samoray Posted October 31, 2016 Posted October 31, 2016 Dear members, my question is about the use of X64dbg (32 or 64 bit any of them) 1- Can anyone, please help me understand the concept behind SEH (structured exception handler) and whether we can use it to reverse an application? 2- and how to use the "watch" feature in x32dbg, I tried it in many ways without prevail... A video tut would be very much appreciated. 1
Nemo Posted November 1, 2016 Posted November 1, 2016 Try googling took me less than a second to find this out.. don't be lazy.. i only googled "structured exception handler" and found plenty of info..
samoray Posted November 1, 2016 Author Posted November 1, 2016 Thanks for your reply , I searched many times and read many papers but my question is limited to using SEH in reversing applications .
kao Posted November 1, 2016 Posted November 1, 2016 Googling gives lots of useful resources for that one too: https://www.google.com/search?q=SEH+reversing Perhaps you should ask a more specific question, not just "Can I use chip tuning to make my car go faster? My question is limited to petrol engines." 3
samoray Posted November 1, 2016 Author Posted November 1, 2016 3 hours ago, kao said: Googling gives lots of useful resources for that one too: https://www.google.com/search?q=SEH+reversing Perhaps you should ask a more specific question, not just "Can I use chip tuning to make my car go faster? My question is limited to petrol engines." , "kao" you're very funny. thank you for passing by, let me google little more and post my question more specifically. anyway can give me any hints for my second question?
kao Posted November 1, 2016 Posted November 1, 2016 Your second question is more for @mrexodia - I'm not using that feature. I think you'd get an answer faster if you'd ask it in x64dbg subforum: https://forum.tuts4you.com/forum/139-x64dbg/
mrexodia Posted November 2, 2016 Posted November 2, 2016 (edited) The watch view allows you to watch changes to the value of an expression. See http://help.x64dbg.com As an example you can set a watch on [402030] and it will watch the dword at 402030 you also have a watchdog feature that will log changes to the expression. Usage should be pretty easy, just add the expression you want to watch and enable the watchdog. Combined with tracing you can see various values in memory and how they change during the trace. As for SEH (not enabled in 64 bit because that uses static SEH) you can see the current exception handler value. You can also see this in the stack this is for example used with try/catch in C/C++ Edited November 2, 2016 by mrexodia 3
abhi93696 Posted November 3, 2016 Posted November 3, 2016 @samoray u can also use the manual available in x64 debugger-: "x64dbg_manual.chm" for full details see "watch control" in "commands". 2
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now