x64dbg

Hi everyone, Maybe some of you heard it already, but Sigma and I are working on an x32/x64 debugger for Windows for a few months now... The debugger currently has the following features: variables, currently command-based only basic calculations, can be used in the goto window and in the register edit window. Example: var*@401000+(.45^4A) software breakpoints (INT3, LONG INT3, UD2), currently command-only (just type 'bp addr') hardware breakpoints (access, write, execute), also command-only stepping (over, into, out, n instructions), can be done with buttons/shortcuts memory allocation/deallocation inside the debuggee quick…

The second weekly digest is up, check it out if you are interested in x64dbg development! http://x64dbg.com/blog/2016/09/04/weekly-digest-2.html

У меня есть скомпилированный проект на Python с Themida. Я хочу, чтобы кто-то помог мне сначала удалить или обойти защиту Themida, чтобы я мог выгрузить исполняемый файл или извлечь код. Кроме того, я хочу обойти проверку HWID (идентификатор оборудования), но я не думаю, что возможно обойти систему HWID без предварительного удаления или обхода Themida. I have a compiled project in Python with Themida. I want someone to help me first delete or bypass Themida protection so I can unload the executable file or remove the code. Also, I want to bypass the HWID (employment identifier), but I don’t think it’s possible to bypass the HWID system without prior removal or bypass…

Can anyone share shadows version of x64dbg I have the standard version (vanilla) with scyllahide plugin but The enigma i work at always detect the debuger so maybe shadow version of x64dbg will solve this problem thank you all

Hello guys, hope everyone is doing well. i've a question about x64dbgida plugin i really looked up on the net about tutorials how to use this plugin but i didn't find any information about it . so Please i need your help thank you in advance.

Hi, I have a program that is packed with vmp , when I run it and try to make any patch, the x64dbg writes to me that 0/2 patches have been applied , I know that this may be due to the fact that the program is packed and when unpacking it unpacks the exe that was originally packed 🤒

I recently started playing with the Delphi language and decided to create a little x64dbg plugin that will add a calculator and a notepad in x64dbg. Since @quygia128 made x64_dbg-PluginSDK and the CleanupEx plugin, I decided to go with x64_dbg-PluginSDK. Due to the fact that x64_dbg-PluginSDK lacks a few functions, because the last update was in 2014 and for this reason there were some functions missing in the code, e.g. you cannot add icons, menu in disassembly, HexDump etc... I tried to compile the plugin with DELPHI x96dbg Plugins SDK, but the plugin does not work, i.e. x64dbg crashed. Then I decided to update x64_dbg-PluginSDK and add the missing f…

Hello, has something changed during past 4 years? In Olly a was using this feature often and now I am looking something similar in x64/x32dbg

You sir!, you look like a gullible fool... - I mean an enlightened cretin. Do you find yourself tired from reversing? Don't understand low level assembler? Having trouble decrypting encrypted stuff? Then look no further, this miracle plugin is for you good sir! Yes, indeed, this is the remedy that you need! With this you will be able to decrypt the toughest of encryptions with ease. You will be able brute force in a blink of the eye, and crack the most uncrackable programs, and write the best looking code - without comments. Women will be impressed with you, and you will gain the respect of your peers and colleagues instantly. You will understand …

Hi all, I installed 32bit windows but now sharpod plugin not showing in xdbg any solution for that? Thanks in advance.

This is just a x64dbg script system support. old AdvancedScript was bugsy and its idea was very bad. so I recode the system again in a new way, I hope all will like it. x64dbgScript

mov r32,[r32] cmp [r32],r32 pushfd if i use ollydbg, i can use above syntax to find all matches. however, when using x64dbg, what should i do to find all matches of command sequences? sean.

Hello I need help getting the origins (the call) of this "lea" instruction using x64dbg thanks when i try to find the reference using the address i get nothing

Hello, I'd like to know if it's possible to programmatically configure the debugger to ignore execptions. What I'd like to achieve is this configuration: I couldn't find any script cmds to configure this aspect of the debugger. Is this even possible? Thanks a lot, Luca

I wanna write a plugin that can retrieve some information of sections of certain module. I can fill the ModuleInfo structure, but the structure doesn't contains sections member. How could I get sections' name, base address of certain module? Thank you! Script::Module::ModuleInfo moduleInfo; Script::Module::InfoFromAddr(modules[i].base, &moduleInfo);

Hi all, I'm trying to use the findall (or better yet, findallmem) command in x64dbg to find all the address matching a pattern. The command is documented here: https://help.x64dbg.com/en/latest/commands/searching/findall.html I see that $result now contains the number of occurences, so the pattern was found (multiple times). Now, this might sound like a silly question (sorry if it is), but how can I actually get the relevant addresses where the pattern was found? 😅 if i use the find command, the relevant address is stored in $result. Where are the addresses stored in the case of findall? Thanks a lot, Luca

Console example x64plgmnrc.exe -G "C:\x64dbg_root" // Set root path for x64dbg x64plgmnrc.exe -U // Update list from server x64plgmnrc.exe -S // Show list of plugins x64plgmnrc.exe -i x64core // Install last version of x64dbg x64plgmnrc.exe -i AdvancedScript // install AdvancedScript https://github.com/horsicq/x64dbg-Plugin-Manager

I wanna write a plugin in which DbgXrefGet is used, but it didn't work. Below is my code: XREF_INFO xref_info; DbgXrefGet(eip, &xref_info); for (int i = 0; i < xref_info.refcount; i++) { _plugin_logprintf("XREF Address: %d\n", xref_info.references[i].addr); } and the xref_info.refcount equals to 0 all the time

I am trying to change the aspect ratio of an older 32-bit game from 4:3 to 16:9. I have already successfully changed the game's resolution to 4k (3840x2160) (hex - 00 0F 70 08) which is stored in the game's save game file (not the executable). However, there's no aspect ratio information stored in this same save game file. Hence, I am looking for it within the game's executable. When searching for AB AA AA 3F (4/3 = 1.3333333) using a hex editor I am able to find one match. Changing it to 39 8E E3 3F (16/9 = 1.7777777) does not change the aspect ratio however. It's because I have found that this one match in the entire executable is actually the game's FOV and not th…

Hi, I use hors' String plugin for x64dbg, but I can't locate the actual string using it's address and go to that address. How to do it correctly? Thanks

Hi, everyone, I am recording a series of videos that I know about x64dbg. If you are interested in the x64dbg scritping (not just for unpacking), welcome to watch my YouTube:

According to the official documentation the following command should return Loaded module base. But in some cases/modules it does not work.

I wonder if there is a method to set a breakpoint on every conditional state (ect... test eax, eax) in x64dbg? Thank you so much...