Jump to content
Tuts 4 You

static binary analysis


fletcher

Recommended Posts

Posted

how can i do it?(no debug, only static analysis)

Posted

I think you fire up X64dbg, you load your target on it, go to entry point and start your scrolling through the code without running your target...

Posted

You cannot. You can appoximate it by running until the system breakpoint and go to the entry point manually.

  • Like 1
  • 1 year later...
Posted (edited)

Please excuse to revive this old post, but IMO, and specially for newbie (like me)......

Who is newbie (like me) in art of reversing/cracking, may found a good help with a non intrusive debugger.

At the moment I utilize two debugger: the uncomparable "x64dbg" and the best for games "Cheat Engine".

x64dbg is absolutelly fabolous, but it is an intrusive debugger.

Cheat Engine is "game oriented", but also incorporate a good debugger, but the beauty is that it also get us a NOT intrusive debugger; I refer about the possibility of look at the code of the running program and letting us the possibility of reading all memory, patch on the fly, get handle of windows, pause the process, etc. with NO NEED to attach the debugger (unless of course you wanna set breakpoint); so many time when the prog is packed we may, without unpacking ( a very hard way for a newbie)  we get the code with full reference to string, intercall, etc. with no care about antidebugging tricks.

F.e. in the past I remember I was able to patch on the fly an Armadillo protected program who is infamous to lock debugger creating a child process.

A person really clever than me told:

******************************************************************************************************************************************************

Yes, this is possible. You can replace TitanEngine.dll with https://github.com/mrexodia/StaticEngine and “attach” to a running process.

There is however no way to switch debugging modes and breakpoints etc will simply not work

******************************************************************************************************************************************************

I have just compiled both for 32/64 but this dll seems is not working under win10.......

why don't release un update ? 🙂

Many thanks

p.s. please excuse, just now I have try to recompile with VS2013, and now il does work.......

 

Edited by danrevella
upgrade

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...