Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

module base

PeterN
PeterN
in x64dbg

Featured Replies

Posted

According to the official documentation the following command should return Loaded module base.

Quote

[module]:base or [module]:0

But in some cases/modules it does not work.

spacer.png

 

 

Edited by PeterN

Don't include '.dll' part, just the name of the module itself.

sqlite3:base

  • Author
9 hours ago, atom0s said:

Don't include '.dll' part, just the name of the module itself.

sqlite3:base

Nah, does not work either way.

If you are only pasting that into the command bar then all it's going to do is set the status bar at the bottom of the window (where it shows the most recent log message) to the value. 

You need to prefix it with a command if you want to do something with it, such as going to it in the disassembler view via: d sqlite3:base

You can find the full list of commands here: https://help.x64dbg.com/en/latest/commands/index.html

Edited by atom0s

  • Author
8 hours ago, atom0s said:

If you are only pasting that into the command bar then all it's going to do is set the status bar at the bottom of the window (where it shows the most recent log message) to the value. 

You need to prefix it with a command if you want to do something with it, such as going to it in the disassembler view via: d sqlite3:base

You can find the full list of commands here: https://help.x64dbg.com/en/latest/commands/index.html

For some loaded modules, including the main executable, it simply return Unknown Command error, if I tried d prefix it's going to disassembler view but of a different module.

I wonder if loaded process cannot somehow mess with a debugger.

Hi,

so for me it works anyway whether I use sqlite3:0 or sqlite3:base or sqlite3.dll:base it works. Just did load the sqlite3.dll extern into any loaded app. What about all those other modules you have loaded in your process? Are they all working to get the base via commandline? Maybe there is any issue to get the base via commandline like with Olly 1 & script command when the module X wasn't right loaded and set to access read (red marked in memory map). I'am still using version Apr 10 2020 x64. :) Just try a other version whether you get same issues or try loading the test modules like sqlite3 manually into any loaded app and check this again. I think there is just an access issue.

greetz

Which executable are you debugging? This feature is working fine for the applications I tested it on...

  • Author

It seems to only be issue with UWP apps.

There is for example a pre-installed app in Windows 10 called Your Phone.

Try to use yourphone:0

Edited by PeterN

  • Author
On 12/11/2022 at 5:20 PM, mrexodia said:

Which executable are you debugging? This feature is working fine for the applications I tested it on...

 

I dug into x64dbg source code and in the value.cpp, this line returns module base correctly  

duint modbase = ModBaseFromName(modname);

but this fails 

 HMODULE mod = LoadLibraryExW(StringUtils::Utf8ToUtf16(szModPath).c_str(), 0, DONT_RESOLVE_DLL_REFERENCES);

Edit1: I guess LoadLibrary does not have access rights to the WindowsApps folder.

Edited by PeterN

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.