x64dbg

There is a comamnds to get mnemonic of instructions (dis.mnemonic(addr)). Now,I wanna get operands of instructions, such as: "ebp" in "push ebp". How to get them?

I wanna use UrlDownloadToFileA in my patch. After I patch the the code and restart the PE, the <call UrlDownloadToFileA> always changes to <call some wired address>. I compared the patch and the source call function, they are different as that in the pictures: call <JMP.&URLDownloadToFileA> (source) call <urlmon.URLDownloadToFileA> (patch) How to make the patch instruction same as the source?

我是逆向分析新手，刚学到一个新技巧，跟大家分享一下。 PS： 我在研究逆向技术，但是困于中国大陆 看到我技术的朋友，如果感觉我的技术还不错，可以与我交流 如果可以帮助我移民，将不胜感激

Hello guys. the command `bphws $abc, 'r'` puts a hardware breakpoint on execute. But, what i want to do via command is to `breakpoint > on acces > dword`. You know you can do this right click on **DUMP** window and select `breakpoint > on access > dword`. I have searched: Google x64dbg documentation tuts4you forums Unfortunately i couldn't find a way to do that. Did i miss something? P.S I need this because i am writing a script. Thank you :)

I am trying to figure out which instruction writes to a certain memory address, but whatever I try, I end up with no result. I know for a fact that the contents stored at this memory address is changed during the execution of my binary. Could anyone push me in the right direction what to do here?

after edit target in xdbg64 and click to Patch ,when want to save patch ,not save patch. use latest version of xdbg but I don't know why have this problem!

This will explain the way to run a main Script From GUI of x64dbgScript, and sub Script from BP dialog box command. you can find a sample at the main link of the x64dbgScript at GitHub https://github.com/Ahmadmansoor/x64d...ee/main/Sample tut

Export Functions Comments Labels from IDA inside x64dbg using x64dbgScript plugins you can find codes at : https://github.com/Ahmadmansoor/x64dbgScript tut link: https://www.youtube.com/watch?v=TbbBPPh-vf4

Hi there ! I want to know how to find string references in x64dbg as Olly does : it finds every string references I need when I open Memory map window, then rightclick on "Search" and then I enter the word I wanna search. How to get the same result with x64dbg ? I'm sure it is possible but I don't know how to do it.

How to clear previous brakpoints? Clear DB not doing job!!! Even i clear DB when i reload the EXE breakpoints remains - Hot to reload exe WO any modification ? Thansk Any idea

i need help. i cant debug or run program because noti i use thrid-party

Hi to all, i'm new of reverse eng.... i start to reverse two or three small easy program to learn how to do it! load program in ollydbg, press F9 to go exactly in .exe module..., search of error string and put a BP on address run program that stop at BP... and then go backward to find a test... i change it , save and check.. wont work or fix pc... someone can explain me? thanx !😊 PS: now i have another prog that recognise ollydbg and wont start.....😡

Hello, I'm writing a code cave in the .text section I want to use a counter / variable and am using a location at the end of the .data section (which is writable) However when the code re-runs, while all the addresses in .text section are updating to take account of ASLR. The instruction that references the location in the .data section doesn't update the address location. Here is an example mov eax,dword ptr ds:[1E7EFF0] While the underlying relative address is unchanged, I need the absolute address to update each time the program is loaded. Is there a way that I can do this or do I need to use something like VirtualProtect and allocat…

Hi. I don't know if is the right section for this. My -quick- question is, if there is a plugin or script, that i'm missing, which allows to rename variables in x64dbg. -Thanks!

Hello, I'm trying to follow Challenge Lab09-01.exe from Practical Malware Analysis book challenges and can't find how I can pass command line argument to program with x32dbg, similarly on how this is written for Olly. Can you please help? This is how this is recommended to do in Olly:

just a try to add more feature's to x64dbg script system History Section: - version 2.0: 1-all numbers are hex numbers. 2-more nested in arguments. 3-Build bridge to make plugin system Compatible with x64dbg script system. 4-create parallel Functions to x64dbg Functions, like ( cmp >> cmpx ). 5-rename new name (Varx Getx Setx) and fix array index entry. 6-add VarxClear ( clear all variable to help user in test's ) , memdump with print style. - version 1.6: 1- add Parser system to recognize arguments. 2- begin build Script system. 3- add more Helper Functions. - version 1.4: 1- make StrCompx in separate Thread and add Sleep time to wait x6…

Hello Like the title says, is there an alternative "Analyze This" plugin for x64dbg ? Thanks

I did update to x64dbg then these characters seem to have a problem with all characters corrupt as seen in the picture but what? https://prnt.sc/118j59v I did an upload again here:https://sourceforge.net/projects/x64dbg/files/snapshots/ the problem continues.

Strings plugin for x64dbg. Download: https://github.com/horsicq/stringsx64dbg/releases Sources: https://github.com/horsicq/stringsx64dbg/ More Info: http://n10info.blogspot.com/2019/03/strings-plugin-for-x64dbg.html

hi all i googled but i couldn't find appropriate commands. here is what i want to do: find all intermodular calls. put bp on all. run the script which itself resumes the process and removes any bp that is hit. then i stop the script when all unwanted BPs are removed.

Hi, How to set condition expression to pause when special cmd meets? Ollydbg has a feature, which called "Command is one of" condition expression in "Condition to pause run trace" panel. Have searched expressions at x64_dbg introduction paper, but not found a proper solution. So I am wandering if there is any expression in x64_dbg which I do'n't know. Hoping someone could provide any idea about this problem.

Came across these Stylesheets and thought i would share, these are not created by me but look better than the cream, there are 10 different versions for most taste's, here's a sample of them h"""s://github.com/x64dbg/x64dbg/wiki/Stylesheets

Hello, I had Windows 7 x64 that worked well with SharpOD x64 and x32dbg, but now I have Windows 7 32-Bit. What is the equivalent of my previous configuration for a 32-bit Windows 7? TIA.

How can I set a breakpoint for a button click or input field in x64dbg?

is there a chance for x64dbg to support debugging of UWP applications? Only windbg seems to support these so far. 😞