x64dbg
An open-source x64/x32 debugger for windows...
171 topics in this forum
-
Hi everyone, Maybe some of you heard it already, but Sigma and I are working on an x32/x64 debugger for Windows for a few months now... The debugger currently has the following features: variables, currently command-based only basic calculations, can be used in the goto window and in the register edit window. Example: var*@401000+(.45^4A) software breakpoints (INT3, LONG INT3, UD2), currently command-only (just type 'bp addr') hardware breakpoints (access, write, execute), also command-only stepping (over, into, out, n instructions), can be done with buttons/shortcuts memory allocation/deallocation inside the debuggee quick…
-
Weekly Digest
by mrexodia- 18 replies
- 19.3k views
The second weekly digest is up, check it out if you are interested in x64dbg development! http://x64dbg.com/blog/2016/09/04/weekly-digest-2.html
-
patches are not applied :(
by yovimi- 3 followers
- 5 replies
- 4.6k views
Hi, I have a program that is packed with vmp , when I run it and try to make any patch, the x64dbg writes to me that 0/2 patches have been applied , I know that this may be due to the fact that the program is packed and when unpacking it unpacks the exe that was originally packed 🤒
-
x64dbg plugin in delphi
by remek002- 1 follower
- 6 replies
- 10.4k views
I recently started playing with the Delphi language and decided to create a little x64dbg plugin that will add a calculator and a notepad in x64dbg. Since @quygia128 made x64_dbg-PluginSDK and the CleanupEx plugin, I decided to go with x64_dbg-PluginSDK. Due to the fact that x64_dbg-PluginSDK lacks a few functions, because the last update was in 2014 and for this reason there were some functions missing in the code, e.g. you cannot add icons, menu in disassembly, HexDump etc... I tried to compile the plugin with DELPHI x96dbg Plugins SDK, but the plugin does not work, i.e. x64dbg crashed. Then I decided to update x64_dbg-PluginSDK and add the missing f…
-
- 1 follower
- 4 replies
- 2.6k views
-
- 3 followers
- 12 replies
- 5.7k views
Hello, has something changed during past 4 years? In Olly a was using this feature often and now I am looking something similar in x64/x32dbg
-
x64dbg Today Plugin (x86 & x64)
by fearless- 2 followers
- 3 replies
- 7.3k views
You sir!, you look like a gullible fool... - I mean an enlightened cretin. Do you find yourself tired from reversing? Don't understand low level assembler? Having trouble decrypting encrypted stuff? Then look no further, this miracle plugin is for you good sir! Yes, indeed, this is the remedy that you need! With this you will be able to decrypt the toughest of encryptions with ease. You will be able brute force in a blink of the eye, and crack the most uncrackable programs, and write the best looking code - without comments. Women will be impressed with you, and you will gain the respect of your peers and colleagues instantly. You will understand …
-
.thumb.jpeg.2543d876893bc4a3f440e4ab77c7e3f0.jpeg)
SharpOd plugins
by Oliver- 1 follower
- 1 reply
- 19.8k views
Hi all, I installed 32bit windows but now sharpod plugin not showing in xdbg any solution for that? Thanks in advance.
-
x64dbgScript
by ahmadmansoor- 3 followers
- 7 replies
- 7.2k views
This is just a x64dbg script system support. old AdvancedScript was bugsy and its idea was very bad. so I recode the system again in a new way, I hope all will like it. x64dbgScript
-
what are those that x64dbg equivalence to ollydbg command sequences search?
by The Binary Expert- 2 followers
- 10 replies
- 3.2k views
mov r32,[r32] cmp [r32],r32 pushfd if i use ollydbg, i can use above syntax to find all matches. however, when using x64dbg, what should i do to find all matches of command sequences? sean.
-
Bookmark Plugin for x64dbg
by minh- 9 replies
- 2.8k views
-
.thumb.jpg.7edf9dcd4abb6fe05665ffafec05e064.jpg)
i need help in x64dbg
by MR.Med.Ali- 1 follower
- 1 reply
- 2.3k views
Hello I need help getting the origins (the call) of this "lea" instruction using x64dbg thanks when i try to find the reference using the address i get nothing
-
- 1 follower
- 6 replies
- 2.8k views
Hello, I'd like to know if it's possible to programmatically configure the debugger to ignore execptions. What I'd like to achieve is this configuration: I couldn't find any script cmds to configure this aspect of the debugger. Is this even possible? Thanks a lot, Luca
-
- 1 reply
- 2k views
I wanna write a plugin that can retrieve some information of sections of certain module. I can fill the ModuleInfo structure, but the structure doesn't contains sections member. How could I get sections' name, base address of certain module? Thank you! Script::Module::ModuleInfo moduleInfo; Script::Module::InfoFromAddr(modules[i].base, &moduleInfo);
-
- 2 followers
- 2 replies
- 2.9k views
Hi all, I'm trying to use the findall (or better yet, findallmem) command in x64dbg to find all the address matching a pattern. The command is documented here: https://help.x64dbg.com/en/latest/commands/searching/findall.html I see that $result now contains the number of occurences, so the pattern was found (multiple times). Now, this might sound like a silly question (sorry if it is), but how can I actually get the relevant addresses where the pattern was found? 😅 if i use the find command, the relevant address is stored in $result. Where are the addresses stored in the case of findall? Thanks a lot, Luca
-
x64dbg Plugin Manager
by hors- 1 follower
- 7 replies
- 12.1k views
Console example x64plgmnrc.exe -G "C:\x64dbg_root" // Set root path for x64dbg x64plgmnrc.exe -U // Update list from server x64plgmnrc.exe -S // Show list of plugins x64plgmnrc.exe -i x64core // Install last version of x64dbg x64plgmnrc.exe -i AdvancedScript // install AdvancedScript https://github.com/horsicq/x64dbg-Plugin-Manager
-
DbgXrefGet not work
by minh- 1 reply
- 2.3k views
I wanna write a plugin in which DbgXrefGet is used, but it didn't work. Below is my code: XREF_INFO xref_info; DbgXrefGet(eip, &xref_info); for (int i = 0; i < xref_info.refcount; i++) { _plugin_logprintf("XREF Address: %d\n", xref_info.references[i].addr); } and the xref_info.refcount equals to 0 all the time
-
- 2 replies
- 2.7k views
I am trying to change the aspect ratio of an older 32-bit game from 4:3 to 16:9. I have already successfully changed the game's resolution to 4k (3840x2160) (hex - 00 0F 70 08) which is stored in the game's save game file (not the executable). However, there's no aspect ratio information stored in this same save game file. Hence, I am looking for it within the game's executable. When searching for AB AA AA 3F (4/3 = 1.3333333) using a hex editor I am able to find one match. Changing it to 39 8E E3 3F (16/9 = 1.7777777) does not change the aspect ratio however. It's because I have found that this one match in the entire executable is actually the game's FOV and not th…
-
Address of String references
by 0xsubd- 0 replies
- 2.3k views
Hi, I use hors' String plugin for x64dbg, but I can't locate the actual string using it's address and go to that address. How to do it correctly? Thanks
-
Introduction to x64dbg scripting
by minh- 2 followers
- 6 replies
- 3.7k views
Hi, everyone, I am recording a series of videos that I know about x64dbg. If you are interested in the x64dbg scritping (not just for unpacking), welcome to watch my YouTube:
-
module base
by PeterN- 1 follower
- 8 replies
- 5k views
According to the official documentation the following command should return Loaded module base. But in some cases/modules it does not work.
-
Setting breakpoints
by Kivanc- 1 reply
- 3k views
I wonder if there is a method to set a breakpoint on every conditional state (ect... test eax, eax) in x64dbg? Thank you so much...
-
Get Operands through commands
by minh- 2 replies
- 3.2k views
There is a comamnds to get mnemonic of instructions (dis.mnemonic(addr)). Now,I wanna get operands of instructions, such as: "ebp" in "push ebp". How to get them?
-
Using dll function in patch
by minh- 1 follower
- 2 replies
- 3k views
I wanna use UrlDownloadToFileA in my patch. After I patch the the code and restart the PE, the <call UrlDownloadToFileA> always changes to <call some wired address>. I compared the patch and the source call function, they are different as that in the pictures: call <JMP.&URLDownloadToFileA> (source) call <urlmon.URLDownloadToFileA> (patch) How to make the patch instruction same as the source?
-
OEP finding methods
by albert johnson- 1 follower
- 6 replies
- 5k views
我是逆向分析新手,刚学到一个新技巧,跟大家分享一下。 PS: 我在研究逆向技术,但是困于中国大陆 看到我技术的朋友,如果感觉我的技术还不错,可以与我交流 如果可以帮助我移民,将不胜感激
