You may have already seen that Microsoft have released there first beta of Windows Vista SP2, as it was reported on several sites yesterday, one of my favorities is Rafael’s Within Windows blog. So you’ve probably already heard that there’s nothing much in there and it’s just a collection of previous fixes, albeit about a 290MB collection. Well standback and prepare to be flabagasted, because on x64 Vista Ultimate, that colection grows to about 490MB, it must be all those 64bit pointers đŸ™‚
Tag Archives: x64
SyncToy 2.0
Microsoft have released v2.0 of there SyncToy tool, which is freely available from here. This had previously been available in beta form, but it is now officially released and has a native x64 version đŸ™‚
CHimpREC x64
My x64 tool bag continues to grow with this new import reconstructing tool created by TiGa (SĂ©bastien Doucet) and demo’d at the RECon 2008 event. You can read more about this new tool and grab yourself a copy at the Collaborative RCE Tool Library. Also you can download the video of TiGa’s RECon session on x64 unpacking here and see the tool in use.
Reflector + Deblector + x64 = 0x80131C30
I was trying to debug a problem the other day and I set out using Lutz Roeder’s excellent Reflector for .NET tool, along with Deblector, an addin for debugging within Reflector. I loaded my target into Reflector and started the debugging addin and up popped the following dialog.
Now this dialog contains a lot of information, but to be honest it kind of overwhelmed me and didn’t really give me any good feeling about what had actually gone wrong. Obviously it was related in some way to MDbg, the managed debugger used by Reflector. So I pulled down the Managed Debugger Sample and the Deblector source and set about trying to figure what had really gone wrong. Anyway I tracked this dialog down to the following piece of code
private void DebuggerErrorEventHandler(Object sender, CorDebuggerErrorEventArgs e) { Trace.WriteLine("ManagedCallback::DebuggerError"); if (InternalHandleRawMode(ManagedCallbackType.OnDebuggerError, e)) return; e.Continue = false; InternalSignalRuntimeIsStopped(null, new DebuggerErrorStopReason()); Debug.Assert(false, "Critical failures -- received DebuggerError callback."); }
And examining the CorDebuggerErrorEventArgs object allowed my to actually find the error code 0x80131C30, this wasn’t a number I was familiar with, so I had to Google it, which led me to the fact that ICorPublish does not cross the 32/64 bit boundary. Ah, now were getting somewhere I thought, the .net flags in the header of the target I was trying to debug was set as follows
But for some (presumably good) reason, Reflector’s binary is set to ’32bit required’. As I was running on Vista x64 my target was being run as a 64 bit image, but Relfector + Deblector + the ICorPublish interface they created were running as 32 bit.
The solution to my problem, well I simply ticked the ’32bit required’ tick box in the flags section of the .net header for the target I wished to debug and everything started working.
Hex Workshop x64 Shell Extension
My favorite Hex editor is the excellent Hex Workshop. However, having just made the switch to Vista x64, I found that 32 bit shell extensions (which are COM dll’s) can not be loaded by 64 bit processes such as explorer.exe. So I hade a quick look around and came across this article by Michael Dunn and from this I have created an x64 shell extension for Hex Workshop. Feel free to download it here, just copy it to your Hex Workshop folder and register it. It was built using Visual Studio 2008, so you may need the latest MS runtime’s.
C:Program Files (x86)BreakPoint SoftwareHex Workshop v5>regsvr32 hwext64.dll