Releases: 0cch/0cchext
Releases · 0cch/0cchext
1.20.3.4
Add a64 command.
!a64 - Input x64 asm code.
Since the a command does not support 64-bit instruction mnemonics on windbg:
0:000> a .
00000000`77ae7980 xor rax,rax
xor rax,rax
^ Couldn't resolve 'xor rax,rax'
I import XED to support 64-bit instruction mnemonics:
0:000> !a64 .
0000000077ae7980 xor rax,rax
xor rax,rax = 48 31 c0
1.20.2.111
Update gt command
!gt - Go and interrupted after a period of time (ms).
0:004> .time;!gt 0n1000;.time
Debug session time: Thu Apr 15 15:09:44.839 2021 (UTC + 8:00)
System Uptime: 20 days 2:53:31.728
Process Uptime: 0 days 0:10:23.148
Kernel time: 0 days 0:00:00.015
User time: 0 days 0:00:00.000
Debug session time: Thu Apr 15 15:09:45.846 2021 (UTC + 8:00)
System Uptime: 20 days 2:53:32.735
Process Uptime: 0 days 0:10:24.155
Kernel time: 0 days 0:00:00.015
User time: 0 days 0:00:00.000
* Capture a dump every second for 10 seconds
.for(r $t0 = 0; $t0 < 0n10; r $t0 = $t0 + 1) {!0cchext.gt 0n1000 -c .dump /u f:\test.dump;}
1.0.19.2.97
update dlsym command
1.0.19.2.96
!dlsym can set proxy to download symbols
1.0.19.1.95
add !cppexcrname command
0:000> .exr -1
ExceptionAddress: 74e61812 (KERNELBASE!RaiseException+0x00000062)
ExceptionCode: e06d7363 (C++ EH exception)
ExceptionFlags: 00000001
NumberParameters: 3
Parameter[0]: 19930520
Parameter[1]: 006ff46c
Parameter[2]: 00372294
0:000> !cppexcrname
Exception name: .?AVexception@std@@
1.0.18.5.94
add !oledata command
1.0.18.4.93
improve !autocmd command to support dump and kernel mode debug
put autocmd.ini to the same folder of 0cchext.dll, and you can run windbg with -c "!0cchext.autocmd", windbg will auto load 0cchext and run these commands in the configuration.
[all]
? 88 * 66
[kernel]
!process 0 0 explorer.exe
[kernel dump]
!analyze -v
[notepad.exe]
.sympath+ c:\notepad_pdb
~*k
[calc.exe]
.sympath+ c:\calc_pdb
~*k
[calc.exe dump]
.excr
1.0.18.3.92
update the version number of 0cchext.dll
1.0.18.2.79
add !accessmask command
1.0.17.1.56
add !du8 command to display UTF-8 string.