X64dbg Xfg Marker Save Abandoned

An x64dbg plugin which marks XFG call signatures as data

Project README

x64dbg XFG Marker Plugin

Microsoft eXtended Flow Guard (XFG) is a control-flow integrity (CFI) technique that extends CFG with function call signatures. Each signature is 8 bytes long, and is located right before the target function. Since the signature is located in the code section, x64dbg gets confused and shows it as random instructions. This also often makes x64dbg unable to correctly disassemble the beginning of the function.

The plugin goes over all XFG function call signatures and marks them as 8-byte integers, creating a clear separation between the signature and the function.

XFG Marker Plugin demo

Xrefs and comments

The plugin also has the options to add comments with the possible indirect call target functions, and to add xrefs between the indirect call and each target function for easy navigation.

For more details, refer to the relevant blog post.

Open Source Agenda is not affiliated with "X64dbg Xfg Marker" Project. README Source: m417z/x64dbg-xfg-marker

Stars

Open Issues

Last Commit

1 year ago

License

GPL-3.0

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/x64dbg-xfg-marker"><img src="https://www.opensourceagenda.com/projects/x64dbg-xfg-marker/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022