<jack_frusciante> It does its work anyway and quite well .. every site and scanner says it’s clean. However mapo is an almost unknown company indeed .. (re @mrfearless: web site seems a bit devoid of info as well, plus doesnt seem to have a long history. I would consider these red flags myself.)
<Atn> anything I did wrong ?
<Elvis> a bit update today for my x64dbg python plugin to prevent from hanging while running script
<Elvis> any feedback is welcome
<Atn> 😂😂
<Atn> from plugin
<Elvis> Did you try Script::Gui::Refresh()?? It looks promise
<Atn> Thanks for ur response
<rio> hey, i'm a new user and also completely new to debugging, so i was wondering whether there were any general resources on the topic.
i have skimmed through the x64dbg docs, and they explain how to do a lot of things, but not (at least that i could see) what those things actually mean.
i have skimmed through the x64dbg docs, and they explain how to do a lot of things, but not (at least that i could see) what those things actually mean.
<mrexodia> https://github.com/x64dbg/x64dbg/wiki/Frequently-Asked-Questions (re @x64dbg_bot: <rio> hey, i'm a new user and also completely new to debugging, so i was wondering whether there were any general resources on the topic.
i have skimmed through the x64dbg docs, and they explain how to do a lot of things, but not (at least that i could see) what those things actually mean.)
i have skimmed through the x64dbg docs, and they explain how to do a lot of things, but not (at least that i could see) what those things actually mean.)
<mrexodia> Might be a bug
<rio> should i open an issue on github or something like that?
<DaotrongChuong> I have some questions I used the pro version of IDA but now it comes out GHIDRA version of the US Department of Homeland Security and I know that this security department they are the most powerful security department in the world No one can match but in your opinion, this application with IDA PRO is the best, can anyone give me an opinion, thank you very much or I will use both programs.
<apkunpacker> why you saying same thing in all groups ? (re @DaotrongChuong: I have some questions I used the pro version of IDA but now it comes out GHIDRA version of the US Department of Homeland Security and I know that this security department they are the most powerful security department in the world No one can match but in your opinion, this application with IDA PRO is the best, can anyone give me an opinion, thank you very much or I will use both programs.)
<GroupAnonymousBot> Read the pin message. (re @DaotrongChuong: I have some questions I used the pro version of IDA but now it comes out GHIDRA version of the US Department of Homeland Security and I know that this security department they are the most powerful security department in the world No one can match but in your opinion, this application with IDA PRO is the best, can anyone give me an opinion, thank you very much or I will use both programs.)
<DaotrongChuong> I'm sorry that I think each group is different. I'm really sorry and I won't let it happen again and again. Thanks for reminding .
<uafAdmin> I am doing malware analysis and this particular malware creates multiple RWX regions, decrypts code and writes to them. But the issue is it doesn't jump on starting of page, rather it jumps/calls somewhere in the middle of the page and then executes further. Since I don't know where it jumps/calls, I am looking for some plugin/reference on how to break if code starts executing from middle of page.
<uafAdmin> I guess one way would be change the memory protections of the RWX pages to PAGE_NOACCESS and then manually investigating there but if there's an already existing plugin/solution for that, please let me know. That would really help. :D
<mrexodia> You might be able to use memory breakpoints (re @uafAdmin: I guess one way would be change the memory protections of the RWX pages to PAGE_NOACCESS and then manually investigating there but if there's an already existing plugin/solution for that, please let me know. That would really help. :D)
<brigadir15> > rax: {rax} formats to rax: 4C76
And now I need to log memory content. Something like this:
{mem;1@ebp}
Works fine, but I need to show 1 byte from dereferenced ebp :-(
And now I need to log memory content. Something like this:
{mem;1@ebp}
Works fine, but I need to show 1 byte from dereferenced ebp :-(
<brigadir15> Oh, @[ebp] worked fine... Sorry for bothering :-)
<brigadir15> Yes, it would be nice to have an example for such case in the documentation!
<mrexodia> Yep! You can click “edit this page” (re @brigadir15: Since the documentation is on GitHub, could/should I propose a patch for an example?)