<mrexodia> On the phone
<mrexodia> Looking at the 5 settings tabs might help
<mrexodia> Probably it has “exception” in the name
<ARCHANGEL_ahteam> Yes, Options -> Preferences -> Exceptions, than it important to choose type of exception in the list (if some of them are already there), and remove checkbox on logging option. Maybe it would be helpful to others. (re @mrexodia: Looking at the 5 settings tabs might help)
<EvilSapphire> Why does the gs, fs registers always have fixed values 2b and 53 which arent real memory locations, but when i follow the tib address in the dump from an assembly instruction like gs[0] it would take me to a mapped address? I know gs is a segment register, but how does x64dbg calculate the gs:0 memory location?
<ARCHANGEL_ahteam> Segment register points to structure called selector. Selector now usually describes the whole flat memory so it is not important what actually value is set to segment register because all of them (if they are valid) discribes the whole address space. So the beginning of address space extracts from selector and offset adds to it after : . 0 on your case. Intel manuals have more detailed description (re @EvilSapphire: Why does the gs, fs registers always have fixed values 2b and 53 which arent real memory locations, but when i follow the tib address in the dump from an assembly instruction like gs[0] it would take me to a mapped address? I know gs is a segment register, but how does x64dbg calculate the gs:0 memory location?)
<EvilSapphire> I know this is asking a lot, but how does this work with paging? Does the segment:offset gives us a final virtual address which is then translated to physical address via a page table. It's so hard to get a concise, bird's eye view of this process on the internet. (re @ARCHANGEL_ahteam: Segment register points to structure called selector. Selector now usually describes the whole flat memory so it is not important what actually value is set to segment register because all of them (if they are valid) discribes the whole address space. So the beginning of address space extracts from selector and offset adds to it after : . 0 on your case. Intel manuals have more detailed description)
<mrexodia> https://wiki.osdev.org/Global_Descriptor_Table (re @EvilSapphire: I know this is asking a lot, but how does this work with paging? Does the segment:offset gives us a final virtual address which is then translated to physical address via a page table. It's so hard to get a concise, bird's eye view of this process on the internet.)
<mrexodia> I've been meaning to write a blog post about it
<mrexodia> on 64-bit it's all a bit simpler, but you have a GDT which contains descriptors about the memory
<mrexodia> the segment register is an offset in this table
<mrexodia> Here you can see what Windows' GDT looks like
<mrexodia> The virtual->physical translation happens after this and is unrelated as far as I understand
<Prassert> Every API I use not working is compile ok but in allocated memory not bytes which I enter by getdlgitemtext
<Prassert> I cant copy them to alocated memory
<Prassert> Address of alocated memory is in result variable
<Wacy ;)> i open x64dgb and after 1-2 sec it crashes
<mrexodia> and details about your OS, what you opened, etc
<Dmitriy_Karbovskiy> Which means cracking.
<Dmitriy_Karbovskiy> Check the rules.
<MaxZZ> Hi, i hope anyone can help me
<MaxZZ> i will find out what the file do.
x64dbg say
Invalid PE file
<MaxZZ> CSPUpdateV2: file format elf64-x86-64
<Atn> Answer @MrWhois7 (re @MrWhois7: Hey how can crack wondershare demo software?)
<Atn> Unknown
<MrWhois7> Today i most try in YouTube videos but nothing 😩 (re @Atn: Unknown)
<TheresnoKNOWLEDGEthatISnotPOWER> lol, it's officially forwarding? (re @Smiling_Wolf: Yeah sure: https://linux.x64dbg.com/)
<ARCHANGEL_ahteam> Google is your friend (re @prnggod: anyone has access to armadillo protector? different versions? I'm studying software protection systems. I recently came across this challenge that is based on armadillo protector's system and I wanna see how the actual software worked)