Where communities thrive

Join over 1.5M+ people
Join over 100K+ communities
Free without limits
Create your own community

Explore more communities

x64dbg/x64dbg

An open-source x64/x32 debugger for windows.

People

Repo info

Activity

08:38

AppVeyorBot commented #2901
08:20

eltimen opened #2901
Jul 02 22:32

playday3008 commented #2900
Jul 02 21:09

playday3008 commented #2900
Jul 02 21:04

playday3008 commented #2900
Jul 02 20:20

playday3008 labeled #2900
Jul 02 20:20

playday3008 opened #2900
Jul 02 01:44

gmh5225 commented #2899
Jul 02 01:42

gmh5225 commented #2899
Jul 02 01:41

gmh5225 commented #2899
Jul 01 18:32

mrexodia commented #2899
Jul 01 18:30

mrexodia edited #2899
Jul 01 17:41

AppVeyorBot commented #2899
Jul 01 17:22

gmh5225 commented #2898
Jul 01 17:21

gmh5225 opened #2899
Jul 01 16:32

gmh5225 commented #2898
Jul 01 16:32

gmh5225 labeled #2898
Jul 01 16:32

gmh5225 opened #2898
Jul 01 16:07

gmh5225 commented #2814
Jul 01 16:07

gmh5225 commented #2814

x64dbgbot

@x64dbgbot

<SunBeam> 48 ?? ?? <- that can be anything else but MOV RCX,RAX

<SunBeam> another problem..

<SunBeam> 00007FF763AE270E | 48:8B0D 33F51D03 | MOV RCX,QWORD PTR DS:[7FF766CC1C48]

<SunBeam> if I were to use that plugin on x64

<SunBeam> I can't "select the bytes" of MOV RCX,QWORD PTR DS:[7FF766CC1C48]

<SunBeam> because they are based on RIP

<SunBeam> 48:8B0D [33F51D03] <- those last 4 are based on position of the array of bytes; where rip is at

<SunBeam> so I can't scan entire map for 48:8B0D 33F51D03

<SunBeam> as it would only find 1 single result.. that spot

<SunBeam> it's not like in x86 where you have the address as part of the array of bytes

<qlrdwe> now im curious what the original message was about 😳 (re @fabio1337br: Not only that. The Intel developers would have to bake new chips on the fabs specially for you. Not to mention changing the design prior to that. Unless they have hidden locked features under special opcodes.)

<SunBeam> so finding all code locations where 7FF766CC1C48 is used won't work with scanning for 48 8B 0D ?? ?? ?? ??

<SunBeam> as that would return all sorts of addresses based on rip by those wildcards

<SunBeam> doing Ctrl+F in x64dbg and pasting MOV RCX,[0x7FF766CC1C48] does find all instances; and that's cuz of how Ctrl+F is implemented in x64dbg (it doesn't do scanning like that plugin that was referred)

<SunBeam> but it's limited to 1 single command scan

<SunBeam> so you can't find a sequence of 2 or 3, the MOV + other lines

x64dbgbot

@x64dbgbot

<Atn> @SunBeam, ok I got some bugs in the plugin while I trying to code this script (search for 3 sequence commands ) :), I will fix them and write the script and post the update .

lingo9

@lingo9

Hi, any hint on how to patching loaded exe file? Cuz patching can only be used during debugging, but meanwhile the exe file is locked.

x64dbgbot

@x64dbgbot

<fabio1337br> In an EXE file loaded by x64dbg or in an EXE file loaded only by windows? (re @x64dbg_bot: <lingo9> Hi, any hint on how to patching loaded exe file? Cuz patching can only be used during debugging, but meanwhile the exe file is locked.)

1 reply

x64dbgbot

@x64dbgbot

<aliramezani12> hi everyone
I have questions
how can I get list of disassembled instructions from x64dbg?
Which class does the disassemb ? Beaengine or disasm_fast or ... ?

x64dbgbot

@x64dbgbot

<fabio1337br> Click on to the lower left pane (Dump 1) CTRL+G, then paste the address you want 000000000099F60A in my case, select the bytes, binary - > edit (re @x64dbg_bot: <lingo9:matrix.org> In x64dbg, and of course by windows too.)

<SunBeam> there is a feature called Patching in x64dbg

<SunBeam> and yes, the current file's handle will always be locked; it doesn't make sense to patch the current running one o_O

<SunBeam> so give it another name when using Patching > file1.exe

<SunBeam> it will be a copy of the original + your patched bytes

<SunBeam> then delete the original, rename file1.exe to file.exe and you're set

<SunBeam> (of course, after closing x64dbg)

1 reply

<fabio1337br> Sorry I thought it was memory patching (re @x64dbg_bot: <SunBeam> there is a feature called Patching in x64dbg)

<SunBeam> man, if you want the changes to be applied to the physical file, then that's how

<SunBeam> if not, simply modifying some command in x64dbg while the process is running is the actual 'patching' (e.g.: change a 'MOV RAX,RCX' on a line to something else == memory patching)

x64dbgbot

@x64dbgbot

<sodaxml> does x64dbg work the same as HxD? (not trying to advertise against this)

x64dbgbot

@x64dbgbot

<sodaxml> or better question

<sodaxml> do all hex editors work the same?

<sodaxml> i'm trying to crack steam games i have bought for fun

x64dbgbot

@x64dbgbot

<kaens> X64dbg isn't a "hex editor", its functionality has very different priorities, so yes there are better ones

x64dbgbot

@x64dbgbot

<sodaxml> how do you make a bot talk

<sodaxml> and thanks

x64dbgbot

@x64dbgbot

<Adam> Hello everybody!!!

<Adam> I am a reverse engineering expert.

<Adam> Any time I can work for you

x64dbgbot

@x64dbgbot

<mrexodia> I posted the required sources to implement this feature, just take a few hours to do it...

x64dbgbot

@x64dbgbot

<SunBeam> sadly, my coding skills are close to zero

<SunBeam> but if you meant you would do it when you can, then no rush

<SunBeam> I know it's a wanted feature :)

x64dbgbot

@x64dbgbot

<mrexodia> I will not do it ^^

<mrexodia> maybe one day if I need it

x64dbgbot

@x64dbgbot

<sodaxml> OHH that's matrix

<sodaxml> it's a matrix thing

<sodaxml> with element

x64dbgbot

@x64dbgbot

<hackdynamics> Free VPN
У Нас открылся Бесплатный VPN сервер. Данные для входа:

Сервер: dchub.one
Логин: vpn
Пароль: vpn
Ключ: +Trd78hd84YDa90-
L2TP+IPSec
Welcome to DC++ https://dchub.one

Chat via Matrix