x64dbg
An open-source x64/x32 debugger for windows...
171 topics in this forum
-
Hi everyone, Maybe some of you heard it already, but Sigma and I are working on an x32/x64 debugger for Windows for a few months now... The debugger currently has the following features: variables, currently command-based only basic calculations, can be used in the goto window and in the register edit window. Example: var*@401000+(.45^4A) software breakpoints (INT3, LONG INT3, UD2), currently command-only (just type 'bp addr') hardware breakpoints (access, write, execute), also command-only stepping (over, into, out, n instructions), can be done with buttons/shortcuts memory allocation/deallocation inside the debuggee quick…
-
Weekly Digest
by mrexodia- 18 replies
- 16.8k views
The second weekly digest is up, check it out if you are interested in x64dbg development! http://x64dbg.com/blog/2016/09/04/weekly-digest-2.html
-
- 1 follower
- 7 replies
- 827 views
help with unpacking the file protected by the protector4j protector UNPACK protector4j download file unpack.jar
-
- 2 followers
- 10 replies
- 1.6k views
mov r32,[r32] cmp [r32],r32 pushfd if i use ollydbg, i can use above syntax to find all matches. however, when using x64dbg, what should i do to find all matches of command sequences? sean.
-
Bookmark Plugin for x64dbg
by minh- 9 replies
- 1.5k views
-
.thumb.jpg.7edf9dcd4abb6fe05665ffafec05e064.jpg)
i need help in x64dbg
by MR.Med.Ali- 1 follower
- 1 reply
- 807 views
Hello I need help getting the origins (the call) of this "lea" instruction using x64dbg thanks when i try to find the reference using the address i get nothing
-
- 1 follower
- 6 replies
- 1.5k views
Hello, I'd like to know if it's possible to programmatically configure the debugger to ignore execptions. What I'd like to achieve is this configuration: I couldn't find any script cmds to configure this aspect of the debugger. Is this even possible? Thanks a lot, Luca
-
- 3 replies
- 1.3k views
-
- 1 reply
- 1k views
I wanna write a plugin that can retrieve some information of sections of certain module. I can fill the ModuleInfo structure, but the structure doesn't contains sections member. How could I get sections' name, base address of certain module? Thank you! Script::Module::ModuleInfo moduleInfo; Script::Module::InfoFromAddr(modules[i].base, &moduleInfo);
-
- 2 followers
- 2 replies
- 1.5k views
Hi all, I'm trying to use the findall (or better yet, findallmem) command in x64dbg to find all the address matching a pattern. The command is documented here: https://help.x64dbg.com/en/latest/commands/searching/findall.html I see that $result now contains the number of occurences, so the pattern was found (multiple times). Now, this might sound like a silly question (sorry if it is), but how can I actually get the relevant addresses where the pattern was found? 😅 if i use the find command, the relevant address is stored in $result. Where are the addresses stored in the case of findall? Thanks a lot, Luca
-
x64dbg Plugin Manager
by hors- 1 follower
- 7 replies
- 10.9k views
Console example x64plgmnrc.exe -G "C:\x64dbg_root" // Set root path for x64dbg x64plgmnrc.exe -U // Update list from server x64plgmnrc.exe -S // Show list of plugins x64plgmnrc.exe -i x64core // Install last version of x64dbg x64plgmnrc.exe -i AdvancedScript // install AdvancedScript https://github.com/horsicq/x64dbg-Plugin-Manager
-
DbgXrefGet not work
by minh- 1 reply
- 1.3k views
I wanna write a plugin in which DbgXrefGet is used, but it didn't work. Below is my code: XREF_INFO xref_info; DbgXrefGet(eip, &xref_info); for (int i = 0; i < xref_info.refcount; i++) { _plugin_logprintf("XREF Address: %d\n", xref_info.references[i].addr); } and the xref_info.refcount equals to 0 all the time
-
- 2 replies
- 1.4k views
I am trying to change the aspect ratio of an older 32-bit game from 4:3 to 16:9. I have already successfully changed the game's resolution to 4k (3840x2160) (hex - 00 0F 70 08) which is stored in the game's save game file (not the executable). However, there's no aspect ratio information stored in this same save game file. Hence, I am looking for it within the game's executable. When searching for AB AA AA 3F (4/3 = 1.3333333) using a hex editor I am able to find one match. Changing it to 39 8E E3 3F (16/9 = 1.7777777) does not change the aspect ratio however. It's because I have found that this one match in the entire executable is actually the game's FOV and not th…
-
Address of String references
by 0xsubd- 0 replies
- 1.4k views
Hi, I use hors' String plugin for x64dbg, but I can't locate the actual string using it's address and go to that address. How to do it correctly? Thanks
-
Introduction to x64dbg scripting
by minh- 2 followers
- 6 replies
- 2.3k views
Hi, everyone, I am recording a series of videos that I know about x64dbg. If you are interested in the x64dbg scritping (not just for unpacking), welcome to watch my YouTube:
-
module base
by PeterN- 1 follower
- 8 replies
- 2k views
According to the official documentation the following command should return Loaded module base. But in some cases/modules it does not work.
-
Setting breakpoints
by Kivanc- 1 reply
- 1.9k views
I wonder if there is a method to set a breakpoint on every conditional state (ect... test eax, eax) in x64dbg? Thank you so much...
-
Get Operands through commands
by minh- 2 replies
- 2k views
There is a comamnds to get mnemonic of instructions (dis.mnemonic(addr)). Now,I wanna get operands of instructions, such as: "ebp" in "push ebp". How to get them?
-
Using dll function in patch
by minh- 1 follower
- 2 replies
- 2k views
I wanna use UrlDownloadToFileA in my patch. After I patch the the code and restart the PE, the <call UrlDownloadToFileA> always changes to <call some wired address>. I compared the patch and the source call function, they are different as that in the pictures: call <JMP.&URLDownloadToFileA> (source) call <urlmon.URLDownloadToFileA> (patch) How to make the patch instruction same as the source?
-
OEP finding methods
by albert johnson- 1 follower
- 6 replies
- 3.4k views
我是逆向分析新手,刚学到一个新技巧,跟大家分享一下。 PS: 我在研究逆向技术,但是困于中国大陆 看到我技术的朋友,如果感觉我的技术还不错,可以与我交流 如果可以帮助我移民,将不胜感激
-
x64dbg command for "Breakpoint > on Access> Dword"
by Darth Blue- 3 replies
- 3.8k views
Hello guys. the command `bphws $abc, 'r'` puts a hardware breakpoint on execute. But, what i want to do via command is to `breakpoint > on acces > dword`. You know you can do this right click on **DUMP** window and select `breakpoint > on access > dword`. I have searched: Google x64dbg documentation tuts4you forums Unfortunately i couldn't find a way to do that. Did i miss something? P.S I need this because i am writing a script. Thank you :)
-
- 1 follower
- 3 replies
- 2.2k views
I am trying to figure out which instruction writes to a certain memory address, but whatever I try, I end up with no result. I know for a fact that the contents stored at this memory address is changed during the execution of my binary. Could anyone push me in the right direction what to do here?
-
x64dbg plugin in delphi
by remek002- 4 replies
- 3.7k views
I recently started playing with the Delphi language and decided to create a little x64dbg plugin that will add a calculator and a notepad in x64dbg. Since @quygia128 made x64_dbg-PluginSDK and the CleanupEx plugin, I decided to go with x64_dbg-PluginSDK. Due to the fact that x64_dbg-PluginSDK lacks a few functions, because the last update was in 2014 and for this reason there were some functions missing in the code, e.g. you cannot add icons, menu in disassembly, HexDump etc... I tried to compile the plugin with DELPHI x96dbg Plugins SDK, but the plugin does not work, i.e. x64dbg crashed. Then I decided to update x64_dbg-PluginSDK and add the missing f…
-
x64dbgScript
by ahmadmansoor- 3 followers
- 6 replies
- 4.4k views
This is just a x64dbg script system support. old AdvancedScript was bugsy and its idea was very bad. so I recode the system again in a new way, I hope all will like it. x64dbgScript
-
Save Patch file problem in xdbg
by Louatamvik- 2 followers
- 4 replies
- 4.4k views
after edit target in xdbg64 and click to Patch ,when want to save patch ,not save patch. use latest version of xdbg but I don't know why have this problem!
