How to clear previous brakpoints? Clear DB not doing job!!!

[Formingus]

How to clear previous brakpoints? Clear DB not doing job!!!

Even i clear DB when i reload the EXE breakpoints remains - Hot to reload exe WO any modification ? Thansk

Any idea

[deepzero]

Make sure all instances are closed. Also, are you sure the breakpoints are not inside a system dll?

Selection is a bit unfortunate, but if you select two of your breakpoints, right click, there is an option "remove all breakpoints".

[Formingus]

On 11/20/2021 at 1:06 AM, deepzero said:

Make sure all instances are closed. Also, are you sure the breakpoints are not inside a system dll?

Selection is a bit unfortunate, but if you select two of your breakpoints, right click, there is an option "remove all breakpoints".

Will you be kind to explain me 1 thing ?

When i use same version of x64 software to disassemble  and win 10

While i am following some tutorial After load SW into x64  mine address will become different than tutorial ones, even i do same thing, where is problem ?

[deepzero]

This is because of ASLR, which randomizes at which address the executable is loaded for security reasons. You can disable it, but if the tutorial creator had it enabled the address will still be different.

While it's technically possible to relocate the program to the same address it's probably not worth the effort and you best just get used to a different base address and focus on the assembly or offsets.

[Z3r0n3]

If you really want to disable ASLR for specific targets; so you can study it using both IDA and x64dbg, you can either edit your target with any PE editor like CFF Explorer and uncheck the "DLL can move", or ready made application like setdllcharacteristics.

[Formingus]

16 hours ago, deepzero said:

This is because of ASLR, which randomizes at which address the executable is loaded for security reasons. You can disable it, but if the tutorial creator had it enabled the address will still be different.

While it's technically possible to relocate the program to the same address it's probably not worth the effort and you best just get used to a different base address and focus on the assembly or offsets.

Thanks for explanation , where i can disable ASLR?

[deepzero]

Z3r0n3 told you above.

[Formingus]

16 hours ago, Z3r0n3 said:

If you really want to disable ASLR for specific targets; so you can study it using both IDA and x64dbg, you can either edit your target with any PE editor like CFF Explorer and uncheck the "DLL can move", or ready made application like setdllcharacteristics.

Where can i do that with CFF Explorer ? Downloaded but cant find option to disable ASLR

[Formingus]

9 minutes ago, deepzero said:

Z3r0n3 told you above.

Am beginner its very hard to understand everything , so sorry . What you suggest me to start to learn , something that isn't so hard and can explain me a lot about cracking ?

 

[XOR0XA]

Hello,

Consider trying this plugin:

https://github.com/AandersonL/x64dbg-ASLR-Removal

It's a simple and nice plugin.

Regards,

Edited November 22, 2021 by XOR0XA
rikas, say nipah

[Formingus]

6 hours ago, XOR0XA said:

Hello,

Consider trying this plugin:

https://github.com/AandersonL/x64dbg-ASLR-Removal

It's a simple and nice plugin.

Regards,

His exe after pause will hang on C3 mine on C2, what i am doing wrong ???

[Formingus]

9 hours ago, XOR0XA said:

Hello,

Consider trying this plugin:

https://github.com/AandersonL/x64dbg-ASLR-Removal

It's a simple and nice plugin.

Regards,

Any of you will be kind to explain me how is possible i am doing everything exactly as him and get different results

Sometimes when i stuck with this kind of problem i quit of trying , its very hard 5 days i cant figure out what's happening

Short video explain everything.. Thanks 

 

[Formingus]

On 11/22/2021 at 10:43 PM, Formingus said:

Any of you will be kind to explain me how is possible i am doing everything exactly as him and get different results

Sometimes when i stuck with this kind of problem i quit of trying , its very hard 5 days i cant figure out what's happening

Short video explain everything.. Thanks 

 

And ? End of story!!!

[deepzero]

You might be on different Windows versions or WOW64 or something. You should focus on the semantics of your tutorial rather than expecting a 1:1 replications. Can you share your target and tutorial?

[Formingus]

13 hours ago, deepzero said:

You might be on different Windows versions or WOW64 or something. You should focus on the semantics of your tutorial rather than expecting a 1:1 replications. Can you share your target and tutorial?  

 

Edited November 25, 2021 by Teddy Rogers
Please do not attach copyright files.

[Formingus]

10 hours ago, deepzero said:

You might be on different Windows versions or WOW64 or something. You should focus on the semantics of your tutorial rather than expecting a 1:1 replications. Can you share your target and tutorial?

Ok, that make sense a lot , but what is confusing me a lot is, few times land to correct address even i did same thing Any explanation or tutorial will be appreciated. Thanks

[kao]

After suspending process, switch to main thread. View->Threads->Doubleclick on Main.

Does that help?

 

[Formingus]

@kaoDude you deserve 10000 likes and more. Thanks million of times . You saved me with this trick

Edited November 25, 2021 by Formingus
Add words

[Formingus]

10 hours ago, kao said:

After suspending process, switch to main thread. View->Threads->Doubleclick on Main.

Does that help?

 

One more thing , i successfully cracked and make loader , but when i press Start button Software crash, what is next steep ? And if i post exe to be cracked by someone hear is that allowed ? Thanks in Advance

Edited November 25, 2021 by Formingus
Add words