samoray 56 Posted October 31, 2016 Dear members, my question is about the use of X64dbg (32 or 64 bit any of them) 1- Can anyone, please help me understand the concept behind SEH (structured exception handler) and whether we can use it to reverse an application? 2- and how to use the "watch" feature in x32dbg, I tried it in many ways without prevail... A video tut would be very much appreciated. 1 Share this post Link to post
Nemo 158 Posted November 1, 2016 Try googling took me less than a second to find this out.. don't be lazy.. i only googled "structured exception handler" and found plenty of info.. Share this post Link to post
samoray 56 Posted November 1, 2016 Thanks for your reply , I searched many times and read many papers but my question is limited to using SEH in reversing applications . Share this post Link to post
kao 1,958 Posted November 1, 2016 Googling gives lots of useful resources for that one too: https://www.google.com/search?q=SEH+reversing Perhaps you should ask a more specific question, not just "Can I use chip tuning to make my car go faster? My question is limited to petrol engines." 3 Share this post Link to post
samoray 56 Posted November 1, 2016 3 hours ago, kao said: Googling gives lots of useful resources for that one too: https://www.google.com/search?q=SEH+reversing Perhaps you should ask a more specific question, not just "Can I use chip tuning to make my car go faster? My question is limited to petrol engines." , "kao" you're very funny. thank you for passing by, let me google little more and post my question more specifically. anyway can give me any hints for my second question? Share this post Link to post
kao 1,958 Posted November 1, 2016 Your second question is more for @mrexodia - I'm not using that feature. I think you'd get an answer faster if you'd ask it in x64dbg subforum: https://forum.tuts4you.com/forum/139-x64dbg/ Share this post Link to post
mrexodia 1,460 Posted November 2, 2016 (edited) The watch view allows you to watch changes to the value of an expression. See http://help.x64dbg.com As an example you can set a watch on [402030] and it will watch the dword at 402030 you also have a watchdog feature that will log changes to the expression. Usage should be pretty easy, just add the expression you want to watch and enable the watchdog. Combined with tracing you can see various values in memory and how they change during the trace. As for SEH (not enabled in 64 bit because that uses static SEH) you can see the current exception handler value. You can also see this in the stack this is for example used with try/catch in C/C++ Edited November 2, 2016 by mrexodia (see edit history) 3 Share this post Link to post
abhi93696 15 Posted November 3, 2016 @samoray u can also use the manual available in x64 debugger-: "x64dbg_manual.chm" for full details see "watch control" in "commands". 2 Share this post Link to post
