xFasImport – plugin for x64dbg to support fasm

Plugin for importing debugging information from fasm assembler (from .fas file) into x64dbg debugger.

xFasImport - screenshot

Purpose

This plugin is useful for those who use fasm (flat assembler) and x64dbg debugger. Fasm can create a file with debug data (names of labels, functions, etc.). But fasm has its own format for debugging data (it cannot create a standard pdb), and third-party tools are needed to use it in debuggers.

Functionality of xFasImport

  • Support for fasm debug data for executable files in PE/PE+ format (win32/win64);
  • Support for loading debug data for a DLL (selecting a module whose addresses require loading debug data);
  • Loading label and function names;
  • Loading the lines of the source asm-file into the comments (for a more understandable analysis of the machine code generated by macros, the names of local variables in proc-functions, author’s comments);
  • Unicode support (national characters other than ASCII) in file paths;
  • Full support for any national 8-bit encodings in the sources (everything is correctly converted – the source encoding is specified in the plugin settings – and imported into x64dbg as UTF-8).

xFasImport - screenshot of the plugin settings

Planned features in future releases

  • Support for debugging data for files compiled to COFF format and then compiled by a third-party linker into PE/PE+ executables (the situation when the fas-file is mapped to an intermediate COFF-file, and not to the final executable PE-file);
  • Support for fasmg (there will be a specialized macro for fasmg and its support in the plugin).

Alternative Solutions

For the x64dbg debugger, the xFasConv plugin has existed for a long time – but it only loads the names of functions and global variables. The names of local (stack) variables, to which fasm macros (in particular, the PROC … LOCALS … ENDL … ENDP constructs) make use through [EBP+n], are not loaded into the debugger and looking at your own code in the debugger it is not clear what MOV EAX,[EBP+8] does, for example). There is an indirect solution to this problem – to load local names as comments to the code, such a solution is implemented in the x64dbg_dd.exe utility, but the inconvenience is that you need to use it in advance – it creates a separate dd32 or dd64 file, which is then imported into the x64dbg database.

The above solutions are inconvenient (slow), and have a number of problems (incorrect work with national encodings, problems in some cases of loading at a changed base address, difficulties with loading debugging data for a DLL).

The xFasImport plugin for x64dbg presented here combines the functionality of the old xFasConv and x64dbg_dd.exe, and new features – now both global labels and source code are immediately loaded from the plugin menu in x64dbg (which allows you to see local labels and logic of INVOKE/STDCALL arguments as a string, rather than multiple PUSH).

How to create debug information in fasm

To generate debug info (.fas file) in fasm:
for fasm.exe, use the -s switch (for example: fasm.exe test.asm -s test.fas test.exe),
for fasmw.exe, use the Build symbols (Ctrl+F8) command in the menu.

fasmg doesn’t have an easy way, it may be supported in the future.

Features of the fas-file

Please note that the fas-file does not contain the entire source code.

The fas-file contains label names and links to strings in external source asm-files. The label names are read from the fas-file, and the source code lines are read from the asm-files. Therefore, for the correct loading of the fas-file into the debugger, all source asm-files must also be available and unchanged (if after compiling the program you change something in the sources, and then load it into the debugger without rebuilding the program, then the source will not match , the positions of the lines referenced by the fas-file will be erroneous).

For some asm-files, links with full paths can be written in the fas-file, so they cannot be moved. Fas-file is generally not usable on other computers (outside the original environment). The plugin has a tool that shows all links in the fas-file and the age of the files (if the link is to a file that is younger than the fas-file itself, then it is likely that the fas-file is no longer relevant).

Localization

The built-in language is English. But the plugin reads the Language setting (from x64dbg) and loads the appropriate lng-file, which should be in the plugins folder (next to the plugin), for example: xFasImport_ru.lng, xFasImport_fr.lng, xFasImport_de.lng, xFasImport_it.lng, xFasImport_zh_TW.lng

At the moment, only xFasImport_ru.lng (Russian translation) and xFasImport_template.lng (English template for translations) are included in the package, using these files as examples, you can make a translation into any language. If you wish, you can send localized lng-files to me and they will be included in the distribution.

Source codes

Will be published later.

xFasImport version history

History of development plugin:
v.1.0.0.180 (2022.08.20) First public release.

Downloading and Installing xFasImport

You can download files here

Download “xFasImport_v10.rar” – 26 KBVersion 1.0.0.180, 2022-08-20

xFasImport.dp32 file is placed in the \x64dbg\release\x32\plugins folder
xFasImport.dp64 file is placed in the \x64dbg\release\x64\plugins folder
lng-files are placed in the same folders.

Test example of error generation for calling the debugger

Initiates an error in various ways – reading from address zero, dividing by 0, command UD2, INT1, INT3, code execution in the data section. In the main process and in an external DLL.

Test debuggers - screenshot

Source code (.asm) for building exe/dll 32/64 and creating fas-files for them.

Download “test_debug_20220820.rar” – 5 KBVersion 1, 2022-08-20