x64dbg
An open-source x64/x32 debugger for windows...
172 topics in this forum
-
OEP finding methods
by albert johnson- 1 follower
- 6 replies
- 5.2k views
我是逆向分析新手,刚学到一个新技巧,跟大家分享一下。 PS: 我在研究逆向技术,但是困于中国大陆 看到我技术的朋友,如果感觉我的技术还不错,可以与我交流 如果可以帮助我移民,将不胜感激
-
x64dbg command for "Breakpoint > on Access> Dword"
by Darth Blue- 3 replies
- 5k views
Hello guys. the command `bphws $abc, 'r'` puts a hardware breakpoint on execute. But, what i want to do via command is to `breakpoint > on acces > dword`. You know you can do this right click on **DUMP** window and select `breakpoint > on access > dword`. I have searched: Google x64dbg documentation tuts4you forums Unfortunately i couldn't find a way to do that. Did i miss something? P.S I need this because i am writing a script. Thank you :)
-
- 1 follower
- 3 replies
- 3.5k views
I am trying to figure out which instruction writes to a certain memory address, but whatever I try, I end up with no result. I know for a fact that the contents stored at this memory address is changed during the execution of my binary. Could anyone push me in the right direction what to do here?
-
Save Patch file problem in xdbg
by Louatamvik- 2 followers
- 4 replies
- 6k views
after edit target in xdbg64 and click to Patch ,when want to save patch ,not save patch. use latest version of xdbg but I don't know why have this problem!
-
Post Use Global Variable too Run Multipal Script
by ahmadmansoor- 0 replies
- 3.9k views
This will explain the way to run a main Script From GUI of x64dbgScript, and sub Script from BP dialog box command. you can find a sample at the main link of the x64dbgScript at GitHub https://github.com/Ahmadmansoor/x64d...ee/main/Sample tut
-
Post Export Functions Comments Labels from IDA inside x64dbg
by ahmadmansoor- 0 replies
- 3k views
Export Functions Comments Labels from IDA inside x64dbg using x64dbgScript plugins you can find codes at : https://github.com/Ahmadmansoor/x64dbgScript tut link: https://www.youtube.com/watch?v=TbbBPPh-vf4
-
- 1 follower
- 1 reply
- 3.9k views
Hi there ! I want to know how to find string references in x64dbg as Olly does : it finds every string references I need when I open Memory map window, then rightclick on "Search" and then I enter the word I wanna search. How to get the same result with x64dbg ? I'm sure it is possible but I don't know how to do it.
-
- 1 follower
- 18 replies
- 4.9k views
How to clear previous brakpoints? Clear DB not doing job!!! Even i clear DB when i reload the EXE breakpoints remains - Hot to reload exe WO any modification ? Thansk Any idea
-
x64dbg i cant debug because error thrid-party
by LinhVietNam- 1 follower
- 1 reply
- 5.8k views
i need help. i cant debug or run program because noti i use thrid-party
-
help for a newbie...
by marco007- 1 follower
- 0 replies
- 4.9k views
Hi to all, i'm new of reverse eng.... i start to reverse two or three small easy program to learn how to do it! load program in ollydbg, press F9 to go exactly in .exe module..., search of error string and put a BP on address run program that stop at BP... and then go backward to find a test... i change it , save and check.. wont work or fix pc... someone can explain me? thanx !😊 PS: now i have another prog that recognise ollydbg and wont start.....😡
-
- 1 follower
- 1 reply
- 4.4k views
Hello, I'm writing a code cave in the .text section I want to use a counter / variable and am using a location at the end of the .data section (which is writable) However when the code re-runs, while all the addresses in .text section are updating to take account of ASLR. The instruction that references the location in the .data section doesn't update the address location. Here is an example mov eax,dword ptr ds:[1E7EFF0] While the underlying relative address is unchanged, I need the absolute address to update each time the program is loaded. Is there a way that I can do this or do I need to use something like VirtualProtect and allocat…
-
.thumb.png.cfc7dc425268a21515a347365339e83e.png)
Renaming variables in x64dbg
by amateur- 2 followers
- 0 replies
- 5.2k views
Hi. I don't know if is the right section for this. My -quick- question is, if there is a plugin or script, that i'm missing, which allows to rename variables in x64dbg. -Thanks!
-
- 1 follower
- 1 reply
- 5.5k views
Hello, I'm trying to follow Challenge Lab09-01.exe from Practical Malware Analysis book challenges and can't find how I can pass command line argument to program with x32dbg, similarly on how this is written for Olly. Can you please help? This is how this is recommended to do in Olly:
-
AdvancedScript x64dbg Plugin
by ahmadmansoor- 3 followers
- 18 replies
- 21.9k views
just a try to add more feature's to x64dbg script system History Section: - version 2.0: 1-all numbers are hex numbers. 2-more nested in arguments. 3-Build bridge to make plugin system Compatible with x64dbg script system. 4-create parallel Functions to x64dbg Functions, like ( cmp >> cmpx ). 5-rename new name (Varx Getx Setx) and fix array index entry. 6-add VarxClear ( clear all variable to help user in test's ) , memdump with print style. - version 1.6: 1- add Parser system to recognize arguments. 2- begin build Script system. 3- add more Helper Functions. - version 1.4: 1- make StrCompx in separate Thread and add Sleep time to wait x6…
-
- 1 follower
- 0 replies
- 4.6k views
Hello Like the title says, is there an alternative "Analyze This" plugin for x64dbg ? Thanks
-
x64dbg character issues
by schoolboy- 1 reply
- 5.1k views
I did update to x64dbg then these characters seem to have a problem with all characters corrupt as seen in the picture but what? https://prnt.sc/118j59v I did an upload again here:https://sourceforge.net/projects/x64dbg/files/snapshots/ the problem continues.
-
Strings x64dbg plugin
by hors- 9 replies
- 11.8k views
Strings plugin for x64dbg. Download: https://github.com/horsicq/stringsx64dbg/releases Sources: https://github.com/horsicq/stringsx64dbg/ More Info: http://n10info.blogspot.com/2019/03/strings-plugin-for-x64dbg.html
-
help with x64dbg script
by abbas- 2 followers
- 2 replies
- 5.9k views
hi all i googled but i couldn't find appropriate commands. here is what i want to do: find all intermodular calls. put bp on all. run the script which itself resumes the process and removes any bp that is hit. then i stop the script when all unwanted BPs are removed.
-
- 1 reply
- 7.2k views
Hi, How to set condition expression to pause when special cmd meets? Ollydbg has a feature, which called "Command is one of" condition expression in "Condition to pause run trace" panel. Have searched expressions at x64_dbg introduction paper, but not found a proper solution. So I am wandering if there is any expression in x64_dbg which I do'n't know. Hoping someone could provide any idea about this problem.
-
x64dbg Stylesheets
by H1TC43R- 0 replies
- 5.6k views
Came across these Stylesheets and thought i would share, these are not created by me but look better than the cream, there are 10 different versions for most taste's, here's a sample of them h"""s://github.com/x64dbg/x64dbg/wiki/Stylesheets
-
- 2 followers
- 0 replies
- 7.3k views
Hello, I had Windows 7 x64 that worked well with SharpOD x64 and x32dbg, but now I have Windows 7 32-Bit. What is the equivalent of my previous configuration for a 32-bit Windows 7? TIA.
-
Set a breakpoint for a visual element in x64dbg
by Aldhard Oswine- 2 followers
- 7 replies
- 14.4k views
How can I set a breakpoint for a button click or input field in x64dbg?
-
x64dbg and UWP
by JustAGuy- 1 reply
- 11.4k views
is there a chance for x64dbg to support debugging of UWP applications? Only windbg seems to support these so far. 😞
-
How to switch between windows
by schoolboy- 3 replies
- 6k views
I couldn't find an argument to jump to the breakpoint window. https://help.x64dbg.com/en/latest/commands/script/index.html bpd bphd bpmd find cip, "00 00 00 00" cmp $result, 0 je error bp $result cmt $result,"OEP" //d //--> If I make "d" here, it goes to the Cpu window. Is there a parameter to jump to the breakpoint window like this? msg "Please switch to breakpoint window" ret error: msg "Pattern not found!" ret
-
Problem with mapping x32dbg
by Euclidyr- 2 replies
- 5.6k views
Hello guys, i am very new to this reverse engineering. I will try to explain my problem. After i tried unpacking a dll, i have a problem of mapping some relative addresses. My imagebase is 0x10000000. Everytime i loaded the dll into memory, the base address changes. As shown in the pictures below, the addresses behind CALL and JUMP instructions are changed accordingly. But the addresses after PUSH or after dword ptr data segment, seem to remain unchanged. My question is how can I fix this problem? and what do u refer this problem as? Im grateful for all of you who can enlighten me... thank you guys!
