-Mirror/x64dbg
1
0
Fork 0
mirror of https://github.com/x64dbg/x64dbg.git synced 2024-11-26 22:30:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

PROJECT: moved help https://github.com/x64dbg/docs

Browse Source
This commit is contained in:
mrexodia 2016-07-06 06:51:33 +02:00
parent 6969cb8048
commit 029f196a17
No known key found for this signature in database
GPG Key ID: D72F9A4FAA0073B4
172 changed files with 5 additions and 5035 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
build.bat
View File

@ -9,7 +9,6 @@ if /i "%1"=="x32" call setenv.bat x32&set type=Configuration=Release;Platform=Wi
if /i "%1"=="x64" call setenv.bat x64&set type=Configuration=Release;Platform=x64&goto build
if /i "%1"=="coverity" goto coverity
if /i "%1"=="doxygen" call setenv.bat doxygen&goto doxygen
if /i "%1"=="chm" call setenv.bat chm&goto chm
goto usage
@ -56,11 +55,6 @@ doxygen
goto :restorepath
:chm
start /w "" winchm.exe help\x64_dbg.wcp /h
goto :restorepath
:usage
echo "Usage: build.bat x32/x64/coverity (x32/x64)/doxygen/chm"
echo.

27
help/AttachDebugger_attach.htm
View File

@ -1,27 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>AttachDebugger/attach</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>AttachDebugger[,attach]<BR></STRONG>Attach the
debugger to a running process.</P>
<P><U>arguments</U><BR>&nbsp; arg1: Process Identifier
(PID) of the running process.</P>
<P>[arg2]: Handle to an Event Object to signal (this
is for internal use only).</P>
<P><U>result</U> <BR>This command will give control back to the user&nbsp;after
the&nbsp;system breakpoint&nbsp;is reached. It will
set&nbsp;<U>$pid</U>&nbsp;and&nbsp;<U>$hp/$hProcess</U>&nbsp;variables.
</P></body></HTML>

20
help/Breakpoints.htm
View File

@ -1,20 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Breakpoints</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>Breakpoints</STRONG><BR>This section contains
various breakpoint-related commands.</P></body>
</html>

70
help/Calculations.htm
View File

@ -1,70 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Calculations</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>Calculations<BR></STRONG>The debugger allows usage of basic math
operations, just type an expression in the
command window and the result will be displayed in the console. Apart from
calculations, it allows quick&nbsp;variable changes using a C-like syntax.</P>
<P><STRONG>Operators</STRONG><BR> You can use the following operators in your expression.
They are processed in the following order (<A
href="http://en.cppreference.com/w/c/language/operator_precedence"
target=_blank>source</A>):</P>
<P><U>1:parentheses/brackets</U>: <EM>(1+2)</EM>, [1+6] have
priority over other operations.</P>
<P><U>2:unary minus/binary not/logical not</U>: <EM>-1</EM> (negative 1), <EM>~1</EM> (binary not of 1), <EM>!0</EM>
(logical not of 0).</P>
<P><U>
3:multiplication/division</U>:
<EM>2*3</EM> (regular multiplication), <EM>2`3</EM> (gets high part of the
multiplication),&nbsp;6/3 (regular division), <EM>5%3</EM> (modulo/remainder of
the division).</P>
<P><U>4:addition/subtraction</U>:
<EM>1+3</EM> (addition), <EM>5-2</EM>
(subtraction).</P>
<P><U>5:left/right
shift</U>:&nbsp;<EM>1&lt;&lt;2</EM> (shift left, shl for unsigned, sal for
signed), <EM>10&gt;&gt;1</EM> (shift right, shl
for&nbsp;unsigned, sal for signed). </P>
<P><U>6:smaller (equal)/bigger (equal)</U>: 4&lt;10, 3&gt;6,
<EM>1&lt;=2</EM>, <EM>6&gt;=7</EM> (resolves to 1 if true,
0 if false).</P>
<P><U>7:equal/not equal</U>: <EM>1==1</EM>, <EM>2!=6</EM>
(resolves to 1 if true, 0 if
false).</P>
<P><U>8:binary and</U>: <EM>12&amp;2</EM>
(regular binary
and).</P>
<P><U>9:binary xor</U>: <EM>2^1</EM>
(regular binary
xor).</P>
<P><U>10:binary or</U>: <EM>2|8</EM>
(regular binary
or).</P>
<P><U>11:logical and</U>: <EM>0&amp;&amp;3</EM>
(resolves to 1 if true, 0 if
false).</P>
<P><U>12:logical or</U>: <EM>0||3</EM>
(resolves to 1 if true, 0 if
false).</P>
<P><STRONG><U>Quick-Assigning<BR></U></STRONG>Changing memory, a
variable, register or&nbsp;flag can be easily done using a C-like
syntax:</P>
<P>a?= b: '?' can be any non-logical operator.
'a' can be any register, flag, variable or memory location. 'b' can be anything that is recognized as an
expression.</P>
<P>a++/a--: 'a' can be any register, flag, variable or memory
location.</P></body>

135
help/Callbacks.htm
View File

@ -1,135 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Callback Structures</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>Callback structures<BR></STRONG>These&nbsp;structures are used inside event
callbacks (registered using _plugin_registercallback). Notice that the pointer
'void* callbackInfo' is never NULL, but the members of the various structures
can be NULL. Also remember that <U>you cannot use any of the provided pointers
out of the callback function scope</U>. In general
<U>
<STRONG>AVOID</STRONG> time-consuming operations inside
callbacks</U> , do these in
separate
threads.</P>
<P>//Called on debug initialization, useful to initialize
some variables.<BR>struct <STRONG>PLUG_CB_INITDEBUG</STRONG>
<BR>{<BR>&nbsp;&nbsp;&nbsp; <STRONG>const char*</STRONG>
szFileName;<BR>};</P>
<P>//Called when the debugging has been stopped, useful to
reset some variables.<BR>struct <STRONG>PLUG_CB_STOPDEBUG</STRONG>
<BR>{<BR>&nbsp;&nbsp;&nbsp;
<STRONG>void*</STRONG>
reserved;<BR>};</P>
<P>//Called after process creation (in the debug loop),
after the initialization of the symbol handler, the database file and setting
breakpoints on TLS callbacks / the entry breakpoint.<BR>struct <STRONG>PLUG_CB_CREATEPROCESS <BR></STRONG>{<BR>&nbsp;&nbsp;&nbsp;
<STRONG>CREATE_PROCESS_DEBUG_INFO*</STRONG>
CreateProcessInfo;<BR>&nbsp;&nbsp;&nbsp; <STRONG>IMAGEHLP_MODULE64*</STRONG>
modInfo;<BR>&nbsp;&nbsp;&nbsp; <STRONG>const char*</STRONG>
DebugFileName;<BR>&nbsp;&nbsp;&nbsp;
<STRONG>PROCESS_INFORMATION*</STRONG>
fdProcessInfo;<BR>};</P>
<P>//Called after the process exits (in the debug loop),
before the symbol handler is cleaned up.<BR>struct <STRONG>PLUG_CB_EXITPROCESS</STRONG> <BR>{<BR>&nbsp;&nbsp;&nbsp;
<STRONG>EXIT_PROCESS_DEBUG_INFO*</STRONG>
ExitProcess;<BR>};</P>
<P>//Called after thread creation (in the debug loop),
after adding the thread to the internal thread list, before breaking the
debugger on thread creation and&nbsp;after setting breakpoints on the thread
entry.<BR>struct <STRONG>PLUG_CB_CREATETHREAD<BR></STRONG>{<BR>&nbsp;&nbsp;&nbsp;
<STRONG>CREATE_THREAD_DEBUG_INFO*</STRONG>
CreateThread;<BR>&nbsp;&nbsp;&nbsp; <STRONG>DWORD</STRONG>
dwThreadId;<BR>};</P>
<P>//Called after thread termination (in the debug loop),
before the thread is removed from the internal thread list, before breaking on
thread termination.<BR>struct <STRONG>PLUG_CB_EXITTHREAD</STRONG> <BR>{<BR>&nbsp;&nbsp;&nbsp; <STRONG>EXIT_THREAD_DEBUG_INFO*</STRONG>
ExitThread;<BR>&nbsp;&nbsp;&nbsp; <STRONG>DWORD</STRONG>
dwThreadId;<BR>};</P>
<P>//Called at the system breakpoint (in the debug loop),
after setting the initial dump location, before breaking the debugger on the
system breakpoint.<BR>struct <STRONG>PLUG_CB_SYSTEMBREAKPOINT</STRONG>
<BR>{<BR>&nbsp;&nbsp;&nbsp;
<STRONG>void*</STRONG> reserved;<BR>};</P>
<P>//Called on DLL loading (in the debug loop), after the
DLL has been added to the internal library list, after setting the DLL entry
breakpoint.<BR>struct <STRONG>PLUG_CB_LOADDLL</STRONG> <BR>{<BR>&nbsp;&nbsp;&nbsp;
<STRONG>LOAD_DLL_DEBUG_INFO*</STRONG>
LoadDll;<BR>&nbsp;&nbsp;&nbsp; <STRONG>IMAGEHLP_MODULE64*</STRONG>
modInfo;<BR>&nbsp;&nbsp;&nbsp; <STRONG>const char*</STRONG> modname;<BR>};</P>
<P>//Called on DLL unloading (in the debug loop), before
removing the DLL from the internal library list, before breaking on DLL
unloading.<BR>struct <STRONG>PLUG_CB_UNLOADDLL</STRONG> <BR>{<BR>&nbsp;&nbsp;&nbsp;
<STRONG>UNLOAD_DLL_DEBUG_INFO*</STRONG>
UnloadDll;<BR>};</P>
<P>//Called on a DebugString event (in the debug loop),
before dumping the string to the log, before breaking on a debug
string.<BR>struct <STRONG>PLUG_CB_OUTPUTDEBUGSTRING</STRONG>
<BR>{<BR>&nbsp;&nbsp;&nbsp;
<STRONG>OUTPUT_DEBUG_STRING_INFO*</STRONG>
DebugString;<BR>};</P>
<P>//Called on an unhandled (by the debugger) exception (in
the debug loop), after setting the continue status, after locking the debugger
to pause.<BR>struct <STRONG>PLUG_CB_EXCEPTION</STRONG> <BR>{<BR>&nbsp;&nbsp;&nbsp;
<STRONG>EXCEPTION_DEBUG_INFO*</STRONG>
Exception;<BR>};</P>
<P>//Called on a normal/memory/hardware breakpoint (in the
debug loop), after locking the debugger to pause.<BR>struct <STRONG>PLUG_CB_BREAKPOINT</STRONG> <BR>{<BR>&nbsp;&nbsp;&nbsp; <STRONG>BRIDGEBP*</STRONG>
breakpoint;<BR>};</P>
<P>//Called after the debugger has been locked to pause (in
the debug loop), before any other callback that's before pausing the
debugger.<BR>struct <STRONG>PLUG_CB_PAUSEDEBUG</STRONG> <BR>{<BR>&nbsp;&nbsp;&nbsp;
<STRONG>void*</STRONG>
reserved;<BR>};</P>
<P>//Called after the debugger has been unlocked to resume
(outside of the debug loop).<BR>struct <STRONG>PLUG_CB_RESUMEDEBUG</STRONG> <BR>{<BR>&nbsp;&nbsp;&nbsp;
<STRONG>void*</STRONG>
reserved;<BR>};</P>
<P>//Called after the debugger stepped (in the debug loop),
after locking the debugger to pause.<BR>struct <STRONG>PLUG_CB_STEPPED</STRONG> <BR>{<BR>&nbsp;&nbsp;&nbsp;
<STRONG>void*</STRONG>
reserved;<BR>};</P>
<P>//Called before attaching to a process.<BR>struct <STRONG>PLUG_CB_ATTACH</STRONG><BR>{<BR>&nbsp;&nbsp;&nbsp;
<STRONG>DWORD</STRONG> dwProcessId;<BR>};</P>
<P>//Called before detaching from the process.<BR>struct <STRONG>PLUG_CB_DETACH</STRONG><BR>{<BR>&nbsp;&nbsp;&nbsp;
<STRONG>PROCESS_INFORMATION*</STRONG> fdProcessInfo;<BR>};</P>
<P>//Called on any debug event, even the ones that are
handled internally, <U><STRONG>AVOID</STRONG> doing stuff that takes time
here</U>, this will slow the debugger down a lot!<BR>struct <STRONG>PLUG_CB_DEBUGEVENT</STRONG> <BR>{<BR>&nbsp;&nbsp;&nbsp;
<STRONG>DEBUG_EVENT*</STRONG> DebugEvent;<BR>};</P>
<P>//Called when a menu entry created by the plugin has
been clicked, the GUI will resume when this callback returns.<BR>struct <STRONG>PLUG_CB_MENUENTRY</STRONG><BR>{<BR>&nbsp;&nbsp;&nbsp;
<STRONG>int</STRONG> hEntry;<BR>};</P>
<P>//Called before TranslateMessage and DispatchMessage
Windows functions (PreTranslateMessage). Avoid calling user32 functions without
precautions here, there <STRONG>will</STRONG> be a recursive call if you fail
to take countermeasures.<BR>struct
<STRONG>PLUG_CB_WINEVENT<BR></STRONG>{<BR>&nbsp;&nbsp;&nbsp; <STRONG>MSG*</STRONG>
message;<BR>&nbsp;&nbsp;&nbsp; <STRONG>long*</STRONG>
result;<BR>&nbsp;&nbsp;&nbsp; <STRONG>bool</STRONG> retval; //only set this to true, never to
false<BR>};</P>
<P>//Called before TranslateMessage and DispatchMessage
Windows functions (PreTranslateMessage). Avoid calling user32 functions without
precautions here, there <STRONG>will</STRONG> be a
recursive call if you fail to take countermeasures. This function is global, so it also captures hotkeys
(see Qt documentation).<BR>struct
<STRONG>PLUG_CB_WINEVENTGLOBAL<BR></STRONG>{<BR>&nbsp;&nbsp;&nbsp; <STRONG>MSG*</STRONG>
message;<BR>&nbsp;&nbsp;&nbsp; <STRONG>bool</STRONG> retval; //only set this to true, never to
false<BR>};</P></body></HTML>

27
help/Commands.htm
View File

@ -1,27 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Commands</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P class=rvps3><STRONG>
command[,alias1,alias2]</STRONG><BR>Command description here.</P>
<P class=rvps3><U>arguments</U><BR>&nbsp; arg1: Argument description.</P>
<P class=rvps3>[arg2]: Optional argument.</P>
<P class=rvps3>[arg3]: Another optional argument (can only
be given when the previous argument is also given).</P>
<P class=rvps3><U>result</U><BR>Description of the command result.</P>
<P class=rvps3><U><STRONG>REMARK</STRONG></U>: Commands cannot contain any of the
following characters: "," (comma), " " (space) and "\" (backslash). These
characters need to be prefixed using a backslash ('\,').</P></body></HTML>

20
help/Data.htm
View File

@ -1,20 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Data</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>Data</STRONG><BR>This section contains commands
that are used to analyze and manipulate data.</P></body>
</html>

25
help/DebugContinue_con.htm
View File

@ -1,25 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>DebugContinue/con</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>DebugContinue[,con]</STRONG><BR>Set debugger
continue status.</P>
<P class=rvps3><U>arguments</U> <BR>[arg1]: When set, the exception will be handled by the
program. Otherwise the exception will be swallowed. </P>
<P class=rvps3><U>result
<BR></U>This command does not set any result variables.</P></body>
</html>

20
help/Debug_Control.htm
View File

@ -1,20 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Debug Control</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>Debug Control<BR></STRONG>This section contains
commands useful for controlling the debugger (stepping etc.)</P></body>
</html>

24
help/DeleteBPX_bpc_bc.htm
View File

@ -1,24 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>DeleteBPX/bpc/bc</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>DeleteBPX[,bpc,bc]</STRONG><BR>Delete&nbsp;a
breakpoint set using the SetBPX command.</P>
<P><U>arguments</U><BR>[arg1]: Name or address of the breakpoint to delete. If this argument is not specified, all breakpoints will be
deleted.</P>
<P><U>result<BR></U>This command does not set any result variables.</P>
</body>
</html>

24
help/DeleteHardwareBreakpoint_bphc_bphwc.htm
View File

@ -1,24 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>DeleteHardwareBreakpoint/bphc/bphwc</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>DeleteHardwareBreakpoint[,bphc,bphwc]</STRONG><BR>Delete&nbsp;a hardware breakpoint set using the
SetHardwareBreakpoint command.</P>
<P><U>arguments</U><BR>[arg1]: Name or address of the hardware breakpoint to delete. If
this argument is not specified, all hardware breakpoints will be deleted.</P>
<P><U>result<BR></U>This command does not set any result
variables.</P></body>
</html>

40
help/DeleteMemoryBPX_membpc_bpmc.htm
View File

@ -1,40 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>DeleteMemoryBPX/membpc/bpmc</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P>
<STRONG>
DeleteMemoryBPX[,membpc,bpmc]
</STRONG>
<BR>Delete&nbsp;a memory breakpoint set using the SetMemoryBPX
command.
</P>
<P >
<U >
arguments</U>
<BR>
[arg1]: Name or (base) address of the memory breakpoint to
delete. If this argument is not specified, all memory breakpoints will be
deleted.</P>
<P>
<U>
result
<BR>
</U>This command does not set any result
variables.</P></body>
</html>

23
help/DetachDebugger_detach.htm
View File

@ -1,23 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>DetachDebugger/detach</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>DetachDebugger[,detach]<BR></STRONG>Detach the debugger from the currently-debugged
process.</P>
<P><U>arguments</U><BR>This command has no arguments.</P>
<P><U>result</U> <BR>This command does not set any result
variables.</P></body>
</html>

26
help/DisableBPX_bpd_bd.htm
View File

@ -1,26 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>DisableBPX/bpd/bd</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body><STRONG>DisableBPX[,bpd,bd]<BR></STRONG>Disable&nbsp;a breakpoint set using the SetBPX
command.
<P><U>arguments</U><BR>[arg1]: Name or address of the breakpoint to disable. If
this argument is not specified, all breakpoints will be disabled.</P>
<P>
<U>
result
<BR>
</U>This command does not set any result
variables.</P></body></HTML>

23
help/DisableHardwareBreakpoint_bphd_bphwd.htm
View File

@ -1,23 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>DisableHardwareBreakpoint/bphd/bphwd</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>DisableHardwareBreakpoint[,bphd,bphwd]<BR></STRONG>Disable a hardware breakpoint.</P>
<P><U>arguments</U><BR>[arg1]: Address of the hardware breakpoint to disable. If
this argument is not specified, all hardware breakpoints will be disabled.</P>
<P><U>result<BR></U>This command does not set any result variables.</P>
</body>
</html>

31
help/DisableMemoryBreakpoint_membpd_bpmd.htm
View File

@ -1,31 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>DisableMemoryBreakpoint/membpd/bpmd</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>DisableMemoryBreakpoint[,membpd,bpmd]<BR></STRONG>Disable a memory breakpoint.</P>
<P>
<U>
arguments
</U>
<BR>
[arg1]: Address of the memory breakpoint to disable. If this
argument is not specified, all memory breakpoints will be disabled.</P>
<P>
<U >
result
<BR ></U>This command does not set any result
variables.</P></body>
</html>

26
help/EnableBPX_bpe_be.htm
View File

@ -1,26 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>EnableBPX/bpe/be</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>EnableBPX[,bpe,be]</STRONG><BR>Enable
a breakpoint set using the SetBPX
command.</P>
<P><U>arguments</U><BR> [arg1]: Name or address of the breakpoint to enable. If this
argument is not specified, all breakpoints
will be enabled.</P>
<P><U>result<BR></U>This command does not set any result
variables.</P></body>
</html>

25
help/EnableHardwareBreakpoint_bphe_bphwe.htm
View File

@ -1,25 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>EnableHardwareBreakpoint/bphe/bphwe</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>EnableHardwareBreakpoint[,bphe,bphwe]<BR></STRONG>Enable
a previously disabled hardware breakpoint.</P>
<P><U>arguments</U><BR>[arg1]: Address of the hardware breakpoint to enable. If
this argument is not specified, as many as possible hardware breakpoints will be
enabled.</P>
<P><U>result<BR></U>This command does not set any result
variables.</P></body>
</html>

31
help/EnableMemoryBreakpoint_membpe_bpme.htm
View File

@ -1,31 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>EnableMemoryBreakpoint/membpe/bpme</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>EnableMemoryBreakpoint[,membpe,bpme]<BR></STRONG>Enable a previously disabled memory breakpoint.</P>
<P>
<U>
arguments
</U>
<BR>
[arg1]: Address of the memory breakpoint to enable. If this
argument is not specified, all memory breakpoints will be enabled.</P>
<P>
<U >
result
<BR ></U>This command does not set any result variables.</P>
</body>
</html>

20
help/Exports.htm
View File

@ -1,20 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Exports</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>Exports<BR></STRONG>This section contains
information about the "_plugin_" prefixed exports.</P></body>
</html>

26
help/Fill_memset.htm
View File

@ -1,26 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Fill/memset</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>Fill[,memset]</STRONG><BR>Set memory of the
debuggee to a specified byte.</P>
<P><U>arguments</U><BR>&nbsp; arg1: Memory address to start setting bytes.</P>
<P>&nbsp; arg2: Value (byte) to set memory with.</P>
<P>[arg3]: Size to set. When not specified the rest of the
page is used.</P>
<P><U>result</U><BR>This command does not set any result
variables.</P></body>
</html>

21
help/General_Purpose.htm
View File

@ -1,21 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>General Purpose</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>General Purpose<BR></STRONG>This section contains various commands that are
used for calculations etc.</P>
</body>
</html>

28
help/HideDebugger_dbh_hide.htm
View File

@ -1,28 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>HideDebugger/dbh/hide</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>HideDebugger[,dbh,hide]<BR></STRONG> Hide the debugger from (very) simple detection
methods.</P>
<P class=rvps3><U>arguments</U><BR>This command has no arguments.</P>
<P class=rvps3>
<U>
result
<BR>
</U>This command does not set any result
variables.</P></body>
</html>

40
help/InitDebug_initdbg_init.htm
View File

@ -1,40 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>InitDebug/initdbg/init</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>InitDebug[,init,initdbg]<BR></STRONG>Initializes the debugger. This command will load
the executable (do some basic checks),&nbsp;set breakpoints on TLS callbacks
(if present), set a breakpoint at the process entry point&nbsp;and
break at the system breakpoint before giving back control to the
user.</P>
<P><U>arguments</U><BR> &nbsp; arg1: Path to the executable file to debug. If no full path is given, the GetCurrentDirectory API will be
called to retrieve a full path. Use quotation marks to include spaces in your path.
</P>
<P> [arg2]: Commandline to create the process with.
</P>
<P>[arg3]: Current folder (passed to the CreateProcess API).
</P>
<P><U>result<BR></U> This command will
give control back to the user&nbsp;after the&nbsp;system breakpoint&nbsp;is reached. It will set
<U>$pid</U> and&nbsp;<U>$hp/$hProcess</U>&nbsp;variables.
</P></body>
</html>

80
help/Input.htm
View File

@ -1,80 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Input</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P class=rvps3><STRONG>Input</STRONG><BR>This program accepts
various options of input:</P>
<P class=rvps3><U>commands</U>:
Commands have the following format: "command[space]arg1,[optional
space]arg2,argN".</P>
<P class=rvps3><U>variables</U>:
Variables optionally start with a $ and can only store one DWORD (QWORD on
x64).</P>
<P class=rvps3><U> registers</U>: All
registers (of all sizes) can be used as variables.</P>
<P class=rvps3><U>memory locations</U>:
You can read/write from/to a memory location by using one of the
following expressions:<BR>[addr]&nbsp;&nbsp;&nbsp;&nbsp; - read a
DWORD/QWORD, depending on the
architecture.<BR><EM>n</EM>:[addr]&nbsp;&nbsp; - read <EM>n</EM> bytes from.<BR><EM>seg</EM>:[addr] -
read a DWORD/QWORD from&nbsp;a
segment.<BR><STRONG>REMARKS</STRONG>:<BR>- <EM>n</EM> is the amount of bytes to read, this can be anything
smaller than 4 on x32 and smaller than 8 on x64 when specified, otherwise there
will be an error.<BR>- <EM>seg</EM>
can be gs, es, cs, fs, ds, ss. Only fs and gs have an effect.</P>
<P class=rvps3><U>flags</U>: Debug flags
(interpreted as integer) can be used as input. Flags are prefixed with an '_'
followed by the flag name. Valid flags are: _cf, _pf, _af, _zf, _sf, _tf, _if,
_df, _of, _rf, _vm, _ac, _vif, _vip and _id.</P>
<P class=rvps3><U>numbers</U>: All
numbers are interpreted as hex by default. If you want to be sure, you can use
the "x" prefix or the "0x" prefix. Decimal numbers can be used by prefixing the
number with a "." (.123=7B).</P>
<P class=rvps3><U> expressions</U>: See "Expressions" for more information.</P>
<P class=rvps3><U>Module Data</U>:</P>
<OL>
<LI>
<DIV class=rvps3><U>DLL exports</U>:
Type 'GetProcAddress' and it will automatically be
resolved to the actual address of the function.
To explicitly define from which module to load the API, use:
"[module].dll:[api]" or "[module]:[api]". In a similar way you can resolve ordinals, try "[module]:[ordinal]". Another
macro allows you to get the loaded
base of a module. When "[module]" is an empty string (":GetProcAddress" for example), the
module that is currently selected in the CPU will be
used.</DIV><U> </U>
<LI><U>Loaded Module&nbsp;Bases</U>:
If you want to access the loaded module base, you can write: "[module]:0",
"[module]:base", "[module]:imagebase" or "[module]:header".
<LI><U>RVA/File Offset</U>: If you
want to access a module RVA you can either write "[module]:0+[rva]" or you can
write "[module]:$[rva]". If you want to convert a file offset to a VA you can
use "[module]:#[offset]". When "[module]" is an empty string (":0" for
example), the module that is currently selected in the CPU will be used.
<LI><U>Module Entry Points</U>: To
access a module entry point you can write "[module]:entry", "[module]:oep" or
"[module]:ep". Notice that when there are exports with the names "entry",
"oep" or "ep" the address of these will be returned
instead.<BR><BR><STRONG>Notice</STRONG>: Instead of the ':' delimiter you can
also use a '.' If you need to query module information such as
"[module]:imagebase" or "[module]":entry" you are advised to
use a '?' as delimiter instead ("[module]?entry"). The '?'&nbsp;does
checking for named exports later, so it will still work when there is an
export called "entry" in the module.</LI></OL>
<P class=rvps3><U>labels/symbols</U>:
user-defined labels and symbols&nbsp;are a valid expressions.</P>
<P class=rvps3><STRONG>Input for arguments can always be done in any of
the above forms, except if stated otherwise.</STRONG></P></body></HTML>

33
help/Introduction.htm
View File

@ -1,33 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Introduction</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>Introduction</STRONG><BR>This is a x64/x32 debugger that is currently
in active development.</P>
<P>The debugger (currently) has three parts:<BR>- DBG<BR>-
GUI<BR>
- Bridge</P>
<P>DBG is the debugging part of the debugger. It handles
debugging (using TitanEngine) and will provide data
for the GUI.</P>
<P>GUI is the graphical part of the debugger. It is built on
top of Qt and it provides
the user interaction.</P>
<P>Bridge is the communication library for the DBG and GUI
part (and maybe in the future more parts). The bridge can be used to work on new
features, without having to update the code of
the other parts.</P></body>
</html>

48
help/Jxx_IFxx.htm
View File

@ -1,48 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Jxx/IFxx</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>Jxx/IFxx<BR></STRONG>There are various branches
that can react on the flags set by the 'cmp' (and maybe
other)&nbsp;command(s):</P>
<UL>
<LI>
<DIV>unconditional branch &nbsp;&nbsp; -
<U>jmp/goto</U></DIV>
<DIV></DIV>
<LI>
<DIV>branch if not equal&nbsp;&nbsp; &nbsp; -
<U>jne/ifne(q)/jnz/ifnz</U></DIV>
<LI>
<DIV>branch if equal&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp; - <U>je/ife(q)/jz/ifz</U></DIV>
<LI>
<DIV>branch if smaller&nbsp;&nbsp;&nbsp;&nbsp; &nbsp; -
<U>jb/ifb/jl/ifl</U></DIV>
<LI>
<DIV>branch if bigger&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;
- <U>ja/ifa/jg/ifg</U></DIV>
<DIV></DIV>
<LI>
<DIV>branch if bigger/equal&nbsp; -
<U>jbe/ifbe(q)/jle/ifle(q)</U></DIV>
<LI>
<DIV>branch if smaller/equal -
<U>jae/ifae(q)/jge/ifge(q)</U></DIV></LI></UL>
<P class=rvps3><U>arguments </U><BR>&nbsp; arg1: The label to jump to.</P>
<P class=rvps3><U>result <BR></U>This command does not set any result variables.
</P></body>
</html>

23
help/LibrarianRemoveBreakPoint_bcdll.htm
View File

@ -1,23 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>LibrarianRemoveBreakPoint/bcdll</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>LibrarianRemoveBreakPoint[,bcdll]</STRONG><BR>Remove
a DLL breakpoint.</P>
<P><U>arguments</U><BR>&nbsp; arg1: DLL Name to remove the breakpoint from.</P>
<P><U>result<BR></U>This command does not set any result variables.</P>
</body>
</html>

28
help/LibrarianSetBreakPoint_bpdll.htm
View File

@ -1,28 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>LibrarianSetBreakPoint/bpdll</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>LibrarianSetBreakPoint[,bpdll]</STRONG><BR>Set a singleshoot
breakpoint on DLL load/unload.</P>
<P><U>arguments</U><BR>&nbsp; arg1: DLL Name to break
on.</P>
<P>[arg2]: 'l' means on load, 'u' means on unload. When not
specified, x64dbg will break on both load and unload.</P>
<P>[arg3]: When specified, the breakpoint will not be singleshoot. When not specified the
breakpoint will be removed after it has been hit.</P>
<P><U>result<BR></U>This command does not set any result
variables.</P></body>
</html>

20
help/Memory_Operations.htm
View File

@ -1,20 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Memory Operations</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>Memory Operations</STRONG><BR>This section
contains commands to manipulate memory inside the debuggee.</P></body>
</html>

20
help/Misc.htm
View File

@ -1,20 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Misc</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>Misc</STRONG><BR>This section contains all
commands that do not directly fit in another section.</P></body>
</html>

34
help/PLUGINIT_STRUCT.htm
View File

@ -1,34 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>PLUG_INITSTRUCT</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>pluginit</STRONG><BR>This structure is used by the only <STRONG>needed</STRONG>
export in the plugin
interface:</P>
<P>struct
<STRONG>PLUG_INITSTRUCT<BR></STRONG>{<BR>&nbsp;&nbsp;&nbsp; <EM>//data provided
by the debugger to the plugin.</EM><BR>&nbsp;&nbsp;&nbsp; [IN]
<STRONG>int</STRONG> pluginHandle; //handle of the plugin<BR>
<BR>&nbsp;&nbsp;&nbsp;&nbsp;<EM>//data provided by the plugin
to the debugger (required).</EM><BR>&nbsp;&nbsp;&nbsp; [OUT]
<STRONG>int</STRONG> sdkVersion; //plugin SDK version,&nbsp;use the
PLUG_SDKVERSION define for this<BR>&nbsp;&nbsp;&nbsp; [OUT]
<STRONG>int</STRONG> pluginVersion; //plugin version,
useful for crash reports<BR>&nbsp;&nbsp;&nbsp; [OUT]
<STRONG>char</STRONG> pluginName[256]; //plugin name, also
useful for crash reports<BR>
};</P></body>
</html>

35
help/PLUG_SETUPSTRUCT.htm
View File

@ -1,35 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>PLUG_SETUPSTRUCT</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>plugsetup</STRONG><BR>This structure is used by the function that allows the
creation of plugin menu entries:</P>
<P>
struct <STRONG>PLUG_SETUPSTRUCT</STRONG>
<BR>{<BR>&nbsp;&nbsp;&nbsp; <EM>//data provided by the debugger to
the plugin.</EM>
<BR>&nbsp;&nbsp;&nbsp; [IN] <STRONG>HWND</STRONG> hwndDlg; //GUI window
handle<BR>&nbsp;&nbsp;&nbsp; [IN]
<STRONG>int</STRONG> hMenu; //plugin menu
handle<BR>&nbsp;&nbsp;&nbsp; [IN] <STRONG>int</STRONG> hMenuDisasm;
//plugin disasm menu handle<BR>&nbsp;&nbsp;&nbsp; [IN] <STRONG>int</STRONG>
hMenuDump; //plugin dump menu handle<BR>&nbsp;&nbsp;&nbsp; [IN]
<STRONG>int</STRONG> hMenuStack; //plugin stack menu
handle<BR>
};</P></body>
</html>

22
help/Plugins.htm
View File

@ -1,22 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Plugins</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>Plugins<BR></STRONG>This section describes
various plugin functions for x64dbg.</P>
<P>You can install plugins by copying the *.dp32 (x32
plugins) or *.dp64 (x64
plugins) to the 'plugins' directory.</P></body>

20
help/Plugins_section.htm
View File

@ -1,20 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Plugins</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>Plugins</STRONG><BR>This section contains
debugger-embedded plugin commands.</P></body>
</html>

5
help/README.md Normal file
View File

@ -0,0 +1,5 @@
This help has been moved.
Web help: http://help.x64dbg.com
Github: https://github.com/x64dbg/docs
Read the Docs: https://readthedocs.org/projects/x64dbg

22
help/Script_Commands.htm
View File

@ -1,22 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Script Commands</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>Script Commands<BR></STRONG>This section contains various commands that are
only used or available in
a scripting context. Commands that also exist in a non-scripting context have
priority.</P></body>
</html>

21
help/Scripting.htm
View File

@ -1,21 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Scripting</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>Scripting</STRONG><BR>This sections provides an overview of automating tasks with
x64dbg using scripts. See Commands for a description of all possible script commands. See Introduction for an introduction to
expressions.</P></body>
</html>

24
help/SetBPXOptions_bptype.htm
View File

@ -1,24 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>SetBPXOptions/bptype</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>SetBPXOptions[,bptype]</STRONG><BR>Set the default type for the "SetBPX" command.</P>
<P><U>arguments<BR></U>&nbsp; arg1: Default type. This can be "short" (CC),
"long" (CD03) or "ud2" (0F0B). Type default type affects
both NORMAL and SINGLESHOT breakpoints.</P>
<P><U>result<BR></U>This command does not set any result
variables.</P></body>
</html>

46
help/SetBPX_bp_bpx.htm
View File

@ -1,46 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>SetBPX/bp/bpx</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>SetBPX[,bp,bpx]</STRONG><BR>Set an INT3 (SHORT/LONG)&nbsp;or UD2 breakpoint
and optionally assign a name to it.</P>
<P><U>arguments<BR></U>&nbsp; arg1: Address to put a breakpoint on. This can be an API name&nbsp;[not
implemented].</P>
<P>
[arg2]: Name of the breakpoint, use quotation marks to
include spaces. This name can be used
by the EnableBPX, DisableBPX and DeleteBPX functions as alias,
but is mainly intended to provide a single line of information about the
currently-hit breakpoint. When arg2 equals to a
valid type (arg3) the type is used and arg2
is
ignored.</P>
<P>
[arg3]: Breakpoint type. Can be one of the following
options
in random order: "ss" (single shot breakpoint), "long" (CD03),
"ud2" (0F0B) and "short" (CC). You can combine the "ss" option
with one of the type options in one string. Example: "SetBPX 00401000,"entrypoint",ssud2" will set a
single shot&nbsp;UD2&nbsp;breakpoint at 00401000 with the name "entrypoint".
When specifying no type or just the type "ss"
the default type will be used. Per default this equals to the
"short" type. You can change the default type using the "SetBPXOptions"
command.</P>
<P><U>result<BR></U>
This command&nbsp;does&nbsp;not any&nbsp;result
variables.</P></body></HTML>

31
help/SetHardwareBreakpoint_bph_bphws.htm
View File

@ -1,31 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>SetHardwareBreakpoint/bph/bphws</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>SetHardwareBreakpoint[,bph,bphws]<BR></STRONG>Set a
hardware breakpoint (using debug registers).</P>
<P class=rvps3><U>arguments</U> <BR>&nbsp; arg1: Address&nbsp;of the hardware breakpoint.&nbsp; </P>
<P class=rvps3>[arg2]:&nbsp;Hardware breakpoint type. Can be
either 'r' (readwrite), 'w' (write) or 'x' (execute). When not specified, 'x' is
assumed. </P>
<P class=rvps3>[arg3]:&nbsp;Hardware breakpoint
size.&nbsp;Can be
either '1', '2', '4' or '8' (x64 only). Per default, '1' is assumed. The address
you're putting the hardware breakpoint on must be aligned to the specified
size. </P>
<P class=rvps3><U>result <BR></U>This command does not set any result variables.
</P></body>
</html>

43
help/SetMemoryBPX_membp_bpm.htm
View File

@ -1,43 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>SetMemoryBPX/membp/bpm</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>SetMemoryBPX[,membp,bpm]<BR></STRONG>Set a memory
breakpoint (GUARD_PAGE) on the whole memory region the provided address is
in.</P>
<P class=rvps3>
<U>arguments</U>
<BR >&nbsp; arg1:&nbsp;Address&nbsp;of or inside a memory region
that will be watched.
</P>
<P class=rvps3>
[arg2]: 1/0 restore the memory breakpoint
once it's hit? When this value is not equal to one, it's assumed to be arg3. This
means "<EM>bpm eax,r</EM>" would be the same command as: "<EM>bpm
eax,0,r</EM>".
</P>
<P class=rvps3>
[arg3]: Breakpoint type, it can be 'r'
(execute+read),&nbsp;'w' (write) or 'x' (execute). Per default, it's a
combination of execute, read and write.
</P>
<P class=rvps3><U>result
<BR></U>This command does not set any result variables.
</P>
</body></HTML>

24
help/SingleStep.htm
View File

@ -1,24 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>SingleStep/sstep/sst</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>SingleStep[,sstep,sst]<BR></STRONG>Step a
specified number of instructions using the Trap-Flag.</P>
<P class=rvps3><U>arguments</U><BR>[arg1]: The number of instructions to executre (this can be
any valid expression). When not specified, a StepInto is performed.</P>
<P class=rvps3><U>result<BR></U>This command does not set any result
variables.</P></body>
</html>

23
help/StartScylla_scylla_imprec.htm
View File

@ -1,23 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>StartScylla/scylla/imprec</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>StartScylla[,scylla,imprec]<BR></STRONG>Start the Scylla plugin auto-selecting the
currently debugged DLL/EXE.</P>
<P class=rvps3><U>arguments </U><BR>This command has no arguments.</P>
<P class=rvps3><U>result<BR></U>This command does not set any result
variables.</P></body>
</html>

23
help/StepInto.htm
View File

@ -1,23 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>StepInto/sti</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>StepInto[,sti]<BR></STRONG>Single Step (using
Trap-Flag).</P>
<P class=rvps3><U>arguments</U><BR>This command has no arguments.</P>
<P class=rvps3><U>result<BR></U>This command does not set any result
variables.</P></body>
</html>

24
help/StepOver.htm
View File

@ -1,24 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>StepOver/step/sto/st</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>StepOver[,step,sto,st]<BR></STRONG>Step over
calls. When the instruction at CIP isn't a call,&nbsp;a StepInto is performed.</P>
<P><U>arguments</U><BR>This command has no arguments.
</P>
<P class=rvps3><U>result<BR></U>This command does not set any result
variables.</P></body>
</html>

31
help/StopDebug_stop_dbgstop.htm
View File

@ -1,31 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>StopDebug/stop/dbgstop</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P>
<STRONG>
StopDebug[,stop,dbgstop]
<BR>
</STRONG>Terminate the current debuggee and stop debugging
it.</P>
<P class=rvps3>
<U >
arguments</U>
<BR>This command has no arguments. </P>
<P class=rvps3><U>result<BR></U>This command does not set any result
variables.</P></body>
</html>

20
help/Structures.htm
View File

@ -1,20 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Structures</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>Structures</STRONG><BR>This section describes
the various plugin SDK structures.</P></body>
</html>

40
help/The_basics.htm
View File

@ -1,40 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>The basics</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>The basics</STRONG><BR>This page covers the
basic principles of plugin development for x64dbg.</P>
<P><STRONG>Exports</STRONG><BR>A plugin has at least one
export. This export must be called <U>pluginit</U>. See the PLUG_INITSTRUCT and
the plugin headers for
more information. The other valid exports are:</P>
<P><U>plugstop</U>: called when the plugin is about to be
unloaded. Remove all registered commands and
callbacks here. Also clean up plugin data.</P>
<P><U>plugsetup</U>: Called when the plugin initialization
was successful, here you
can register menus and other GUI-related things.</P>
<P><U>CB*</U>: Instead of calling _plugin_registercallback,
you can create a CDECL export which has the name of the callback. For example
when you create an export called "CBMENUENTRY", this will be registered as your
callback for the event CB_MENUENTRY. Notice that you should <STRONG>not</STRONG>
use an underscore in the export name.</P>
<P><U>CBALLEVENTS</U>: An export with the name "CBALLEVENTS"
will get every event registered to it. This is done
prior to registering optional other export names.</P></BODY></HTML>

26
help/ToggleBPX_bpt_bt.htm
View File

@ -1,26 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>ToggleBPX/bpt/bt</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>ToggleBPX[,bpt,bt]<BR></STRONG>Toggle
(enable/disable) a breakpoint.</P>
<P><U>arguments<BR></U>&nbsp; arg1:
Name or address of the
breakpoint to toggle.</P>
<P><U>result<BR></U>The $result variable will be set to the
state of the breakpoint before it was toggled. 1: breakpoint was enabled before,
0: breakpoint
was disabled before.</P></body>

21
help/User_Database.htm
View File

@ -1,21 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>User Database</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>User Database<BR></STRONG>This section contains
commands that manipulate the user database (comments, labels and
bookmarks).</P></body>
</html>

37
help/Variables.htm
View File

@ -1,37 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Variables</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P class=rvps3><STRONG>Variables</STRONG><BR>This program
supports variables. There are three types of variables:</P>
<P class=rvps3><U>USER</U>: Variables
created by the user using the "var" command. These variables have no access
restrictions.</P>
<P class=rvps3><U>SYSTEM</U>: Variables
created by the system, that can be read and written, but cannot be deleted.</P>
<P class=rvps3><U>READONLY</U>:
Variables created by the system, that can be read, but not written or
deleted.</P>
<P class=rvps3><STRONG>Reserved
Variables</STRONG><BR>There are a few reserved
variables:</P>
<P class=rvps3><U>$res/$result</U>: General result variable.<BR><U>$resN/$resultN</U>:
Optional other result variables (N=
1-4).<BR><U>$pid</U>: Project ID of the debugged
executable.<BR><U>$hp/$hProcess</U>: Debugged executable
handle.<BR><U>$lastalloc</U>: Last result of the
'alloc' command.</P></body>
</html>

20
help/Variables_section.htm
View File

@ -1,20 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Variables</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>Variables<BR></STRONG>This section contains
commands that can manipulate variables.</P></body>
</html>

30
help/_plugin_menuentryseticon.htm
View File

@ -1,30 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>_plugin_menuentryseticon</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>_plugin_menuseticon</STRONG><BR>This
function sets an icon to a menu.<BR>
<P><STRONG>void _plugin_menuseticon (<BR>int</STRONG>
pluginHandle, //plugin handle<BR><STRONG>int</STRONG>
hEntry, //handle of the menu entry<BR><STRONG>const ICONDATA*</STRONG> icon //icon data<BR><STRONG>);</STRONG> </P>
<P><STRONG>Parameters</STRONG></P>
<P><U>pluginHandle</U>: Handle of the calling plugin.</P>
<P><U>hEntry</U>: Menu handle from a
previously-added child menu or from the main plugin menu.</P>
<P><U>icon</U>: Icon data. See
bridgemain.h for a definition.</P>
<P><STRONG>Return Values</STRONG> <BR>This function does not return a value.</P></body>
</html>

29
help/_plugin_menuseticon.htm
View File

@ -1,29 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>_plugin_menuseticon</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>_plugin_menuseticon</STRONG><BR>This function
sets an icon to a menu.<BR>
<P><STRONG>void _plugin_menuseticon
(<BR>int</STRONG> hMenu, //handle of the menu<BR><STRONG>const ICONDATA*</STRONG>
icon //icon data<BR><STRONG>);</STRONG>
</P>
<P><STRONG>Parameters</STRONG></P>
<P><U>hMenu</U>: Menu handle from a
previously-added child menu or from the main plugin menu.</P>
<P><U>icon</U>: Icon data. See bridgemain.h for a definition.</P>
<P><STRONG>Return Values</STRONG> <BR>This function does not return a value.</P></body>
</html>

28
help/add.htm
View File

@ -1,28 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>add</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>add</STRONG><BR> Add two
values.</P>
<P class=rvps3>
<U >
arguments</U>
<BR>&nbsp; arg1: Destination.</P>
<P class=rvps3>&nbsp; arg2: Source.
</P><P class=rvps3><U >result<BR>
</U>This command does not set any
result&nbsp;variables.</P></body></HTML>

26
help/alloc.htm
View File

@ -1,26 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>alloc</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>alloc<BR></STRONG>Allocate memory in the debuggee (using
VirtualAllocEx). The memory is allocated
with PAGE_EXECUTE_READWRITE protection.</P>
<P><U>arguments</U><BR>[arg1]: Size of the memory to
allocate. When not specified, a default size of 0x1000 is used.</P>
<P><U>result</U><BR>This command sets $result to the allocated memory address. It also sets the $lastalloc
variable to the allocated memory address when VirtualAllocEx
succeeded.</P></body>
</html>

23
help/analyse_analyze_anal.htm
View File

@ -1,23 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>analyse/analyze/anal</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>analyse[,analyze,anal]</STRONG><BR>Do function
analysis.</P>
<P><U>arguments</U><BR>This command has no arguments.</P>
<P><U>result</U><BR>This command does not set any result
variables.</P></body>
</html>

30
help/and.htm
View File

@ -1,30 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>and</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>and</STRONG><BR>Binary AND
two values.</P>
<P class=rvps3>
<U>
arguments
</U>
<BR>&nbsp; arg1: Destination.</P>
<P class=rvps3 >&nbsp; arg2: Source.</P>
<P class=rvps3><U>result<BR></U>This command does not set any
result&nbsp;variables.</P></body>
</html>

26
help/asm.htm
View File

@ -1,26 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>asm</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>asm<BR></STRONG>Assemble an instruction.</P>
<P class=rvps3><U>arguments</U> <BR>&nbsp; arg1: Address to place the assembled instruction at.
</P>
<P class=rvps3>&nbsp; arg2: Instruction text. </P>
<P class=rvps3>[arg3]: When specified the remainder of the
previous instruction will be filled with NOPs. </P>
<P class=rvps3><U>result<BR></U><EM>$result</EM> will be set to the
assembled instruction size. 0 on failure.</P></body>
</html>

29
help/bookmark_bookmarkset.htm
View File

@ -1,29 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>bookmark/bookmarkset</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>bookmark[,bookmarkset]<BR></STRONG>Set a
bookmark.</P>
<P><U>arguments </U><BR>&nbsp; arg1:&nbsp;Address to set the bookmark at (preferably
inside a module). </P>
<P>
<U>
result
</U>
<BR>This command does not set any result
variables.</P></body>
</html>

24
help/bookmarkc_bookmarkdel.htm
View File

@ -1,24 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>bookmarkc/bookmarkdel</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>bookmarkc[,bookmarkdel]<BR></STRONG>Delete a
bookmark.</P>
<P><U>arguments </U><BR> &nbsp; arg1:&nbsp;Address of the
bookmark to delete. </P>
<P><U>result</U> <BR>This command does not set any result
variables.</P></body>
</html>

22
help/bookmarklist.htm
View File

@ -1,22 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>bookmarklist</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>bookmarklist<BR></STRONG>List user-defined bookmarks in reference view.</P>
<P><U>arguments</U><BR>This command has no arguments.</P>
<P><U>result<BR></U><EM>$result</EM> will be set to
the number of user-defined bookmarks.</P></body>
</html>

36
help/bplist.htm
View File

@ -1,36 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>bplist</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>bplist</STRONG><BR>Get a list of breakpoints.
This list includes their state (enabled/disabled), their type, their address and
(optionally) their names.</P>
<P><U>arguments</U><BR>This command has no arguments.</P>
<P><U>result</U><BR>
This command does not set any result variables. A list entry has the
following format:</P>
<P><EM>STATE</EM>:<EM>TYPE</EM>:<EM>ADDRESS</EM>[:<EM>NAME</EM>]</P>
<P><EM>STATE</EM> can be 0 or 1. 0 means disabled, 1 means
enabled. Only singleshoot and 'normal' breakpoints can be disabled.</P>
<P><EM>TYPE</EM> can be one of the following values: BP,
SS, HW and GP. BP stands for a normal breakpoint (set using the SetBPX command),
SS stands for SINGLESHOT, HW stands for HARDWARE and GP stand for Guard Page,
the way of setting memory breakpoints.</P>
<P><EM>ADDRESS</EM> is the breakpoint address, given in 32 and 64
bits for the x32 and x64 debugger respectively.</P>
<P><EM>NAME</EM> is the name assigned
to the breakpoint.</P></body>
</html>

26
help/call.htm
View File

@ -1,26 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>call</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>call<BR></STRONG>A call works exactly the same as an uncondentional
branch, but it places it's address on the script stack.</P>
<P class=rvps3><U>arguments </U><BR>&nbsp;&nbsp;arg1: The label to jump to.</P>
<P class=rvps3>
<U>
result
<BR></U>This command does not set any result variables.
</P></body>
</html>

24
help/chd.htm
View File

@ -1,24 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>chd</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>chd</STRONG><BR>Change current directory
(SetCurrentDirectory).</P>
<P><U>arguments</U><BR>&nbsp; arg1: Path of a directory to change
to.</P>
<P><U>result<BR></U>This command does not set any result
variables.</P></body>
</html>

22
help/cls.htm
View File

@ -1,22 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>cls/lc/lclr</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P class=rvps3><STRONG>cls[,lc,lclr]</STRONG><BR>Clear the log
window.</P>
<P class=rvps3><U>arguments</U><BR>This command has no arguments.</P>
<P class=rvps3><U>result<BR></U>This command does not set any result
variables.</P></body></HTML>

30
help/cmp.htm
View File

@ -1,30 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>cmp</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>cmp<BR></STRONG> This command compares two expressions. Notice
that when you want to check for values being bigger or smaller, the
comparison arg1&gt;arg2 is made. If this evaluates to true, the $_BS_FLAG is set to
1, meaning the value is bigger. So you test if arg1 is bigger/smaller than
arg2.</P>
<P><U>arguments<BR></U>&nbsp;arg1: First expression to compare.
</P>
<P>&nbsp;arg2: Second expression to compare.
</P>
<P><U>result<BR></U>This command sets the internal
variables $_EZ_FLAG and $_BS_FLAG. They are checked when a branch is
performed.
</P></body></HTML>

35
help/cmt_cmtset_commentset.htm
View File

@ -1,35 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>cmt/cmtset/commentset</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>cmt[,cmtset,commentset]<BR></STRONG>Set a
comment.</P>
<P>
<U>
arguments</U>
<BR>&nbsp; arg1:&nbsp;Address to set the comment at (preferably inside a
module).</P>
<P >
&nbsp;
arg2: Comment text.</P>
<P >
<U>
result</U>
<BR>
This command does not set
any result variables.</P></body>
</html>

30
help/cmtc_cmtdel_commentdel.htm
View File

@ -1,30 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>cmtc/cmtdel/commentdel</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>cmtc[,cmtdel,commentdel]<BR></STRONG>Delete a comment.</P>
<P>
<U>
arguments
</U>
<BR>&nbsp; arg1:&nbsp;Address of the comment to delete.</P>
<P>
<U >
result</U>
<BR>
This command does not set any result variables.</P></body>
</html>

23
help/commentlist.htm
View File

@ -1,23 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>commentlist</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>commentlist<BR></STRONG>List user-defined
comments in reference view.</P>
<P><U>arguments</U><BR>This command has no arguments.</P>
<P><U>result<BR></U><EM>$result</EM> will be set to the
number of user-defined comments.</P></body>
</html>

23
help/dec.htm
View File

@ -1,23 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>dec</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>dec</STRONG><BR>Decrease a
value.</P>
<P class=rvps3><U>arguments </U><BR>&nbsp; arg1: Destination.</P>
<P class=rvps3><U>result <BR></U>This command does not set any
result&nbsp;variables.</P></body>
</html>

28
help/disasm_dis_d.htm
View File

@ -1,28 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>disasm/dis/d</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>disasm[,dis,d]<BR></STRONG>
Disassemble at a certain position.</P>
<P class=rvps3>
<U>arguments</U>
<BR >
[arg1]: The address to disassemble at. When not specified,
there will be assembled at CIP.
</P><P class=rvps3><U>result<BR></U>This command does not set any result
variables.</P></body>
</html>

24
help/div.htm
View File

@ -1,24 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>div</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>div</STRONG><BR>Devide&nbsp;two
values.</P>
<P class=rvps3><U>arguments </U><BR>&nbsp; arg1: Destination.</P>
<P class=rvps3>&nbsp; arg2: Source.</P>
<P class=rvps3><U>result<BR></U>This command does not set any
result&nbsp;variables.</P></body>
</html>

27
help/dump.htm
View File

@ -1,27 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>dump</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>dump<BR></STRONG>Dump at a certain position.</P>
<P class=rvps3><U>arguments</U> <BR>[arg1]: The address to dump at.</P>
<P class=rvps3>
<U>
result
<BR>
</U>This command does not set any result
variables.</P></body>
</html>

29
help/eSingleStep_esstep_esst.htm
View File

@ -1,29 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>eSingleStep/esstep/esst</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P >
<STRONG >
eSingleStep[,esstep,esst]
<BR></STRONG>Step a specified number of instructions using the
Trap-Flag, skipping first-chance exceptions.</P>
<P class=rvps3><U>arguments</U><BR>[arg1]: The number of instructions to executre (this can be
any valid expression). When not specified, a StepInto is performed.</P>
<P class=rvps3><U>result<BR></U>This command does not set any result
variables.</P>
</body>
</html>

34
help/eStepInto_esti.htm
View File

@ -1,34 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>eStepInto/esti</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P>
<STRONG>
eStepInto[,esti]
<BR>
</STRONG>Single Step (using Trap-Flag), skipping
first-chance exceptions.
</P>
<P class=rvps3 >
<U>
arguments</U>
<BR>This command has no arguments.</P>
<P class=rvps3><U>result<BR></U>This command does not set any result
variables.</P>
</body>
</html>

31
help/eStepOut_ertr.htm
View File

@ -1,31 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>eStepOut/ertr</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P>
<STRONG>
eStepOut[,ertr]
<BR>
</STRONG>Return from function by calling eStepOver until
the current instruction is a RET.</P>
<P class=rvps3>
<U >
arguments</U>
<BR>This command has no arguments. </P>
<P class=rvps3><U>result<BR></U>This command does not set any result
variables.</P></body>
</html>

32
help/eStepOver_estep_esto_est.htm
View File

@ -1,32 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>eStepOver/estep/esto/est</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P>
<STRONG>
eStepOver[,estep,esto,est]
<BR>
</STRONG>Step over calls, skipping first-chance
exceptions.&nbsp;When the instruction at CIP isn't a call,&nbsp;a StepInto is
performed.</P>
<P>
<U >
arguments</U>
<BR>This command has no arguments. </P>
<P class=rvps3><U>result<BR></U>This command does not set any result
variables.</P></body>
</html>

32
help/erun_ego_er_eg.htm
View File

@ -1,32 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>erun/ego/er/eg</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>erun[,ego,er,eg]</STRONG><BR>Free the
lock and allow the program to run, skipping first-chance exceptions.</P>
<P>
<U>
arguments
</U>
<BR>
This command has no arguments.</P>
<P>
<U >
result</U>
<BR >
This command does not set any result variables.</P>
</body>
</html>

31
help/find.htm
View File

@ -1,31 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>find</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>find<BR></STRONG> Find a pattern.</P>
<P class=rvps3><U>arguments</U> <BR>&nbsp; arg1: The address to start searching from. Notice
that the searching will stop when the end of the memory page this address
resides in has been reached. This means you cannot search the complete process
memory without enumerating the memory pages first.</P>
<P class=rvps3>&nbsp; arg2: The byte pattern to search for.
This byte pattern can contain wildcards (?) for example: "EB0?90??8D".</P>
<P class=rvps3>[arg3]: The size of the data to search
in.</P>
<P class=rvps3><U>result <BR></U>The $result variable is set to the virtual address of
the address that matches the byte pattern. $result will be 0 when the pattern
could not be matched.</P>
<P>&nbsp;</P></body>
</html>

30
help/findall.htm
View File

@ -1,30 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>findall</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>findall<BR></STRONG>Find all occurrences of a pattern.</P>
<P class=rvps3><U>arguments</U> <BR>&nbsp; arg1: The address to start searching from. Notice
that the searching will stop when the end of the memory page this address
resides in has been reached. This means you cannot search the complete process
memory without enumerating the memory pages first.</P>
<P class=rvps3>&nbsp; arg2: The byte pattern to search for.
This byte pattern can contain wildcards (?) for example: "EB0?90??8D".</P>
<P class=rvps3>[arg3]: The size of the data to search
in.</P>
<P class=rvps3><U>result <BR></U><EM>$result</EM> is set to the
number of occurrences.</P></body>
</html>

27
help/findasm_asmfind.htm
View File

@ -1,27 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>findasm/asmfind</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>findasm[,asmfind]<BR></STRONG>Find assembled
instruction.</P>
<P class=rvps3><U>arguments</U> <BR>&nbsp; arg1: Instruction to look for (make sure to use "mov
eax, ebx" to ensure you actually search for that instruction).</P>
<P class=rvps3>[arg2]: Address&nbsp;of/inside a memory page
to look in. When not specified CIP will be used.&nbsp;</P>
<P class=rvps3>[arg3]: The size of the data to search in.</P>
<P class=rvps3><U>result <BR></U>The $result variable is set to the number of references
found. </P></body>
</html>

32
help/free.htm
View File

@ -1,32 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>free</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>free</STRONG><BR>
Free&nbsp;memory in the debuggee (using VirtualFreeEx).</P>
<P>
<U>arguments</U><BR> [arg1]: Address of the memory to free. When not
specified, the value at $lastalloc is used.</P>
<P>
<U>
result
</U>
<BR>
This command sets $result
to 1 if VirtualFreeEx succeeded, otherwise it's set to
0. $lastalloc is set to zero when the address specified is equal
to $lastalloc.</P></body>
</html>

29
help/functionadd_func.htm
View File

@ -1,29 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>functionadd/func</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>functionadd[,func]<BR></STRONG>Add a function.</P>
<P><U>arguments </U><BR>&nbsp; arg1:&nbsp;Function range start. </P>
<P>&nbsp; arg2: Function range end.</P>
<P>
<U>
result
</U>
<BR>This command does not set any result
variables.
</P></body>
</html>

33
help/functionclear.htm
View File

@ -1,33 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>functionclear</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P>
<STRONG>
functionclear
<BR>
</STRONG>Delete all functions in all modules.
</P>
<P >
<U >
arguments</U>
<BR>
This command has no arguments.</P>
<P><U>result<BR></U> This command does not
set any result variables.</P></body>
</html>

32
help/functiondel_funcc.htm
View File

@ -1,32 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>functiondel/funcc</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>functiondel[,funcc]<BR></STRONG>Delete a function.</P>
<P>
<U>
arguments
</U>
<BR>&nbsp; arg1:&nbsp;Address inside the function range&nbsp;to
delete.</P>
<P >
<U >
result</U>
<BR>
This command does not set any result variables.</P>
</body>
</html>

23
help/functionlist.htm
View File

@ -1,23 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>functionlist</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>functionlist<BR></STRONG>List user-defined functions in reference view.</P>
<P><U>arguments</U><BR>This command has no arguments.</P>
<P><U>result<BR></U><EM>$result</EM> will be set to
the number of user-defined functions.</P>
</body>
</html>

23
help/getcommandline_getcmdline.htm
View File

@ -1,23 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>getcommandline/getcmdline</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>getcommandline[,getcmdline]<BR></STRONG>It&nbsp;gets the actual command line.</P>
<P><U>arguments</U><BR>This command has no arguments.</P>
<P class=rvps3><U>result <BR></U>This command does not set any result
variables.</P>
</body>
</html>

49
help/getjit_jitget.htm
View File

@ -1,49 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>getjit/jitget</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>getjit[,jitget]<BR></STRONG>Get&nbsp;the Just-In-Time Debugger in Windows. In
WIN64 systems there are two JIT entries: one for a x32&nbsp;debugger and other
for a x64 debugger. In a WIN64 system when a x32 process
crash:&nbsp;Windows&nbsp;attach&nbsp;the x32 debugger stored in the x32-JIT
entry. Important notes:</P>
<UL>
<LI>
<DIV>Its possible&nbsp;get the
x32-JIT&nbsp;entry&nbsp;from the x64 debugger (using the x32 arg).</DIV>
<LI>
<DIV>Its possible get the x64-JIT&nbsp;entry&nbsp;from the
x32 debugger&nbsp;ONLY if the x32 debugger its running in a WIN64
System&nbsp;(using the x64 arg).</DIV></LI></UL>
<P><U>arguments</U>&nbsp; </P>
<P class=rvps3>&nbsp; without args:&nbsp;Get the current JIT
debugger.&nbsp;</P>
<P class=rvps3>&nbsp;&nbsp;arg2:</P>
<OL>
<OL>
<LI>
<DIV class=rvps3>old:&nbsp;Get the old JIT entry
stored.</DIV>
<DIV class=rvps3></DIV>
<LI>
<DIV class=rvps3>x32: Get the x32-JIT&nbsp;entry.</DIV>
<LI>
<DIV class=rvps3>x64: Get the
x64-JIT&nbsp;entry.</DIV></LI></OL></OL>
<P class=rvps3><U>result <BR></U>This command does not set any result
variables.</P>
</body>
</html>

49
help/getjitauto_jitgetauto.htm
View File

@ -1,49 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>getjitauto/jitgetauto</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>getjitauto[,jitgetauto]<BR></STRONG>Get&nbsp;the Auto Just-In-Time Debugger FLAG in
Windows. if this flag&nbsp;value its&nbsp;TRUE Windows runs the debugger without
user confirmation when a process crash. In WIN64 systems there are two JIT
AUTO&nbsp;FLAG&nbsp;entries: one for a x32&nbsp;debugger and other for a x64
debugger. In a WIN64 system when a x32 process crash with AUTO FLAG =
FALSE:&nbsp;Windows&nbsp;confirm before attach&nbsp;the x32 debugger stored in
the x32-JIT entry. Important notes:</P>
<UL>
<LI>
<DIV>Its possible&nbsp;get the x32-JIT
AUTO&nbsp;FLAG&nbsp;entry&nbsp;from the x64 debugger (using the x32
arg).</DIV>
<LI>
<DIV>Its possible get the x64-JIT
AUTO&nbsp;FLAG&nbsp;entry&nbsp;from the x32 debugger&nbsp;ONLY if the x32
debugger its running in a WIN64 System&nbsp;(using the x64 arg).</DIV></LI></UL>
<P><U>arguments</U>&nbsp;&nbsp;<SPAN class=rvts11><SPAN class=rvts9>&nbsp;&nbsp;
</SPAN></SPAN></P>
<P>&nbsp; without args: Get current JIT entry FLAG.</P>
<P class=rvps3>&nbsp;&nbsp;arg1:</P>
<OL>
<OL>
<DIV class=rvps3></DIV>
<LI>
<DIV class=rvps3>x32: Get the x32-JIT
AUTO&nbsp;FLAG.</DIV>
<LI>
<DIV class=rvps3>x64: Get the x64-JIT AUTO&nbsp;FLAG.</DIV>
<DIV></DIV></LI></OL></OL>
<P class=rvps3><U>result <BR></U>This command does not set any result variables.</P>
</body>
</html>

24
help/getpagerights_getrightspage.htm
View File

@ -1,24 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>getpagerights/getrightspage</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>getpagerights[,getpagerights,getrightspage]<BR></STRONG>Get the&nbsp;rights of a memory page.</P>
<P class=rvps3><U>arguments</U>&nbsp;<BR>&nbsp; arg1:&nbsp;Memory Address&nbsp;of page (it
fix&nbsp;the address if&nbsp;this arg&nbsp;is not the top address of a page).</P>
<P class=rvps3><U>result <BR></U>This command does not set any result
variables.</P>
</body>
</html>

29
help/gpa.htm
View File

@ -1,29 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>gpa</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>gpa</STRONG><BR>Get the address of an export
inside a DLL.</P>
<P class=rvps3><U>arguments </U><BR>&nbsp; arg1: Export name.</P>
<P class=rvps3>[arg2]: DLL name.</P>
<P class=rvps3>
<U >
result
<BR ></U>
The <U>$result</U> variable is set to the
export address. When the export is not found, <U>$result</U> will be set to 0.
</P></body>
</html>

23
help/inc.htm
View File

@ -1,23 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>inc</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>inc<BR></STRONG>Increase a
value.</P>
<P class=rvps3><U>arguments </U><BR>&nbsp; arg1: Destination.</P>
<P class=rvps3><U>result<BR></U>This command does not set any
result&nbsp;variables.</P></body>
</html>

23
help/invalid.htm
View File

@ -1,23 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>invalid</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>invalid</STRONG><BR>Invalid command to throw an error message. This command will halt the
script execution.</P>
<P class=rvps3><U>arguments </U><BR>This command has no arguments.</P>
<P class=rvps3><U>result <BR></U>This command does not set any result variables.
</P></body>
</html>

26
help/killthread_threadkill.htm
View File

@ -1,26 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>killthread/threadkill</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>killthread[,threadkill]<BR></STRONG>Kill a
thread in the debuggee.</P>
<P class=rvps3><U>arguments</U>&nbsp;<BR>[arg1]:&nbsp;ThreadId of the thread to&nbsp;kill&nbsp;(see
the Threads tab). When not specified, the main thread is used.&nbsp;</P>
<P class=rvps3>[arg2]: Thread exit code. When not specified,
0 will be used.</P>
<P class=rvps3><U>result <BR></U>This command does not set any result
variables.</P></body>
</html>

34
help/labellist.htm
View File

@ -1,34 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>labellist</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>labellist<BR></STRONG>List user-defined labels in reference view.</P>
<P>
<U>
arguments
</U>
<BR>
This command has no arguments.</P>
<P>
<U >
result
<BR ></U>
<EM>
$result</EM> will be set to
the number of user-defined labels.</P></body>
</html>

34
help/lbl_lblset_labelset.htm
View File

@ -1,34 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>lbl/lblset/labelset</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>lbl[,lblset,labelset]<BR></STRONG>Set a label.</P>
<P>
<U>
arguments
</U>
<BR>&nbsp; arg1:&nbsp;Address to set the label at (preferably
inside a module).
</P>
<P > &nbsp; arg2: Label text.</P>
<P >
<U>
result</U>
<BR>This command does not set any result
variables.</P></body>
</html>

22
help/lblc_lbldel_labeldel.htm
View File

@ -1,22 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>lblc/lbldel/labeldel</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>lblc[,lbldel,labeldel]<BR></STRONG>Delete a label.</P>
<P><U>arguments </U><BR>&nbsp; arg1:&nbsp;Address of the label to delete.</P>
<P><U>result</U> <BR>This command does not set any result
variables.</P></body>
</html>

30
help/loaddb_dbload.htm
View File

@ -1,30 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>loaddb/dbload</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P>
<STRONG>
loaddb[,dbload]
<BR>
</STRONG>Load the program database from disk in memory.</P>
<P>
<U >
arguments</U>
<BR>This command has no arguments.</P>
<P class=rvps3><U>result <BR></U>This command does not set any result
variables. </P></body>
</html>

Some files were not shown because too many files have changed in this diff Show More