Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Sep 25 12:51
    mrexodia commented #2940
  • Sep 25 12:51

    mrexodia on development

    Remove debug code in launcher … Merge pull request #2940 from n… (compare)

  • Sep 25 12:51
    mrexodia closed #2940
  • Sep 25 06:55
    AppVeyorBot commented #2940
  • Sep 25 06:37
    not6 opened #2940
  • Sep 25 00:29
    not6 commented #2936
  • Sep 25 00:03

    mrexodia on development

    Move up the trace info/over men… (compare)

  • Sep 24 23:41

    mrexodia on development

    Support user directory Package… (compare)

  • Sep 24 20:29
    mrexodia commented #2931
  • Sep 24 20:29
    mrexodia closed #2931
  • Sep 24 20:29
    mrexodia commented #2936
  • Sep 24 20:27
    mrexodia closed #2936
  • Sep 24 20:27

    mrexodia on development

    Fix a typo in the hardware brea… (compare)

  • Sep 24 20:18

    mrexodia on development

    Fix undecorated label display w… Merge pull request #2935 from o… (compare)

  • Sep 24 20:18
    mrexodia commented #2935
  • Sep 24 20:18
    mrexodia closed #2726
  • Sep 24 20:18
    mrexodia closed #2935
  • Sep 24 13:53
    mrexodia commented #2939
  • Sep 24 13:42
    gmh5225 closed #2939
  • Sep 24 13:41
    gmh5225 commented #2939
x64dbgbot
@x64dbgbot
<albertsjohnson> /
<albertsjohnson> /
<albertsjohnson>
<albertsjohnson> 我在研究逆向技术,但是困于中国大陆
<albertsjohnson> 看到我技术的朋友,如果感觉我的技术还不错,可以与我交流
<albertsjohnson> 如果可以帮助我移民,将不胜感激
x64dbgbot
@x64dbgbot

<albertsjohnson> I start serious research on unpacking techniques today.
In the process of tracing the code, I suddenly thought of a method, I don't know if you have used it.
Tools: x64dbg
Method: step-by-step approach
Principle: When setting breakpoints in x64dbg, if the code at the breakpoint is not resolved, after ctrl + F2, the status is displayed as Inactive in Breakpoint View, on the contrary, if the breakpoint is before OEP, the status is displayed as Enabled, so you can take step by step approach.

Operation: F9 jumps to Entry Point. Step alone by dozens of steps (the specific number of steps depends on personal preference), then set a break and add comments (preferably numbered with serial numbers); in this way, add a few more breakpoints, and the specific number also depends on personal preference. Then, Ctrl + F2 restarts. At this time, Inactive and Enabled in Breakpoint View are the keys to our judgment of OEP. After finding the demarcation point between Inactive and Enabled, repeat the above process to slowly approach the OEP.
Occasional experience, I hope to help everyone.

<albertsjohnson>
x64dbgbot
@x64dbgbot
<Vygdh> 兄弟,你是来搞笑的吗
<Atn> @albertsjohnson can u do this tut as pdf file, so ppl can get the advantage, better to post it here
x64dbgbot
@x64dbgbot

<Joshua0x00> Forwarded from APT: 🎲 Fileless Remote PE

Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique

https://github.com/D1rkMtr/FilelessRemotePE

maldev #evasion #fileless #pe:

x64dbgbot
@x64dbgbot
<Alpha> Bonjour
<Alpha> Je vais pour un téléphone endroid
x64dbgbot
@x64dbgbot
<SunBeam> oh if you knew how many times I debugged x64dbg with another instance of x64dbg 😄 (re @Magnius: You could always attach a debugger to the debugger to figure out why it misbehaves 😆)
<SunBeam> what would be nice though is if mrexodia releases the symbols in a separate zip on the github page
<SunBeam> (if he already does and I didn't see them, I apologize) 😄
<SunBeam> that way, once a bug is spotted, we can directly go to the said function (by name) in the repo
x64dbgbot
@x64dbgbot
<mrfearless> Doesnt the snapshot-pdb contain the symbols? (re @SunBeam: what would be nice though is if mrexodia releases the symbols in a separate zip on the github page)
<mrfearless>
x64dbgbot
@x64dbgbot
<mrexodia> Yeah that’s been done for the last ~4 years (re @SunBeam: (if he already does and I didn't see them, I apologize) 😄)
<mrexodia> It’s just a different tag like mrfearless showed
x64dbgbot
@x64dbgbot
<SaintMorning> can I turn off (switch from thread)? I have some bps but when I continue, they get hit, I suppose, by other threads which also trigger these breakpoints
x64dbgbot
@x64dbgbot
<SaintMorning> I guess I can make a condition for every bp with tid == X, is that a decent solution?
x64dbgbot
@x64dbgbot
<Rithik Thakur> There's an error in the application
<Rithik Thakur> I tried tracing it from string refrence but the error isn't showing in string refrence... How's it possible?
x64dbgbot
@x64dbgbot
<Rithik Thakur> Any help?
x64dbgbot
@x64dbgbot
<TheTomid> Hi guys, I have a problem. I can't install ERC plugin. Im extracting plugin in plugin folder and it doesnt work :/ Someone had same issue?
<TheTomid> it didnt even apear in plugin list
x64dbgbot
@x64dbgbot
<mrexodia> Yeah or manually suspend the other threads (re @SaintMorning: I guess I can make a condition for every bp with tid == X, is that a decent solution?)
x64dbgbot
@x64dbgbot
<SaintMorning> thank you (re @mrexodia: Yeah or manually suspend the other threads (re @SaintMorning: I guess I can make a condition for every bp with tid == X, is that a decent solution?))
x64dbgbot
@x64dbgbot
<expy> Hello, I'm experiencing interesting debugging behavior. I'm trying to run the game without any anti debugging features and see massive slowdown in windbg.
Let's say loading to main menu takes 4 seconds without windbg attached, and 40 with windbg attached. If use x64dbg it takes seemly the same 4 seconds. So, I'm curious what makes windbg session so slow? There are only a few exceptions, few output strings, nothing which catches my attention which can be attributed to the windbg slowdown
x64dbgbot
@x64dbgbot
<EvilSapphire> How to receive label at an address with an expression?
x64dbgbot
@x64dbgbot

<una_bomber> How does the TraceSetCommand command work? If I fill Trace into form as test example

Break Condition: 0
Command Text: log {i:cip}
Command Condition: 1
Maximum trace count: 3

I got 3 lines in log as expected, but when I try to get the same result from the script

ticnd 0,3
TraceSetCommand log {i:cip},1

I got nothing in log. What's my mistake?

x64dbgbot
@x64dbgbot
<Atn> By lablelist (re @EvilSapphire: How to receive label at an address with an expression?)
<mrfearless> https://twitter.com/herrcore/status/1574478203338559489?s=20&t=-yx2Xrb6jLV0S5fmLZr7og
<mrfearless> Process Memory Basics for Reverse Engineers - Tracking Memory With A Debugger [ Patreon Unlocked ]
x64dbgbot
@x64dbgbot
<mrexodia> You mean with string formatting? (re @EvilSapphire: How to receive label at an address with an expression?)
x64dbgbot
@x64dbgbot
<EvilSapphire> Yeah tried to do a log "{label@eip}" but got a formatting error (re @mrexodia: You mean with string formatting?)
<EvilSapphire> Thanks. I want to just log the label on an address though (re @Atn: By lablelist)
<EvilSapphire> Also in the same vein is there a way to access whatever resource a handle points to with an expression?
<EvilSapphire> Just the name of the resource like we see in the handle tab
x64dbgbot
@x64dbgbot
<mrexodia> No this is not supported. You can add your own formatting functions with a plugin though (re @EvilSapphire: Also in the same vein is there a way to access whatever resource a handle points to with an expression?)
<mrexodia> Yeah that’s not a thing, see https://help.x64dbg.com/en/latest/introduction/Formatting.html for the supported constructs (re @EvilSapphire: Yeah tried to do a log "{label@eip}" but got a formatting error)
<mrexodia> Actually it should work
<mrexodia> No idea that was a thing
x64dbgbot
@x64dbgbot
<EvilSapphire> Lol yeah. It's mentioned on the doc
<EvilSapphire> Could be it threw an error because I was using an old version again. Need to check with the latest snapshot
AsmDbg x64
@0llyDbg
hi~
AsmDbg x64
@0llyDbg
image.png
x64dbgbot
@x64dbgbot
<EvilSapphire> Noice!