Where communities thrive

Join over 1.5M+ people
Join over 100K+ communities
Free without limits
Create your own community

Explore more communities

x64dbg/x64dbg

An open-source x64/x32 debugger for windows.

People

Repo info

Activity

Jul 20 20:43

mrexodia on development

Fix Script::Label::GetInfo neve… Merge pull request #2697 from Z… (compare)
Jul 20 20:43

mrexodia closed #2697
Jul 20 02:05

cn-fairy opened #2698
Jul 19 21:04

ZehMatt synchronize #2696
Jul 19 20:46

mrexodia on development

CTRL+wheel to resize fonts Add support for mouse with hori… Merge pull request #2685 from t… (compare)
Jul 19 20:46

mrexodia closed #2685
Jul 19 20:45

mrexodia commented #2696
Jul 19 20:44

mrexodia commented #2690
Jul 19 20:44

mrexodia closed #2665
Jul 19 20:44

mrexodia on development

GUI: Added function that allows… GUI: Fixed displaying signed/un… GUI: Changed types in WordEditD… and 1 more (compare)
Jul 19 20:44

mrexodia closed #2690
Jul 19 20:42

mrexodia commented #2688
Jul 19 20:42

mrexodia on development

Add copy menu to ScriptView Merge pull request #2688 from t… (compare)
Jul 19 20:42

mrexodia closed #2688
Jul 19 19:11

mrexodia commented #2692
Jul 19 19:05

Yoshimaster96 commented #2692
Jul 19 19:05

AppVeyorBot commented #2697
Jul 19 18:43

ZehMatt opened #2697
Jul 19 16:21

ZehMatt opened #2696
Jul 19 16:00

AppVeyorBot commented #2695

x64dbgbot

@x64dbgbot

<EvilSapphire> And this callback switch case handles each of the registered entries:

<EvilSapphire> Oh sorry

<EvilSapphire> Wrong screenshot

<EvilSapphire> Wait

<mrexodia> Hm

<mrexodia> This is very weird

<EvilSapphire> These are the registered entries

<mrexodia> Ahhh

<mrexodia> So default

<mrexodia> Is the profile menus

<EvilSapphire> Oh crap

<EvilSapphire> Yes yes

<EvilSapphire> So scyllahide supports profiles too? The hell that means

<EvilSapphire> As if the plugin wasn't complicated enough

<EvilSapphire> Thanks Duncan!

<mrexodia> There are much simpler plugins ^^ (re @EvilSapphire: As if the plugin wasn't complicated enough)

<EvilSapphire> For anti anti debug?

<EvilSapphire> Better than scyllahide?

<mrfearless> so instead of an if/else or a switch/case specifying the menu profile option its just assuming the last option

<mrfearless> or default option

<EvilSapphire> Yeah they just take care of the profiles. No idea what that means though

x64dbgbot

@x64dbgbot

<EvilSapphire> Why the actual injection would happen in these so called profiles is beyond ne

<mrexodia> Different settings for different protections

<mrexodia> It doesn’t just happen there (re @EvilSapphire: Why the actual injection would happen in these so called profiles is beyond ne)

<mrexodia> It also happens in another place

<mrexodia> But if you change the profile the injection happens again

<EvilSapphire> Ohh okay

<EvilSapphire> Yes I also saw it happens inside the debugloop callback function when the process is created

<EvilSapphire> Did you guys develop scyllahide?

<mrexodia> No, I just made some minor fixes

<EvilSapphire> I'm reading through the code and trying to understand exactly how it works right now

<mrexodia> It was originally created by NtQuery

<mrexodia> And now Matti is maintaining it

<mrexodia> But I developed x64dbg ^^

<EvilSapphire> Yeah of course that is world news at this point :P

<EvilSapphire> So in scyllahide the plugin upon process create injects the hooklibrary, and the hooklibrary takes care of the popular api hooking to fool anti debug measures?

<EvilSapphire> Overall is that how the workflow is?

<mrexodia> From what I remember, yes

<EvilSapphire> Yay. At least I'm not a total idiot xD

x64dbgbot

@x64dbgbot

<EvilSapphire> I'll leave the question here just in case Matti sees it too

x64dbgbot

@x64dbgbot

<Matti> I see it, and the answer is yes

x64dbgbot

@x64dbgbot

<Matti> actually I should elaborate

<Matti> hooklibrary_xx.dll provides the hooked functions themselves

<Matti> but the hooking of the functions is done by the debugger plugin / CLI exe

<Matti> so I guess it depends on which of the two you meant

Chat via Matrix