x64dbg
An open-source x64/x32 debugger for windows...
172 topics in this forum
-
x64dbg Menu
by Bl@ck Virus- 3 replies
- 13.8k views
Hello is there any way that I can add more menu to x64dbg ? Like old debugger ( Ollydbg ) tnx
-
How Convert Offset To VA
by Bl@ck Virus- 8 replies
- 10.7k views
hello all how can I convert Some DLL Offset address to VA ? can i do it directly by x64dbg ? tnx in advance am.dll
-
- 7 replies
- 6.5k views
Hello guys, Now I made script of x64_dbg. I wish that I develope script which log trace log. but I cannot implement for log anything on script API. Is there any script API for that doing, logging or saving? For my wish, Should I develop feature as plug-in? I found API, refinit/refadd, but It is not enough to me
-
Themes for x64_dbg
by cypher- 4 replies
- 16k views
So now that coloring is supported I made x64dbg look like my olly so I finally feel "at home". (Also because all other features I missed are now mostly supported) Theme is derived from the original Olly scheme by "Patrick from France", his original quote about it you can add it by replacing the [Colors] section in the .ini with the following [Colors] AbstractTableViewBackgroundColor=#000000 AbstractTableViewHeaderTextColor=#000000 AbstractTableViewSelectionColor=#000080 AbstractTableViewSeparatorColor=#0000FF AbstractTableViewTextColor=#FFFBF0 DisassemblyAddressBackgroundColor=#XXXXXX DisassemblyAddressColor=#808080 DisassemblyBackgro…
-
Cant find module
by eychei- 0 replies
- 7.1k views
Hello everyone, im new her and do have a question. I did debug an executable and changed some code. When im trying to save the file an error pops up that the module name couldnt be read. Does anyone know why this is happening? I can send the file if someone wants to look at it. It seems to me that the changes I want to write are not in the executable but maybe in memory. Attached is the String im changing. I just want to noop the jmp command.
-
Invalid Variable Name?
by 0xNOP- 3 replies
- 7.6k views
I'm still getting used to this scripting engine... so far for all the other versions variable declarations where: var x and that was goo... however... I do it and in the log window, I get "Invalid Variable Name" ? should I declare it in a specific scope? or it can be under a label scope ?
-
HBP problems
by sstrato- 0 replies
- 8.1k views
When you run a program when creating hbp in a memory location created by this program entirely correct. The problem arises when the program is running and when it re-creates the same memory locations are disabled and the BPH is impossible to erase restarts. Video example. HBP.wmv
-
noticed some bugs
by Artic- 4 replies
- 7.7k views
1) when i delete or rename my target, when its running in x64dbg, its crashing, when i stop it or just restart it. 2) when a target runs in x64dbg and i load a new one, via drag and drop, x64dbg freezes, but does not crash. my typical workflow maybe.
-
Scripting Findasm command
by sondzark- 2 replies
- 6k views
Hi, first of all thx for everyone that worked on this project, its fantastic, and thx to this fantastic community, im trying some basic scripting and i want to search to all the instructions cmp in a pattern, so i was trying something like Findasm "cmp ?, ?" without success, is there a way to do that using wildcard characters or through other commands to search all the cmp instructions in a pattern? thx in advance
-
failed to restart the debugger
by Jhonjhon_123- 3 replies
- 4.8k views
I have this error when you restart the debugger, so simple, please watch the video where this error. Thank you. error.zip
-
simple script fail
by Jhonjhon_123- 6 replies
- 7k views
Hi, I'm writing a simple script to search the OEP of MPRESS, something very basic. but not if I'm doing some wrong command, or a bug. The problem is that in line 6 does not run correctly and does nothing, then the comment should be in the OEP is set to the jump just before going to the OEP Image: http://i.imgur.com/izPmah3.jpg // start msg "MPRESS OEP Finder v1.0 By Jhonjhon_123" // clear all bph bc bphc // go run sti bphws esp,rw run sti cmt eip,"OEP; MPRESS OEP Finder v1.0 By Jhonjhon_123" // end ret I attached the sample crackme which is not working. I am using Windows XP SP3. Thank you. CrackeMeby°Designer Shoes°.zip
-
An Introduction to x64_dbg
by chessgod101- 21 replies
- 15.3k views
I just published a definitive tutorial for x64_dbg. It documents its settings and features and shows you how to use the tool to effectively debug a 64-bit application. This tutorial is aimed at beginners, but has some information that may be useful to more advanced reverse engineers. I hope you enjoy and feel free to ask any questions you may have. http://reverseengineeringtips.blogspot.com/2015/01/an-introduction-to-x64dbg.html
-
Invalid-PE Error
by pyutic- 4 replies
- 12.9k views
Hello guys, I found a bug of x32_dbg. though it is valid-pe file and can be executed on the 32-bit system, x32_dbg cannot open a file with error, INVALID_PE FILE. Attachment file is binary, mentioned above. It is a crackme of CODEGATE PRE-QUAL 2011. codegate2011_b500.zip
-
x64_dbg Snapshots
by mrexodia- 13 replies
- 9.5k views
Hey everyone, Because I personally don't have so much time as before I set up a service that automatically builds snapshots from the x64_dbg master branch. If you find a bug, please also verify that it's still in the snapshot. The snapshots are generally considered stable, but you should not them for plugin development. Download Snapshots: https://sourceforge.net/projects/x64dbg/files/snapshots/ Greetings, Mr. eXoDia
-
some feature suggest and request.
by Dragon Palace- 3 replies
- 5.7k views
1. didn't you see, when we click on next asm code of jump xxxxxx, the red arrow jump line will automaticlly showed on OllyDBG, but none in x32dbg. eg: 00401000 jnz 004010004 00401001 xxxxxxxxxx 00401002 xxxxxxxxxx 00401003 jmp 00401005 00401004 xxxxxxxxxxxxxxxxxx <----------- If you click here, the red jump line will automatic showed in OllyDBG jump from 00401000, but none in x32dbg, will this implement? 00401005 xxxxxxxxxxxxxx 2. didn't you see, when we search something, will result many, at current, we need set each breakpoint by press F2 many times one by one, so if I find thousand times of mov al, 1, should I need press F2 shousand times to set b…
-
x64_dbg Screen Recordings
by mrexodia- 2 replies
- 5.9k views
Hey everyone, We would appreciate screen recordings that show you working with x64dbg to see about the usability of the software (or features people generally don't know about). These recordings will be kept confidential if desired. I think they would really help us to figure out what is needed most for x64dbg in the future. Recently I saw Reaver from teknogods working live with x64dbg and I immediately found some things that needed fixing. Feel free to PM your recordings to me or post them publicly in this forum. Greetings, Mr. eXoDia
-
Process terminates on attach
by Schnappi- 8 replies
- 14.3k views
Hello,I have stumbled on application I would like to debug. Since it's 64-bit app the OllyDbg is already out of the picture, so I thought I could use x64_dbg. When I try to attach to that process it starts loading all modules and then I get "Terminated: debugging stopped". I tried to play around with ScyllaHide to the point I enabled all options -> didn't help at all. Tried TitanHide -> nope. I also tried to suspend the process first, but it still terminates on attach.It also shows weird behavior when using Cheat Engine's debugger -> when I set breakpoint the application crashes with single-step or maybe breakpoint exception ( don't remember, but I can eventually…
-
Testing x64_dbg UNICODE support...
by mrexodia- 8 replies
- 9.3k views
Hello everyone, Recently there have been some questions regarding UNICODE support in x64_dbg. If you're a Chinese/Russian/Vietnamese/Japanese/Whatever user, please try this test version on your computer and report any bugs on http://issues.x64dbg.com or in this topic. Everything inside x64_dbg should have UNICODE support. Comments/variables/scripts etc are all supported (hopefully). Notice that your script files should be encoded UTF-8 without BOM. Notice that this is not an official release. This is a branch called 'utf8_support', if it turns out to be working good, there will be a new release. Attached the test build. Greetings, Mr. eXoDia dev22g.r…
-
- 3 replies
- 5.1k views
sometimes i have multiple breapoints i would like to disable, for the moment i have to click them all separate, is it possible that with every space typing could let the "curser" go up to the next one and typing again will deactive this one too? ollydbg v2 has this feature. like always if its not clear, write me a pm
-
Some little fix
by Hellsp@wn- 15 replies
- 17.1k views
1. if I click cancel in patches windows then see error "failed to save ..." 2. if I want select lines in stack windows it possible only in the second column 3. u can add option to disable register comment anywere? like olldbg - only current EIP 4. can add option to save colums size on main window?
-
some improvement suggestion.
by Dragon Palace- 9 replies
- 7.9k views
1. how about add horzontal and vertical scroll bar in each windows, ie: assembler window, register window 2. how about add CTRL + F to find special string in searched list strings? 3. How about infobox? implement it yet? If I want to serial fishing when use it to show serial numbers when I infinity F7, F8,
-
I find a bug in font setting
by Dragon Palace- 7 replies
- 8.3k views
when I setting the font, it says setting saved, but when I restart x32_dbg.exe, it restored default setting, my os is chinese x64 win 7 ultimate. will you fix it?
-
Additions in CPU tab?
by Siarogak- 13 replies
- 7.8k views
Mr. eXoDia is it possible to make some additions in CPU tab? I think It will be very usefull to add option to make view like this
-
Opening process with arguments
by biex- 1 reply
- 5.6k views
Hello, how do you open a process with specific cl arguments? thanks. I thought the second argument of init/initdbg was supposed to do that?
-
How to save the bin after patch?
by rxzcums- 5 replies
- 6k views
help anyone knows how to save the bin after patch done? or have not implement this fuction yet? rxz
