Jump to content
Tuts 4 You

Edit History

Benten

Benten


The Lord himself has spoken atlast

Real Solution from Mr.Exodia himself:

6 hours ago, mrexodia said:

The yara commands will put the result in the references view. You can use “ref.addr(0)” to get the address of the first found reference. Then “ref.addr(1)” for the second, etc...

You don't have to look any further, that's how awesome Mr. Exodia is.

Hello Guys,

I was wondering if you guys could point me to a pattern search similar to Yara pattern search (Eg. Pattern: 00 00 [5-6] ?? ?? FF) within X64DBG scripting, or may be someway to use that Yara pattern inside X64DBG scripting.

Also is there by any chance could I set the $res1 to $res3 with subsequent search results (I mean $res = first result; $res1 = second result so on and so forth over a single pattern search). A way to get the results in an array, hope you got the idea.

Why I need it perhaps you might ask; Well I was working on a randomized obfuscation code where the basic code is essentially the same but the random junk is different in each iteration. So conventional pattern searching is obviously not the way to go about this one. But I found Yara pattern search making some sense with it, that brought up the question..

Thank you all, you guys are amazing.

//============================================================================================================
[Solution]
//============================================================================================================

Adding below code at the yaraScanCallback() would solve the issue.

Location to add the code: Here

Code:

//---------------------------------------------------------------------------------------------------------------
if (index == 0)
	varset("$result", addr, false);
else if (index == 1)
	varset("$result1", addr, false);
else if (index == 2)
	varset("$result2", addr, false);
else if (index == 3)
	varset("$result3", addr, false);
else if (index == 4)
	varset("$result4", addr, false);
//---------------------------------------------------------------------------------------------------------------

Image:

soyovHR.png

[Request]

//---------------------------------------------------------------------------------------------------------------
1. I hope Mr. Exodia will consider my request in future updates.

2. Also you guys may feel free to let me know if this has any undesired impact.
//---------------------------------------------------------------------------------------------------------------

Highest Regards,

Ben

Benten

Benten


Added Solution - Finally

Real Solution from Mr.Exodia himself:

6 hours ago, mrexodia said:

The yara commands will put the result in the references view. You can use “ref.addr(0)” to get the address of the first found reference. Then “ref.addr(1)” for the second, etc...

You don't have to look any further, that's how awesome Mr. Exodia is.

Hello Guys,

I was wondering if you guys could point me to a pattern search similar to Yara pattern search (Eg. Pattern: 00 00 [5-6] ?? ?? FF) within X64DBG scripting, or may be someway to use that Yara pattern inside X64DBG scripting.

Also is there by any chance could I set the $res1 to $res3 with subsequent search results (I mean $res = first result; $res1 = second result so on and so forth over a single pattern search). A way to get the results in an array, hope you got the idea.

Why I need it perhaps you might ask; Well I was working on a randomized obfuscation code where the basic code is essentially the same but the random junk is different in each iteration. So conventional pattern searching is obviously not the way to go about this one. But I found Yara pattern search making some sense with it, that brought up the question..

Thank you all, you guys are amazing.

//============================================================================================================
[Solution]
//============================================================================================================

Adding below code at the yaraScanCallback() would solve the issue.

Location to add the code: Here

Code:

//---------------------------------------------------------------------------------------------------------------
if (index == 0)
	varset("$result", addr, false);
else if (index == 1)
	varset("$result1", addr, false);
else if (index == 2)
	varset("$result2", addr, false);
else if (index == 3)
	varset("$result3", addr, false);
else if (index == 4)
	varset("$result4", addr, false);
//---------------------------------------------------------------------------------------------------------------

Image:

soyovHR.png

[Request]

//---------------------------------------------------------------------------------------------------------------
1. I hope Mr. Exodia will consider my request in future updates.

2. Also you guys may feel free to let me know if this has any undesired impact.
//---------------------------------------------------------------------------------------------------------------

Highest Regards,

Ben

Benten

Benten


Added Solution - Finally

Hello Guys,

I was wondering if you guys could point me to a pattern search similar to Yara pattern search (Eg. Pattern: 00 00 [5-6] ?? ?? FF) within X64DBG scripting, or may be someway to use that Yara pattern inside X64DBG scripting.

Also is there by any chance could I set the $res1 to $res3 with subsequent search results (I mean $res = first result; $res1 = second result so on and so forth over a single pattern search). A way to get the results in an array, hope you got the idea.

Why I need it perhaps you might ask; Well I was working on a randomized obfuscation code where the basic code is essentially the same but the random junk is different in each iteration. So conventional pattern searching is obviously not the way to go about this one. But I found Yara pattern search making some sense with it, that brought up the question..

Thank you all, you guys are amazing.

//============================================================================================================
[Solution]
//============================================================================================================

Adding below code at the yaraScanCallback() would solve the issue.

Location to add the code: Here

Code:

//---------------------------------------------------------------------------------------------------------------
if (index == 0)
	varset("$result", addr, false);
else if (index == 1)
	varset("$result1", addr, false);
else if (index == 2)
	varset("$result2", addr, false);
else if (index == 3)
	varset("$result3", addr, false);
else if (index == 4)
	varset("$result4", addr, false);
//---------------------------------------------------------------------------------------------------------------

Image:

soyovHR.png

[Request]

//---------------------------------------------------------------------------------------------------------------
1. I hope Mr. Exodia will consider my request in future updates.

2. Also you guys may feel free to let me know if this has any undesired impact.
//---------------------------------------------------------------------------------------------------------------

Highest Regards,

Ben

Benten

Benten


Added Solution - Finally

Hello Guys,

I was wondering if you guys could point me to a pattern search similar to Yara pattern search (Eg. Pattern: 00 00 [5-6] ?? ?? FF) within X64DBG scripting, or may be someway to use that Yara pattern inside X64DBG scripting.

Also is there by any chance could I set the $res1 to $res3 with subsequent search results (I mean $res = first result; $res1 = second result so on and so forth over a single pattern search). A way to get the results in an array, hope you got the idea.

Why I need it perhaps you might ask; Well I was working on a randomized obfuscation code where the basic code is essentially the same but the random junk is different in each iteration. So conventional pattern searching is obviously not the way to go about this one. But I found Yara pattern search making some sense with it, that brought up the question..

Thank you all, you guys are amazing.

//============================================================================================================
[Solution]
//============================================================================================================

Adding below code at the yaraScanCallback() would solve the issue.

Location to add the code: Here

Code:

//-------------------------------------------------------------------------------------------------------------------------------------------
if (index == 0)
	varset("$result", addr, false);
else if (index == 1)
	varset("$result1", addr, false);
else if (index == 2)
	varset("$result2", addr, false);
else if (index == 3)
	varset("$result3", addr, false);
else if (index == 4)
	varset("$result4", addr, false);
//-------------------------------------------------------------------------------------------------------------------------------------------

Image:

soyovHR.png

[Request]

1. I hope Mr. Exodia will consider my request in future updates.

2. Also you guys may feel free to let me know if this has any undesired impact.

Highest Regards,

Ben

Benten

Benten


Added Solution - Finally

Hello Guys,

I was wondering if you guys could point me to a pattern search similar to Yara pattern search (Eg. Pattern: 00 00 [5-6] ?? ?? FF) within X64DBG scripting, or may be someway to use that Yara pattern inside X64DBG scripting.

Also is there by any chance could I set the $res1 to $res3 with subsequent search results (I mean $res = first result; $res1 = second result so on and so forth over a single pattern search). A way to get the results in an array, hope you got the idea.

Why I need it perhaps you might ask; Well I was working on a randomized obfuscation code where the basic code is essentially the same but the random junk is different in each iteration. So conventional pattern searching is obviously not the way to go about this one. But I found Yara pattern search making some sense with it, that brought up the question..

Thank you all, you guys are amazing.

//=====================================================================================================================================
[Solution]
//=====================================================================================================================================

Adding below code at the yaraScanCallback() would solve the issue.

Location to add the code: Here

Code:

//-------------------------------------------------------------------------------------------------------------------------------------------
if (index == 0)
	varset("$result", addr, false);
else if (index == 1)
	varset("$result1", addr, false);
else if (index == 2)
	varset("$result2", addr, false);
else if (index == 3)
	varset("$result3", addr, false);
else if (index == 4)
	varset("$result4", addr, false);
//-------------------------------------------------------------------------------------------------------------------------------------------

Image:

soyovHR.png

[Request]

1. I hope Mr. Exodia will consider my request in future updates.

2. Also you guys may feel free to let me know if this has any undesired impact.

Highest Regards,

Ben

Benten

Benten


Added Solution - Finally

Hello Guys,

I was wondering if you guys could point me to a pattern search similar to Yara pattern search (Eg. Pattern: 00 00 [5-6] ?? ?? FF) within X64DBG scripting, or may be someway to use that Yara pattern inside X64DBG scripting.

Also is there by any chance could I set the $res1 to $res3 with subsequent search results (I mean $res = first result; $res1 = second result so on and so forth over a single pattern search). A way to get the results in an array, hope you got the idea.

Why I need it perhaps you might ask; Well I was working on a randomized obfuscation code where the basic code is essentially the same but the random junk is different in each iteration. So conventional pattern searching is obviously not the way to go about this one. But I found Yara pattern search making some sense with it, that brought up the question..

Thank you all, you guys are amazing.

//=====================================================================================================================================

[Solution]

//=====================================================================================================================================

Adding below code at the yaraScanCallback() would solve the issue.

Location to add the code: Here.

Code:

//------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

if (index == 0)
	varset("$result", addr, false);
else if (index == 1)
	varset("$result1", addr, false);
else if (index == 2)
	varset("$result2", addr, false);
else if (index == 3)
	varset("$result3", addr, false);
else if (index == 4)
	varset("$result4", addr, false);

//------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

soyovHR.png

[Request] I hope Mr. Exodia will consider my request in future updates.

Also you guys may feel free to let me know if this has any undesired impact.

Highest Regards,

Ben

Benten

Benten


Added Solution - Finally

Hello Guys,

I was wondering if you guys could point me to a pattern search similar to Yara pattern search (Eg. Pattern: 00 00 [5-6] ?? ?? FF) within X64DBG scripting, or may be someway to use that Yara pattern inside X64DBG scripting.

Also is there by any chance could I set the $res1 to $res3 with subsequent search results (I mean $res = first result; $res1 = second result so on and so forth over a single pattern search). A way to get the results in an array, hope you got the idea.

Why I need it perhaps you might ask; Well I was working on a randomized obfuscation code where the basic code is essentially the same but the random junk is different in each iteration. So conventional pattern searching is obviously not the way to go about this one. But I found Yara pattern search making some sense with it, that brought up the question..

Thank you all, you guys are amazing.

//=====================================================================================================================================

[Solution]

//=====================================================================================================================================

Adding below code at the yaraScanCallback() would solve the issue.

Location to add the code: Here.

Code:

//-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

if (index == 0)
	varset("$result", addr, false);
else if (index == 1)
	varset("$result1", addr, false);
else if (index == 2)
	varset("$result2", addr, false);
else if (index == 3)
	varset("$result3", addr, false);
else if (index == 4)
	varset("$result4", addr, false);

//-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

soyovHR.png

[Request] I hope Mr. Exodia will consider my request in future updates.

Also you guys may feel free to let me know if this has any undesired impact.

Highest Regards,

Ben

Benten

Benten


Added Solution - Finally

Hello Guys,

I was wondering if you guys could point me to a pattern search similar to Yara pattern search (Eg. Pattern: 00 00 [5-6] ?? ?? FF) within X64DBG scripting, or may be someway to use that Yara pattern inside X64DBG scripting.

Also is there by any chance could I set the $res1 to $res3 with subsequent search results (I mean $res = first result; $res1 = second result so on and so forth over a single pattern search). A way to get the results in an array, hope you got the idea.

Why I need it perhaps you might ask; Well I was working on a randomized obfuscation code where the basic code is essentially the same but the random junk is different in each iteration. So conventional pattern searching is obviously not the way to go about this one. But I found Yara pattern search making some sense with it, that brought up the question..

Thank you all, you guys are amazing.

//=====================================================================================================================================

[Solution]

//=====================================================================================================================================

Adding below code at the yaraScanCallback() would solve the issue.

Location to add the code: Here.

Code

//-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

if (index == 0)
	varset("$result", addr, false);
else if (index == 1)
	varset("$result1", addr, false);
else if (index == 2)
	varset("$result2", addr, false);
else if (index == 3)
	varset("$result3", addr, false);
else if (index == 4)
	varset("$result4", addr, false);

soyovHR.png

[Request] I hope Mr. Exodia will consider my request in future updates.

Also you guys may feel free to let me know if this has any undesired impact.

Highest Regards,

Ben

Benten

Benten


Not much, TypoError Correction-Pardon me P

Hello Guys,

I was wondering if you guys could point me to a pattern search similar to Yara pattern search (Eg. Pattern: 00 00 [5-6] ?? ?? FF) within X64DBG scripting, or may be someway to use that Yara pattern inside X64DBG scripting.

Also is there by any chance could I set the $res1 to $res3 with subsequent search results (I mean $res = first result; $res1 = second result so on and so forth over a single pattern search). A way to get the results in an array, hope you got the idea.

Why I need it perhaps you might ask; Well I was working on a randomized obfuscation code where the basic code is essentially the same but the random junk is different in each iteration. So conventional pattern searching is obviously not the way to go about this one. But I found Yara pattern search making some sense with it, that brought up the question..

Thank you all, you guys are amazing.

//======================================================================================================================================

[Solution]

//======================================================================================================================================

Adding below code at the yaraScanCallback() would solve the issue.

Location to add the code: Here.

Code

if (index == 0)
	varset("$result", addr, false);
else if (index == 1)
	varset("$result1", addr, false);
else if (index == 2)
	varset("$result2", addr, false);
else if (index == 3)
	varset("$result3", addr, false);
else if (index == 4)
	varset("$result4", addr, false);

soyovHR.png

[Request] I hope Mr. Exodia will consider my request in future updates.

Also you guys may feel free to let me know if this has any undesired impact.

Highest Regards,

Ben

Benten

Benten


Not much, TypoError Correction-Pardon me P

Hello Guys,

I was wondering if you guys could point me to a pattern search similar to Yara pattern search (Eg. Pattern: 00 00 [5-6] ?? ?? FF) within X64DBG scripting, or may be someway to use that Yara pattern inside X64DBG scripting.

Also is there by any chance could I set the $res1 to $res3 with subsequent search results (I mean $res = first result; $res1 = second result so on and so forth over a single pattern search). A way to get the results in an array, hope you got the idea.

Why I need it perhaps you might ask; Well I was working on a randomized obfuscation code where the basic code is essentially the same but the random junk is different in each iteration. So conventional pattern searching is obviously not the way to go about this one. But I found Yara pattern search making some sense with it, that brought up the question..

Thank you all, you guys are amazing.

[Solution]

Adding below code at the yaraScanCallback() would solve the issue.

Location to add the code: Here.

Code

if (index == 0)
	varset("$result", addr, false);
else if (index == 1)
	varset("$result1", addr, false);
else if (index == 2)
	varset("$result2", addr, false);
else if (index == 3)
	varset("$result3", addr, false);
else if (index == 4)
	varset("$result4", addr, false);

soyovHR.png

 

Highest Regards,

Ben

Benten

Benten


Not much, TypoError Correction-Pardon me P

Hello Guys,

I was wondering if you guys could point me to a pattern search similar to Yara pattern search (Eg. Pattern: 00 00 [5-6] ?? ?? FF) within X64DBG scripting, or may be someway to use that Yara pattern inside X64DBG scripting.

Also is there by any chance could I set the $res1 to $res3 with subsequent search results (I mean $res = first result; $res1 = second result so on and so forth over a single pattern search). A way to get the results in an array, hope you got the idea.

Why I need it perhaps you might ask; Well I was working on a randomized obfuscation code where the basic code is essentially the same but the random junk is different in each iteration. So conventional pattern searching is obviously not the way to go about this one. But I found Yara pattern search making some sense with it, that brought up the question..

Thank you all, you guys are amazing.

Highest Regards,

Ben

Benten

Benten


Not much, TypoError Correction-Pardon me P

Hello Guys,

I was wondering if you guys could point me to a pattern search similar to Yara pattern search (Eg. Pattern: 00 00 [5-6] ?? ?? FF) within X64DBG scripting, or may be someway to use that Yara pattern inside X64DBG scripting.

Also is there by any chance could I set the $res1 to $res3 with subsequent search results (I mean $res = first result; $res1 = second result so on and so forth over a single pattern search). A way to get the results in an array, hope you got the idea.

Why I need it perhaps you might ask; Well I was working on a randomized obfuscation code where the basic code is essentially the same but the random junk is different in each iteration. So conventional pattern searching is obviously not the way to go about this one. But I found Yara pattern search making some sense with it, that brought up the question..

Thank you all, you guys are amazing.

Highest Regards,

Ben

Benten

Benten


Not much, TypoError Correction-Pardon me P

Hello Guys,

I was wondering if you guys could point me to a pattern search similar to Yara pattern search (Eg. Pattern: 00 00 [5-6] ?? ?? FF) within X64DBG scripting, or may be someway to use that Yara pattern inside X64DBG scripting.

Also is there by any chance could I set the $res1 to $res3 with subsequent search results (I mean $res = first result; $res1 = second result so on and so forth over a single pattern search). A way to get the results in an array, hope you got the idea.

Why I need it perhaps you might ask; Well I was working on a randomized obfuscation code where the basic code is essentially the same but the random junk is different in each iteration. So conventional pattern searching is obviously not the way to go about this one. But I found Yara pattern search making some sense with it, that brought up the question..

Thank you all, you guys are amazing.

Highest Regards,

Ben

Benten

Benten

Hello Guys,

I was wondering if you guys could point me to a pattern search similar to Yara pattern search (Eg. Pattern: 00 00 [5-6] ?? ?? FF) within X64DBG scripting, or may be someway to use that Yara pattern inside X64DBG scripting.

Also is there by any chance could I set the $res1 to $res3 with subsequent search results (I mean $res = first result; $res1 = second result so on and so forth over a single pattern search). A way to get the results in an array, you guys get the idea.

Why I need you might ask; I am working on a randomized obfuscation code where the basic code is essentially the same but the random junk is different in each iteration. So conventional pattern searching is obviously not the way to go about this one. But I found Yara pattern search making some sense with it, that brought up the question..

Thank you all, you guys are amazing.

Highest Regards,

Ben

×
×
  • Create New...