Almost 2 years ago I wrote a post about x64dbg and why I don't use it in my work. People still comment on the article, so I decided to revisit x64dbg and see if anything has changed in past two years.
Some menus are slightly cleaned up. Not by much, though.
It's getting slightly better. Instead of three different assembler engines we have "just" two. However, other useless features like "Help on mnemonic" are still there. What for?
And some of the big bloat is still there (eg. Snowman and Yara). Those are standalone tools, not core features. In my opinion, it would make much more sense to have them as plugins so the user can choose whether to have them or not.
But it's still buggy
I tried to use x64dbg for one day - for doing actual work. And during that day, I encountered several serious bugs which seriously affected my work.
Assembler is buggy
Have you ever tried to assemble a simple instruction using x64dbg? For example, mov rax,1 ? You might get a different instruction instead..
As of time of writing, this is the latest x64dbg build available for download. The bug is reproducible on older builds as well.
Why is that? I'd say it's because of the feature bloat. There are 2 assembler engines and apparently at least one of them is not tested properly.
Can I work around it? Yes. Once I know that AsmJit is broken, I can use XEDParse all the time. But it shouldn't be like that in the first place!
Ignored exceptions are not ignored.
Ever tried ignoring exceptions? It kinda works. Sometimes. But not always. From what I see, it's totally random - but 100% reproducible.
Again - using the latest build, x32dbg this time:
Sounds like a minor annoyance to you? Try debugging executable that uses "int 3" as an anti-debug measure everywhere. It's basically impossible with x32dbg.
Some things have improved. But overall, it's still the same product it was 2 years ago - good for some simple tasks, unreliable for an actual work.