x64dbg

Compare two "runs" for different instructions

March 29, 2018 by musemap

0 replies
7.8k views

Hello, I have a software that takes an input and gives an output. I want to check what instructions are run for a "good" input and what extra instructions are used for a "bad" input so that I can have somewhere to look. What's the best way I can do this? Is there a plugin I can use? (Also might be related but, in this software the first and major module I see is just "ntdll" instead of the program itself which is what I'm used to. For example, as soon as I do anything in the program, one of the first instructions is `call ntdll` and then all the magic happens in there and I get an output. The only other piece of software that I reverse engineered (im a noob…

Last reply by musemap, March 29, 2018

Missing in ScyllaHide

March 5, 2018 by newhak

2 replies
7.8k views

Hi, Whenever I use ScyllaHide in x64dbg an error that is "NT APIs missing" pop up so any help will be appreciated. I have NtApiCollection.ini but always a section is missing BTW, I downloaded pdb-getprocaddress but no idea whether I need to extract it to the plugins folder or do something else, namely how to use it to get the missing section. Thanks

Last reply by newhak, March 6, 2018

CopyToAsm - x64dbg plugin

March 4, 2018 by fearless

0 replies
5.7k views

A plugin to copy a selected disassembly range in the x64dbg cpu view tab and convert to a masm compatible style assembler code and output to clipboard or the reference view tab. Features Copy selected range to assembler style code. Outputs assembler code to clipboard or reference view. Adds labels for jump destinations. Adjusts jump instructions to point to added labels. Indicates if jump destinations are outside selection range. Code comments to indicate start/end and outside range. Options to adjust comments and label outputs. Format hex values as C style (0x) or Masm style. Registered commands: CopyToA…

Last reply by fearless, March 4, 2018

olldbg x64 compare

December 10, 2017 by Neoarcanhell

1 follower
2 replies
7.5k views

hello how are you introduce me my name is sebastian and I would like and know if you can help me with a problem like I could compare 2 files with olldbg and know which modified characters

Last reply by Apuromafo, December 29, 2017

x64dbg frequent crashdump

December 26, 2017 by Xjun

1 reply
5.9k views

Hello author I use x64dbg recurrent crashes, most of the time it occurs when I reload the program, or when the program exits. Hope to solve this problem as soon as possible. Thank you for creating such a great debugger. thank ver much. x64 dbg minidump.7z video.7z

Last reply by Apuromafo, December 29, 2017

How to Auto "Hide debugger (PEB)" in xdbg

December 1, 2017 by Ali.Dbg

1 reply
11.3k views

Hello Friends How to Auto "Hide debugger (PEB)" in xdbg? Always enable this option!!! Without clicking "Hide debugger (PEB)" menu item. Thanks

Last reply by mrexodia, December 3, 2017

General ds question

November 19, 2017 by chickenmc

1 reply
5.7k views

Hello, I am using x64dbg and would like to search for certain ds references. In the example image above I would like to search my executable for all ds:"NameID" references. It won't show up when I search for referenced strings, so how am I supposed to do that? Thanks!

Last reply by h4sh3m, November 19, 2017

x64dbg-python no memory area r/w breakpoint api

November 12, 2017 by Gegul

0 replies
5.1k views

First of all, I would like to thank the person who developed this. Really, it is a good debugger. By the way, I think that memory area breakpoint API does not exist. I would appreciate it if you could make it. I am always thankful to you. SCRIPT_EXPORT bool SetBreakpoint(duint address); SCRIPT_EXPORT bool DeleteBreakpoint(duint address); SCRIPT_EXPORT bool DisableBreakpoint(duint address); SCRIPT_EXPORT bool SetHardwareBreakpoint(duint address, HardwareType type = HardwareExecute); SCRIPT_EXPORT bool DeleteHardwareBreakpoint(duint address); The existing functions are listed above, There is no function …

Last reply by Gegul, November 12, 2017

Find all references to an instruction (from call or jump)

November 4, 2017 by CodeExplorer

1 reply
7.5k views

How can I find all references to an instruction (from call or jump): I only know about right click on instruction and "Find references to"->"Selected address(es) Ctrl+R", I also know about graph view, Is there any other way of doing that? Maybe what I search don't even exist!

Last reply by mrexodia, November 4, 2017

CeAutoAsm-x64dbg Plugin

October 4, 2017 by atom0s

1 reply
7.9k views

Overview The CeAutoAsm plugin is a wrapper around a mini-project of mine, ceautoasm.dll. ceautoasm.dll is Cheat Engine's internal auto assembler ripped out into a standalone library that can be used pretty much anywhere in a Windows environment. ceautoasm.dll uses the latest Cheat Engine code base for its internal workings with as minimal changes to the original code as needed to make it work. Some features of the auto assembler and internals have been removed to limit file size and ease of use. Removed Features (General) All ARM / JNI / Unix / Mono features removed. All Lua features are removed. All driver/kernel level features removed.…

Last reply by atom0s, October 5, 2017

Is it a bug ?

August 25, 2017 by opc0d3

10 replies
18.1k views

Alter to graph. Same line different jumps. Should I open an issue ? Regards.

Last reply by sstrato, October 3, 2017

Resolve shortcut work bad!

September 29, 2017 by Xjun

1 reply
5.4k views

I tried to load an lnk file, but the path with the Chinese language, x64dbg suggested File does not exist!

Last reply by mrexodia, September 30, 2017

Flock, plugin for x64dbg

August 31, 2017 by Kurapica

4 replies
5.5k views

The idea of this plugin is simple and was born out an agony I went through while using x64dbg with IDA simultaneously. It solves the problem of stealing the window focus from x64dbg to IDA, each time you single-step in the debugger, the sync plugin in x64dbg will send the sync info to IDA to show the current location and this makes IDA get the focus, very annoying when you are doing a quick single stepping ! This plugin simply restores the focus to the debugger, that's all. Flock_32_64.rar

Last reply by Kurapica, August 31, 2017

Possible bug

August 30, 2017 by albesp77

2 replies
11.4k views

On x86 version i'm unable to commit a push 12345678, only 7 cypher accepted! If you tell me how to see exact build i can reply to you!

Last reply by evlncrn8, August 30, 2017

x64dbg with plugins

August 22, 2017 by ONDragon

1 reply
6.8k views

Who will share A x64dbg with some useful plugins for us.

Last reply by mrexodia, August 22, 2017

x64dbg "ret-sync" plugin, Windows focus fix

August 21, 2017 by Kurapica

3 replies
6k views

Just a quick fix for this plugin to prevent IDA from stealing focus from x64dbg window during stepping. I also added check marks to all the menu items to see which state is active.

Last reply by Kurapica, August 21, 2017

VB program in x32dbg

June 16, 2017 by Aldhard Oswine

2 replies
6.3k views

I'm trying to open VB program and getting following error: VB file is attached, it's from r4ndom's tutorial, works on olly and immunity CrackmeVB1.exe

Last reply by Nemo, June 16, 2017

Kernel driver unpacking with x64dbg

June 8, 2017 by mrexodia

1 reply
6.7k views

A small blog post I wrote. Hope it's interesting! http://x64dbg.com/blog/2017/06/08/kernel-driver-unpacking.html

Last reply by Loki, June 9, 2017

Assembly column in x64dbg's reference window

May 24, 2017 by tr4cefl0w

2 replies
7.3k views

Hey guys, First of all, sorry if this question has already been answered. I looked up first but didn't find anything. So I'm pretty new to reversing and I went through a few of Lena's tutorials but I decided to go through once again using x64dbg this time. Near the end of part 4, it shows OllyDbg's reference window. There is a Disassembly column that shows where the instruction that pushes this string. There is no such thing in x64dbg so I was wondering if there was another method to do the same. Thanks!

Last reply by tr4cefl0w, May 24, 2017

DbgDisasmAt - Other Method

May 22, 2017 by Downpour

6 replies
8.4k views

Hello, I'm currently working on a plugin for x32dbg and I was wondering if there is another way to disassemble a function where I can receive information like the opcode as char so I don't have to work with the char array to see what kind of instruction I'm dealing with. And I also want to know if there is a way to see if the argument from the DISASM_INSTR array is a register, pointer, memory value/constant or such also without dealing with the char array. Regards, Castor

Last reply by Downpour, May 22, 2017

Adding patches via plugin

May 19, 2017 by HellSpider

3 replies
8.2k views

Heya, I'm migrating over to x32dbg from olly 2.01. I wrote a plugin to aid me in decryption of certain internal strings of certain files. I use the code below as an example: unsigned char* data = new unsigned char[len]; if(DbgMemRead(sel.start, data, len)) { decrypt_data(data, len); DbgMemWrite(sel.start, data, len); _plugin_logprintf("[" PLUGIN_NAME "] Region decrypted"); } delete[] data; When I click on my menu to decrypt the currently selected region the result is completely fine. However, the issue is that x32dbg does not recognize the edited memory as being modified (like you would get using Ctrl+E). This means I see a blank screen in the patc…

Last reply by fearless, May 20, 2017

Writing plugins for x32dbg

May 15, 2017 by Aldhard Oswine

3 replies
8.4k views

Thank you for such a great tool @mrexodia , I want to add some little specific feature to x32dbg, nothing important but still useful for me. I have the experience to write programs in python and C++, but have no idea how to create plugin for x32dbg, Is there any good instruction/tutorial about writing plugin for x32dbg?

Last reply by Aldhard Oswine, May 15, 2017

Graph Analysis Zoom In/Out for large code analysis

April 5, 2017 by kittmaster

2 replies
6.5k views

Is there any thought about possibly adding a zoom in and out to get an "aerial" view of the entire code section being graphed? The graph feature is very well executed, the only issues is the constant scrolling left and right because of the amount of jump sequences in a particular region I'm looking at. For small sections, zoom is clearly not needed, but with multiple jump points and multiple landing areas to the same call, it tends to create a lot of left to right scrolling for the draw creation. While I realize the assembly becomes unreadable the further out you zoom, you can still track the jump hierarchy (maybe with a "tooltip code eyeglass" for fast reference and…

Last reply by kittmaster, April 5, 2017

Symbols tab > Executable Module Path Caller

April 3, 2017 by kittmaster

3 replies
5.7k views

Love my Olly, but really diggin x64DBG. One question I can't seem to sort out. When you are in Olly, and your at the entry point, if you open the executable modules, you see your .exe. When you run it, you can see what dlls are being loaded and can ultimately sort by path location to see which dlls are in play. I can see all the dlls under symbols, but what is not seen is the path and caller of which dll from user vs system. Is there a way to track that? I can see it says "user" "system" "party" but It would be helpful when searching for APIs or strings when your looking for any given routine to know the caller path. Is this just not implemented or am…

Last reply by mrexodia, April 5, 2017

Debugging a Plugin

March 21, 2017 by fred26

6 replies
6.6k views

How can I debug a plugin? I can imagine that same way debugging a regular DLL ? Thanks

Last reply by fearless, March 22, 2017

Sign In