x64dbg
An open-source x64/x32 debugger for windows...
171 topics in this forum
-
Weekly Digest
by mrexodia- 18 replies
- 17.4k views
The second weekly digest is up, check it out if you are interested in x64dbg development! http://x64dbg.com/blog/2016/09/04/weekly-digest-2.html
-
Hi everyone, Maybe some of you heard it already, but Sigma and I are working on an x32/x64 debugger for Windows for a few months now... The debugger currently has the following features: variables, currently command-based only basic calculations, can be used in the goto window and in the register edit window. Example: var*@401000+(.45^4A) software breakpoints (INT3, LONG INT3, UD2), currently command-only (just type 'bp addr') hardware breakpoints (access, write, execute), also command-only stepping (over, into, out, n instructions), can be done with buttons/shortcuts memory allocation/deallocation inside the debuggee quick…
-
"Check for Updates" problem
by alorent- 0 replies
- 5.4k views
Hi, I'm not sure if there is a problem or I have to set up a specific option in x64dbg to auto-update from the User Interface. When I click on the "Check for updates" button, I get the following error: --------------------------- Network Error! --------------------------- Error creating SSL context () --------------------------- OK --------------------------- I'm using snapshot "Nov 2 2016" but the same error appears with previous snapshots. Of course, I have checked that I have internet connection and no firewall is active. Any help is appreciated. Thanks!
-
"Run to user code" not working?
by MarkJoy- 6 replies
- 7.1k views
Hello there, 1. Is it me or the "Run to user code" not working? It seems that I could not make x64dbg pause at user code. Is it a bug? 2. Could you comment out the "SetForegroundWindow" in cbStep()? I have a plugin which is a dialogbox that has 2 button "Run" and "Pause". When it is in running mode, it continuously calls "eSingleStep", SetForegroundWindow in cbStep() is called and makes the main window form active. Since then I could not press the "Pause" button on my dialogbox because the main window is always active and the dialogbox is always inactive. Thank you.
-
- 1 reply
- 6.2k views
Been running with this problem lately, don't know what seems to be causing it. And that's for every single x64. Q: Are you using the latest snapshot build? A: Yes
-
- 0 replies
- 5.7k views
What it does It' simply shows in the hex dump the second section in the hex dump at startup (it's not a hell of a feature and this is my first plugin/c++ project) How it works the plugin wait for the fisrt PAUSDEBUG event, gets the base address of main module, read the second section RVA from the header using DbgMemRead Update the plugin will look for the first writable section and show it in dump, if none is found it shows the second section Download https://github.com/cobrce/DataDump/releases/ p.s : if there is a simpler way to do its work please tell me
-
- 3 replies
- 5.6k views
Solution Like Mr. Exodia said: 1. Never clone the repo from browser, it will always miss the important files. 2. Don't use svn ether, sometimes the project may be a little outdated. copying the old Zydis wrapper folder actually worked out for me. 3. Always go with the ever trusted Git. Hello Guys, I would like to request a detailed instruction, perhaps a video tut on how to build the latest repository of x64DBG using visual studio 2013 (2017preferable). I have tried it so many times that I don't care anymore bothering you guys for this. Also I would like to share this down-loader script to get the necessary files real quick. Cloning t…
-
- 4 replies
- 9.8k views
Real Solution from Mr.Exodia himself: You don't have to look any further, that's how awesome Mr. Exodia is. Hello Guys, I was wondering if you guys could point me to a pattern search similar to Yara pattern search (Eg. Pattern: 00 00 [5-6] ?? ?? FF) within X64DBG scripting, or may be someway to use that Yara pattern inside X64DBG scripting. Also is there by any chance could I set the $res1 to $res3 with subsequent search results (I mean $res = first result; $res1 = second result so on and so forth over a single pattern search). A way to get the results in an array, hope you got the idea. Why I need it perhaps you might ask; Well I was working o…
-
Ability to copy address, opcode, instruction, comment
by arturo1000- 3 replies
- 5.9k views
i will ask for the ability to copy address, opcode, instruction, comment or complete line that is very useful.
-
- 3 replies
- 7.4k views
dnam this works awesome, just debugged a target fast, it feels almost like in olly! (has all features now - i need) its also stable. really good job on this one and ScyllaHide plugin also works really good. one think i want to mention: you should add in the helpfile where to place the plugins, i had to ask cypher, because i wasnt able to get this easy solution to create Plugins folder and put ScyllaHide into that folder to get it working. happy reversing in 64bit flavour!
-
Adding patches via plugin
by HellSpider- 3 replies
- 6.4k views
Heya, I'm migrating over to x32dbg from olly 2.01. I wrote a plugin to aid me in decryption of certain internal strings of certain files. I use the code below as an example: unsigned char* data = new unsigned char[len]; if(DbgMemRead(sel.start, data, len)) { decrypt_data(data, len); DbgMemWrite(sel.start, data, len); _plugin_logprintf("[" PLUGIN_NAME "] Region decrypted"); } delete[] data; When I click on my menu to decrypt the currently selected region the result is completely fine. However, the issue is that x32dbg does not recognize the edited memory as being modified (like you would get using Ctrl+E). This means I see a blank screen in the patc…
-
Additions in CPU tab?
by Siarogak- 13 replies
- 7.5k views
Mr. eXoDia is it possible to make some additions in CPU tab? I think It will be very usefull to add option to make view like this
-
Address of String references
by 0xsubd- 0 replies
- 1.9k views
Hi, I use hors' String plugin for x64dbg, but I can't locate the actual string using it's address and go to that address. How to do it correctly? Thanks
-
AdvancedScript x64dbg Plugin
by ahmadmansoor- 2 followers
- 18 replies
- 20.7k views
just a try to add more feature's to x64dbg script system History Section: - version 2.0: 1-all numbers are hex numbers. 2-more nested in arguments. 3-Build bridge to make plugin system Compatible with x64dbg script system. 4-create parallel Functions to x64dbg Functions, like ( cmp >> cmpx ). 5-rename new name (Varx Getx Setx) and fix array index entry. 6-add VarxClear ( clear all variable to help user in test's ) , memdump with print style. - version 1.6: 1- add Parser system to recognize arguments. 2- begin build Script system. 3- add more Helper Functions. - version 1.4: 1- make StrCompx in separate Thread and add Sleep time to wait x6…
-
An Introduction to x64_dbg
by chessgod101- 21 replies
- 14.4k views
I just published a definitive tutorial for x64_dbg. It documents its settings and features and shows you how to use the tool to effectively debug a 64-bit application. This tutorial is aimed at beginners, but has some information that may be useful to more advanced reverse engineers. I hope you enjoy and feel free to ask any questions you may have. http://reverseengineeringtips.blogspot.com/2015/01/an-introduction-to-x64dbg.html
-
- 2 followers
- 0 replies
- 7k views
Hello, I had Windows 7 x64 that worked well with SharpOD x64 and x32dbg, but now I have Windows 7 32-Bit. What is the equivalent of my previous configuration for a 32-bit Windows 7? TIA.
-
asmjit encoding error: Invalid State
by nopunintendo- 1 reply
- 7.1k views
Hello, I'm very new to assembly/disassembly and x64dbg. I just picked it up because I need to patch an old version of Nvidia Screen Capture Service so that it doesn't automatically force-change my Twitch titles. Newer versions of this program do not do this, but the newer versions are also unusable for me. The old version works perfectly fine except for this oddity. So I've found the function call and the address I'd like to jump to, and while using XEDParse, I get this (seems good?): But while using asmjit I get this: My question is, what does "Invalid State" refer to? Is this a syntactical error on my part? Also, does it matter whic…
-
Assembly column in x64dbg's reference window
by tr4cefl0w- 2 replies
- 6.5k views
Hey guys, First of all, sorry if this question has already been answered. I looked up first but didn't find anything. So I'm pretty new to reversing and I went through a few of Lena's tutorials but I decided to go through once again using x64dbg this time. Near the end of part 4, it shows OllyDbg's reference window. There is a Disassembly column that shows where the instruction that pushes this string. There is no such thing in x64dbg so I was wondering if there was another method to do the same. Thanks!
-
AttachHelper plugin for x64dbg
by XeroNic (HS)- 4 replies
- 6.4k views
This plug-in automatically restores that "DbgBreakPoint", "DbgUiRemoteBreakin". x64dbg_AttachHelper.zip
-
Bookmark Plugin for x64dbg
by minh- 9 replies
- 2k views
-
Bug in Dump Windows
by Hellsp@wn- 2 replies
- 5.8k views
- bug in dump windows 1. start test.exe 2. break on WP 3. enter "dump 401000" 4. empty dump window 5. ok. only after scroll can see dump p.s. add "dump" command on right mouse button -> "Follow in dump"
-
Can't assemble jump to offset instructions.
by CodeExplorer- 1 reply
- 5.9k views
@Mr. eXoDia: I can't assemble jump to offset instructions. And very important could you add copy selected CPU instruction to clipboard (including address, opcode and mnemonic) In this way you could easy search for opcode and patch them with a hexedior!
-
Can't attach to system process
by Hellsp@wn- 2 replies
- 6.4k views
debug can't attach to system process please fix it.
-
Cant find module
by eychei- 0 replies
- 5.8k views
Hello everyone, im new her and do have a question. I did debug an executable and changed some code. When im trying to save the file an error pops up that the module name couldnt be read. Does anyone know why this is happening? I can send the file if someone wants to look at it. It seems to me that the changes I want to write are not in the executable but maybe in memory. Attached is the String im changing. I just want to noop the jmp command.
-
CeAutoAsm-x64dbg Plugin
by atom0s- 1 reply
- 7k views
Overview The CeAutoAsm plugin is a wrapper around a mini-project of mine, ceautoasm.dll. ceautoasm.dll is Cheat Engine's internal auto assembler ripped out into a standalone library that can be used pretty much anywhere in a Windows environment. ceautoasm.dll uses the latest Cheat Engine code base for its internal workings with as minimal changes to the original code as needed to make it work. Some features of the auto assembler and internals have been removed to limit file size and ease of use. Removed Features (General) All ARM / JNI / Unix / Mono features removed. All Lua features are removed. All driver/kernel level features removed.…