x64dbg
An open-source x64/x32 debugger for windows...
173 topics in this forum
-
Missing in ScyllaHide
by newhak- 2 replies
- 7.6k views
Hi, Whenever I use ScyllaHide in x64dbg an error that is "NT APIs missing" pop up so any help will be appreciated. I have NtApiCollection.ini but always a section is missing BTW, I downloaded pdb-getprocaddress but no idea whether I need to extract it to the plugins folder or do something else, namely how to use it to get the missing section. Thanks
-
CopyToAsm - x64dbg plugin
by fearless- 0 replies
- 5.5k views
A plugin to copy a selected disassembly range in the x64dbg cpu view tab and convert to a masm compatible style assembler code and output to clipboard or the reference view tab. Features Copy selected range to assembler style code. Outputs assembler code to clipboard or reference view. Adds labels for jump destinations. Adjusts jump instructions to point to added labels. Indicates if jump destinations are outside selection range. Code comments to indicate start/end and outside range. Options to adjust comments and label outputs. Format hex values as C style (0x) or Masm style. Registered commands: CopyToA…
-
olldbg x64 compare
by Neoarcanhell- 1 follower
- 2 replies
- 7.4k views
hello how are you introduce me my name is sebastian and I would like and know if you can help me with a problem like I could compare 2 files with olldbg and know which modified characters
-
x64dbg frequent crashdump
by Xjun- 1 reply
- 5.8k views
Hello author I use x64dbg recurrent crashes, most of the time it occurs when I reload the program, or when the program exits. Hope to solve this problem as soon as possible. Thank you for creating such a great debugger. thank ver much. x64 dbg minidump.7z video.7z
-
How to Auto "Hide debugger (PEB)" in xdbg
by Ali.Dbg- 1 reply
- 11.1k views
Hello Friends How to Auto "Hide debugger (PEB)" in xdbg? Always enable this option!!! Without clicking "Hide debugger (PEB)" menu item. Thanks
-
General ds question
by chickenmc- 1 reply
- 5.5k views
Hello, I am using x64dbg and would like to search for certain ds references. In the example image above I would like to search my executable for all ds:"NameID" references. It won't show up when I search for referenced strings, so how am I supposed to do that? Thanks!
-
- 0 replies
- 4.9k views
First of all, I would like to thank the person who developed this. Really, it is a good debugger. By the way, I think that memory area breakpoint API does not exist. I would appreciate it if you could make it. I am always thankful to you. SCRIPT_EXPORT bool SetBreakpoint(duint address); SCRIPT_EXPORT bool DeleteBreakpoint(duint address); SCRIPT_EXPORT bool DisableBreakpoint(duint address); SCRIPT_EXPORT bool SetHardwareBreakpoint(duint address, HardwareType type = HardwareExecute); SCRIPT_EXPORT bool DeleteHardwareBreakpoint(duint address); The existing functions are listed above, There is no function …
-
Find all references to an instruction (from call or jump)
by CodeExplorer- 1 reply
- 7.3k views
How can I find all references to an instruction (from call or jump): I only know about right click on instruction and "Find references to"->"Selected address(es) Ctrl+R", I also know about graph view, Is there any other way of doing that? Maybe what I search don't even exist!
-
CeAutoAsm-x64dbg Plugin
by atom0s- 1 reply
- 7.7k views
Overview The CeAutoAsm plugin is a wrapper around a mini-project of mine, ceautoasm.dll. ceautoasm.dll is Cheat Engine's internal auto assembler ripped out into a standalone library that can be used pretty much anywhere in a Windows environment. ceautoasm.dll uses the latest Cheat Engine code base for its internal workings with as minimal changes to the original code as needed to make it work. Some features of the auto assembler and internals have been removed to limit file size and ease of use. Removed Features (General) All ARM / JNI / Unix / Mono features removed. All Lua features are removed. All driver/kernel level features removed.…
-
Is it a bug ?
by opc0d3- 10 replies
- 17.9k views
Alter to graph. Same line different jumps. Should I open an issue ? Regards.
-
Resolve shortcut work bad!
by Xjun- 1 reply
- 5.3k views
I tried to load an lnk file, but the path with the Chinese language, x64dbg suggested File does not exist!
-
Flock, plugin for x64dbg
by Kurapica- 4 replies
- 5.3k views
The idea of this plugin is simple and was born out an agony I went through while using x64dbg with IDA simultaneously. It solves the problem of stealing the window focus from x64dbg to IDA, each time you single-step in the debugger, the sync plugin in x64dbg will send the sync info to IDA to show the current location and this makes IDA get the focus, very annoying when you are doing a quick single stepping ! This plugin simply restores the focus to the debugger, that's all. Flock_32_64.rar
-
Possible bug
by albesp77- 2 replies
- 11.3k views
On x86 version i'm unable to commit a push 12345678, only 7 cypher accepted! If you tell me how to see exact build i can reply to you!
-
x64dbg with plugins
by ONDragon- 1 reply
- 6.6k views
Who will share A x64dbg with some useful plugins for us.
-
x64dbg "ret-sync" plugin, Windows focus fix
by Kurapica- 3 replies
- 5.8k views
Just a quick fix for this plugin to prevent IDA from stealing focus from x64dbg window during stepping. I also added check marks to all the menu items to see which state is active.
-
VB program in x32dbg
by Aldhard Oswine- 2 replies
- 6.1k views
I'm trying to open VB program and getting following error: VB file is attached, it's from r4ndom's tutorial, works on olly and immunity CrackmeVB1.exe
-
Kernel driver unpacking with x64dbg
by mrexodia- 1 reply
- 6.5k views
A small blog post I wrote. Hope it's interesting! http://x64dbg.com/blog/2017/06/08/kernel-driver-unpacking.html
-
Assembly column in x64dbg's reference window
by tr4cefl0w- 2 replies
- 7.2k views
Hey guys, First of all, sorry if this question has already been answered. I looked up first but didn't find anything. So I'm pretty new to reversing and I went through a few of Lena's tutorials but I decided to go through once again using x64dbg this time. Near the end of part 4, it shows OllyDbg's reference window. There is a Disassembly column that shows where the instruction that pushes this string. There is no such thing in x64dbg so I was wondering if there was another method to do the same. Thanks!
-
DbgDisasmAt - Other Method
by Downpour- 6 replies
- 8.3k views
Hello, I'm currently working on a plugin for x32dbg and I was wondering if there is another way to disassemble a function where I can receive information like the opcode as char so I don't have to work with the char array to see what kind of instruction I'm dealing with. And I also want to know if there is a way to see if the argument from the DISASM_INSTR array is a register, pointer, memory value/constant or such also without dealing with the char array. Regards, Castor
-
Adding patches via plugin
by HellSpider- 3 replies
- 8k views
Heya, I'm migrating over to x32dbg from olly 2.01. I wrote a plugin to aid me in decryption of certain internal strings of certain files. I use the code below as an example: unsigned char* data = new unsigned char[len]; if(DbgMemRead(sel.start, data, len)) { decrypt_data(data, len); DbgMemWrite(sel.start, data, len); _plugin_logprintf("[" PLUGIN_NAME "] Region decrypted"); } delete[] data; When I click on my menu to decrypt the currently selected region the result is completely fine. However, the issue is that x32dbg does not recognize the edited memory as being modified (like you would get using Ctrl+E). This means I see a blank screen in the patc…
-
Writing plugins for x32dbg
by Aldhard Oswine- 3 replies
- 8.1k views
Thank you for such a great tool @mrexodia , I want to add some little specific feature to x32dbg, nothing important but still useful for me. I have the experience to write programs in python and C++, but have no idea how to create plugin for x32dbg, Is there any good instruction/tutorial about writing plugin for x32dbg?
-
Graph Analysis Zoom In/Out for large code analysis
by kittmaster- 2 replies
- 6.3k views
Is there any thought about possibly adding a zoom in and out to get an "aerial" view of the entire code section being graphed? The graph feature is very well executed, the only issues is the constant scrolling left and right because of the amount of jump sequences in a particular region I'm looking at. For small sections, zoom is clearly not needed, but with multiple jump points and multiple landing areas to the same call, it tends to create a lot of left to right scrolling for the draw creation. While I realize the assembly becomes unreadable the further out you zoom, you can still track the jump hierarchy (maybe with a "tooltip code eyeglass" for fast reference and…
-
Symbols tab > Executable Module Path Caller
by kittmaster- 3 replies
- 5.5k views
Love my Olly, but really diggin x64DBG. One question I can't seem to sort out. When you are in Olly, and your at the entry point, if you open the executable modules, you see your .exe. When you run it, you can see what dlls are being loaded and can ultimately sort by path location to see which dlls are in play. I can see all the dlls under symbols, but what is not seen is the path and caller of which dll from user vs system. Is there a way to track that? I can see it says "user" "system" "party" but It would be helpful when searching for APIs or strings when your looking for any given routine to know the caller path. Is this just not implemented or am…
-
Debugging a Plugin
by fred26- 6 replies
- 6.3k views
How can I debug a plugin? I can imagine that same way debugging a regular DLL ? Thanks
-
Plugin APIs
by fred26- 2 replies
- 16.3k views
I have been reading the documentation to implement some Debug API functions in a plugin. http://x64dbg.readthedocs.io/en/latest/developers/functions/debug/DbgDisasmAt.html I see a lot of functions, but where can I see the C/C++ prototypes or signature of each one ? Is this link still a working progress doc ? If so, that's fine but would like if someone can point some samples maybe where I can see the functions working. Thanks!
