x64dbg 的条件断点及断点日志

 

1,断点命中次数,例如,第100次断下        $breakpointcounter==0x64

2,打印参数字符串  {utf16@[esp+8]}

         setText = {[rsp+0x8]} = {[[rsp+0x8]]} = {utf16@[[rsp+0x8]]+0x18}      QT程序setText中断时取出的当前字符串

3,以下是从帮助文件上摘录的

  • rax: {rax} formats to rax: 4C76
  • password: {s:4*ecx+0x402000} formats to password: L"s3cret"
  • {x:bswap(rax)} where rax=0000000078D333E0 formats to E033D37800000000
  • {bswap;4@rax} where rax=1122334455667788 formats to 88776655
  • {mem;size@address} will print the size bytes starting at address in hex
  • {ansi[;length]@address} will print the ANSI string at address with an optional length (in bytes)

  • EAX==1 && ECX==1
  • $breakpointcounter==3 or ($breakpointcounter%3)==0
  • tid()==1C0

 

4 , 补充一些应用实例

  打印出CreateFileW函数参数中的路径:

  CreateFileW = {utf16@[esp+4]}

   code:{[esp+4]}  buff:{[esp+10]}

5, 打印 LOGFONTW 结构体信息

  {[ebx+4]} Weight={[ebx+10]} Face={utf16@(ebx+1c)}

posted @ 2020-08-07 17:44  czcbzc  阅读(4500)  评论(0编辑  收藏  举报