Jump to content
Tuts 4 You

x64dbg


mrexodia

Recommended Posts

mrexodia

Mr. eXoDia,

First I want to say thank you very much for such a good idea and a wonderful work.

I just found about X64_dbg by chance 2 days ago, yesterday I saw you uploaded a new snapshot, I gave it a try it and it's working fine for me, I tired to compile the git head version and the process went smooth as expected.

I'm very impressed and I see x64_dbg has a good potential over others I tried in the past. I am trying now to learn more about it's internal and see where I can contribute , I saw the issue tracker hopefully I can reproduce some of the issues and it will be my first step to know more about how it works internally.

Thank you again for the Wiki, the help file, and the website and all the work you guys did.

I have couple questions, please tell me if there is another forum or post where you discuss, issues, features, design decisions..etc, I will appreciate it so much

Thank you and have a nice day

Thanks! You can come in contact using IRC (#x64dbg on Freenode) or by posting a topic in this forum (there is a special section for questions etc). You can also hit me up on skype/whatever or when I'm live on http://live.x64dbg.com

Link to post
  • Replies 220
  • Created
  • Last Reply

Top Posters In This Topic

  • mrexodia

    81

  • sstrato

    21

  • Artic

    8

  • GIV

    7

Top Posters In This Topic

Popular Posts

Hi everyone,   Maybe some of you heard it already, but Sigma and I are working on an x32/x64 debugger for Windows for a few months now... The debugger currently has the following features:

@sstrato Thanks, I found where the issue is and a fix will be out soon.

@mrexodia: Since you love the free publicity, would you consider adding x64dbg project to the #hacktoberfest?

Posted Images

I'm actually starting to prefer to use this debugger over olly lately. :) Really Great Work :D

Indeed. X64dbg is far away better than olly.

  • Like 1
Link to post
  • 3 weeks later...
mrexodia

Hi, thank you for the x64dbg.

 

I am trying to open 64-bit dll, but it writes that PE is invalid (see the attachment)

What is wrong?

 

Thnx.

It is because your file is not a valid PE file (at least according to CFF Explorer)...

Link to post
  • 2 months later...
xxx22xxx

i have problem with scripts for themida unpack!


 


there is every time comming error with double line and error with %RESULT wrong command


 


how can i fix it?


 


the script name "Themida ultra unpacker 1.4" and "Themida multi unpacker 1.2"


 


please help


Link to post
mrexodia

I doubt there is, since I don't recognize the command :) However, you can very easily write commands yourself, by either writing a plugin or by sending me a pull request.

Soon I plan on deprecating this way of scripting anyway, but until then feel free to add commands :)

Link to post

from ollydbgscript


dm- dump memory region to file


lm- write to mem from file


 


i didn't find how write byte or word or dword to memory by script  for x64


 


ps


founded


sorry

Edited by av999 (see edit history)
Link to post
  • 5 weeks later...
  • 1 month later...

Hi.


Pardon my question, it may sound stupid.


How i can search in memory map a hex value on debugged file virtual space?

Link to post
  • 2 weeks later...
mrexodia

It was implemented in one of the latest snapshots. Look for 'Find Pattern...' in the memory map


 


Greetings


  • Like 1
Link to post
  • 3 weeks later...

@GIV

NOTE: You need to put NtApiCollection.ini in the same directory as ScyllaHide.dll

or the following hooks will not work:

NtUserQueryWindow, NtUserBuildHwndList, NtUserFindWindowEx

Info about NtApiCollection.ini:

Some Nt* WINAPI functions are not exported by a DLL, so it is necessary to get

the function adresses from another source. The other source is the PDB file.

The adresses can be resolved with this tool: https://bitbucket.org/NtQuery/pdb-getprocaddress

It will download the PDB file from the Microsoft server to resolve the missing function adresses.

Binaries: https://bitbucket.org/NtQuery/scyllahide/downloads/NtApiTool.rar

  • Like 1
Link to post

@GIV

NOTE: You need to put NtApiCollection.ini in the same directory as ScyllaHide.dll

or the following hooks will not work:

NtUserQueryWindow, NtUserBuildHwndList, NtUserFindWindowEx

Info about NtApiCollection.ini:

Some Nt* WINAPI functions are not exported by a DLL, so it is necessary to get

the function adresses from another source. The other source is the PDB file.

The adresses can be resolved with this tool: https://bitbucket.org/NtQuery/pdb-getprocaddress

It will download the PDB file from the Microsoft server to resolve the missing function adresses.

Binaries: https://bitbucket.org/NtQuery/scyllahide/downloads/NtApiTool.rar

Link to post

@Giv

NOTE: You need to put NtApiCollection.ini in the same directory as ScyllaHide.dll

or the following hooks will not work:

NtUserQueryWindow, NtUserBuildHwndList, NtUserFindWindowEx

Info about NtApiCollection.ini:

Some Nt* WINAPI functions are not exported by a DLL, so it is necessary to get

the function adresses from another source. The other source is the PDB file.

The adresses can be resolved with this tool: https://bitbucket.org/NtQuery/pdb-getprocaddress

It will download the PDB file from the Microsoft server to resolve the missing function adresses.

Binaries: https://bitbucket.org/NtQuery/scyllahide/downloads/NtApiTool.rar

Link to post
  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...