x64dbg

I have been reading the documentation to implement some Debug API functions in a plugin. http://x64dbg.readthedocs.io/en/latest/developers/functions/debug/DbgDisasmAt.html I see a lot of functions, but where can I see the C/C++ prototypes or signature of each one ? Is this link still a working progress doc ? If so, that's fine but would like if someone can point some samples maybe where I can see the functions working. Thanks!

IDA Pro can detect some functions from varies libraries, how can I import this function names from IDA to x64dbg?

Hello everyone, As Artic suggested, this topic is for feature suggestions. Post anything you wanna see in the next release here. Make sure to also post it over at https://bitbucket.org/mrexodia/x64_dbg/issues/new Greetings, Mr. eXoDia

Hello, on windows xp, what is best solution to run x64dbg in kernel mode? thanks

""Author: qwerty9384 "" Description: Many thanks to the Author OWImports_[unknowncheats.me]_.zip

Author: qwerty9384 Thanks to the Author *** Sorry it's a double post, I havent seen that it was already posted, Please admin delete this thread*** x64dbg_AttachHelper.zip

This plug-in automatically restores that "DbgBreakPoint", "DbgUiRemoteBreakin". x64dbg_AttachHelper.zip

Hi, I'm not sure if there is a problem or I have to set up a specific option in x64dbg to auto-update from the User Interface. When I click on the "Check for updates" button, I get the following error: --------------------------- Network Error! --------------------------- Error creating SSL context () --------------------------- OK --------------------------- I'm using snapshot "Nov 2 2016" but the same error appears with previous snapshots. Of course, I have checked that I have internet connection and no firewall is active. Any help is appreciated. Thanks!

Dear members, my question is about the use of X64dbg (32 or 64 bit any of them) 1- Can anyone, please help me understand the concept behind SEH (structured exception handler) and whether we can use it to reverse an application? 2- and how to use the "watch" feature in x32dbg, I tried it in many ways without prevail... A video tut would be very much appreciated.

Hi, I have been ready lots of the documentation and feature request but I have not found it. Sorry if this feature is already available and I missed it. 1) Is there any command to display the content of a specific address? Something like "d eax", "d 0x401000", etc. 2) I can see that there is an option to bypass INT3 instructions. I place few of them in my source code to debug my code, but it's a bit painful that I have to "manually" trace/skip each INT3. Is there any way to make x64dbg to behave like OllyDbg or WinDbg? For example, I put four INT3 instructions, and I just want to press "GO" in each INT3 as I'm interested in stopping in the last INT3 of my s…

in breakpoint tab, add a menu, provide breakpoint import, backup, will it possible implement? also, if can compatible with ollydbg breakpoint import, will be more preferred. thanks.

Hello, I'm very new to assembly/disassembly and x64dbg. I just picked it up because I need to patch an old version of Nvidia Screen Capture Service so that it doesn't automatically force-change my Twitch titles. Newer versions of this program do not do this, but the newer versions are also unusable for me. The old version works perfectly fine except for this oddity. So I've found the function call and the address I'd like to jump to, and while using XEDParse, I get this (seems good?): But while using asmjit I get this: My question is, what does "Invalid State" refer to? Is this a syntactical error on my part? Also, does it matter whic…

Hi This is just a work in progress so don't expect too much. Please test it and report if you find bugs. I use it like this : First you need 2 break points to trace between, Start and End. 1 - Throw your target in the debugger. 2 - The Start point should break. 3 - Start the plugin. 4 - Enter the name of the module you are interested in, the plugin will try to detect the name where RIP is now. 5 - Enter the target VA, i.e the point where logging should stop, It's your End point from above. There will be single stepping into this module but if RIP goes out of this module then there will be stepping over…

Hello there, 1. Is it me or the "Run to user code" not working? It seems that I could not make x64dbg pause at user code. Is it a bug? 2. Could you comment out the "SetForegroundWindow" in cbStep()? I have a plugin which is a dialogbox that has 2 button "Run" and "Pause". When it is in running mode, it continuously calls "eSingleStep", SetForegroundWindow in cbStep() is called and makes the main window form active. Since then I could not press the "Pause" button on my dialogbox because the main window is always active and the dialogbox is always inactive. Thank you.

Saludos

Hi there, In x32dbg when i try to patch file it shows me 0/x patch(es) applied knowing that i try to change Jne to Jmp or adding mov al,1 to an empty byte as in these images

Automating x64dbg using Python. https://github.com/x64dbg/x64dbgpy Has been out for quite some time, but I did some slight improvements so now it should be more friendly to use now. I also compiled PyQt5 specifically with x64dbgpy in mind.

waiting for since 3 years over, when implement unicode string search?

Hi guys, script for unpack upx modified is available in somewhere?

Been running with this problem lately, don't know what seems to be causing it. And that's for every single x64. Q: Are you using the latest snapshot build? A: Yes

Looking for writers! 09 Jul 2016, by mrexodia This will be the official blog for x64dbg. This blog is looking for writers! Send a pull request here to get your content related to x64dbg posted here. Topics Personal or corporate usage of x64dbg (Make sure to keep it legal). Development of x64dbg. Feature showcase (cool features you want to demonstrate). Plugin showcase. Script showcase. Anything else related to x64dbg… Thanks, Duncan

When closing X - DBG with the window dump for example in text mode., the rerun and select Hex dump window is not displayed correctly.

Hello guys, A couple of days ago @Mr. eXoDia published on crowdin x64dbg translation project. Basically who wants to help need to translate from English to his/her mother language. We are from all over the world here in tuts4you and i think that we must help to thank him creating x64dbg. You can find the project page here: https://crowdin.com/project/x64dbg crystalboy

Version: x64dbg, compiled on May 26 2016, 01:07:33 | Windows 7 Home Premium 64-bit SP1 Is there a way to increase the exceptions range for 64-bit targets? I am unable to ignore all exceptions. Whether I manually add them all via 'add last' or set my exceptions range from 00000000-ffffffff, nothing seems to work. I've also tried running the target while skipping exceptions (shift+F9) to no avail. The target process never crashed and was able to run without any issues while the debugger was attached. Are there any workarounds for this? Am I doing something wrong? Thanks.

Hi, Currently, I am writing script with x64dbg feature. The question is how can I save the log info to a new file, as alike as "wrta" cmd in OllyDbg. mov vBp,0000000140238A8F bphws vBp,"x" LOOP: erun cmp cip,vBp jnz LOOP log "RVA: {d0} VA: {p1} Size: {d2}",rax, rcx, rdx jmp LOOP Here is what I got in x64dbg, every stop at vBp, there is a info "Hardware breakpoint (execute) at 0000000140238A8F !" . Can I remove it with changing settings/preferences ?