x64dbg

[BHA]

@Kurapica - The dialog opens for me just find, but no matter what application I patch it is always corrupt.

[mrexodia]

See https://github.com/x64dbg/x64dbg/issues/1407

As for why the executable is broken. Use a binary differ to see what actually changes. My guess is that you broke the executable.

[BHA]

@mrexodia - I'll check that differ out mate thanks. All I changed was x2 jne's to jmp's.

[JustAGuy]

I have a few questions.

1. Why when I want dump memory to file x64dbg forces me to give the file name an extension, is it necessary?

2. Is it possible to see "all" the characters in dump view window, like in olly ? Majority of them are represented now just as dots in x64dbg

3. Is it possible to see in breakpoint tab the instruction to which breakpoint is set?

4. What happened to blog , last update was in december.

 

Edited February 19, 2017 by JustAGuy

[mrexodia]

1. Yes.

2. Yes, select the right code page.

3. No, you can see it in the edit dialog.

4. Have been super busy recently, I will try to start updating it again soon.

If you have any feature requests or bug reports, please create individual issues at http://issues.x64dbg.com

[JustAGuy]

regarding the code page

Changing codepage makes the right side of characters unaligned , I did not go thru all the codepages, there is dozens of them, but none of them(so far) except predefined 'ascii' and 'extended ascii'  aligns right side even if I pick same font as olly has. It's possible to have right side nicely aligned and at the same time have all the ASCII characters displayed? 

Noname.bmp

[Dinokavengeer]

I want to change byte on memory address with x64dbg - Win10 x64

like this code

mov al,0x90

mov [address],al

and nothig happend

This code not execution? 

Some help how to write with x64dng on memory arddress? I want to iject code,why file do not wont execute if I change some code!

/plugin illuminate cloud/

 

 

[mrexodia]

It's not clear to me where exactly you wrote this code @Dinokavengeer

In the command bar:

byte:[address]=0x90

Should work...

[Dinokavengeer]

sorry for my bad english...

I want to iject some code (must only 3 byte) on file TurboActivate.dll when execution (file winpty.dll function free) code . I understand that is not x32 system to iject (not very hard) on memory code. Yes, when I click on byte and use function on windows Binary edit - everything is OK.     I write (patch ) TurboActivate file and.... when load to execute file do not want to work (Thish is java code..load virtual mashine and perhaps check file in jar file first ) 

I want like with x64dbg when file load ,  check with getprocaddress where are address on function and know [address] ,byte which must be written. But there only  -- mov [address],al do not work---- I see thath  x64dbg on function bynary edit

call qt5core.dll->x64gui.dll->call <QbyteArray::begin>

                                                call ds:<Sleep> Window return rax=address writen byte

                                                call x64dbg.memcpy 

                                                call mscrt120.dll

and write on memory to be execute progrmam code

 

I want when execute program on line to change byte ....on section code with assembler rule of course (on picture do no folow rule it is only for test)

 

Edited August 15, 2017 by Dinokavengeer

[Dinokavengeer]

I thing I can write like program x64dbg in memory. I found function on x64dbg.dll Know is OK!

/Of course x64dbg is the best/

[evlncrn8]

and how did you set the eip (rip for x64) to your injected code? (which also needs some way to jump back by the way

i dont think you really know what you're doing ..

and as for patching the file and it not loading - it most likely is checksummed or checked by the program

Edited August 18, 2017 by evlncrn8

[Dinokavengeer]

it easy (You can import any function with cff explorer to any file /exe or dll/ ) - first - getmodulehandle return address dll file in memory and getprocaddress return address function which you want change byte. Call x64dbg.dll on correct address and correct parameter /address, byte and value byte/ to change memory address with byte which you want! That work! /yes you must with cff explorer import some dll from x64dbg project /Yes checked summ or another parameter in jawa process file happened and i do not want to change this dll/

[mrexodia]

I don't understand what's happening here. Can I helper with something @Dinokavengeer?

[Dinokavengeer]

@mrexodia I shift for myself. Code and program x64dbg learn well!  10x!

[sstrato]

Starting from the next snapshot at 3779, the data is displayed incorrectly.

snapshot 3779.

snapshot 3794.

[mrexodia]

@sstrato Thanks, I found where the issue is and a fix will be out soon.

[Olfert]

Thank you for a great job. keep going on. x64 is the best.  

 

[Mad Max]

On 13.10.2017 at 8:35 PM, sstrato said:

Starting from the next snapshot at 3779, the data is displayed incorrectly.

snapshot 3779.

snapshot 3794.

 

Is this a plugin in your Screen with the Tools??

Mercy.

[LCF-AT]

Hi,

I was playing a little with the x32dbg to check out the GUI / settings and handling etc and I have 2 questions.

1.) Is there no PE Header view?

2.) Why is the disassemly button in dump window disabled to show dump window also in disassembly style?No such view in dump window?

greetz

[JustAGuy]

How can I increase 'Find Pattern' search limit , it is set to 5000.

[pl3xx]

God bless you for this shit !

[Progman]

The PE header isn't apart of the runtime memory model necessarily.  It would need to be read from disk.  The loader is free to copy it, overwrite or modify it however it likes including recycling the memory.  Generally you can find out the original command line of a process from the OS and try to use a PE browser to do this.  It's certainly not guaranteed to be intact at runtime and it would have no effect on the program to modify it unless the program was using self introspection.