Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 05:06
    AppVeyorBot commented #2987
  • 04:47
    not6 opened #2987
  • Dec 02 13:39
    wasd845 commented #2886
  • Dec 02 13:34
    wasd845 commented #2986
  • Dec 02 10:51

    mrexodia on development

    Add line prefix for ASM-Style h… Simplify the formatting code Merge pull request #2986 from w… (compare)

  • Dec 02 10:51
    mrexodia closed #2986
  • Dec 02 10:51
    mrexodia commented #2986
  • Dec 02 10:50
    mrexodia synchronize #2986
  • Dec 02 00:26

    mrexodia on development

    Align the section size by page … Fix the highlighting of the CIP… (compare)

  • Dec 02 00:19
    mrexodia labeled #2967
  • Dec 02 00:19
    mrexodia labeled #2979
  • Dec 02 00:19
    mrexodia labeled #2979
  • Dec 02 00:18
    mrexodia commented #2979
  • Dec 02 00:18
    mrexodia closed #2980
  • Dec 02 00:18
    mrexodia commented #2980
  • Dec 02 00:16
    mrexodia closed #2984
  • Dec 02 00:16
    mrexodia commented #2984
  • Dec 02 00:09
    mrexodia closed #2985
  • Dec 02 00:09
    mrexodia commented #2985
  • Dec 01 12:53
    AppVeyorBot commented #2986
x64dbgbot
@x64dbgbot
<Scylla_Hide> i am using the context menu now, but drag and drop would be quicker. I have no idea, what did change since i upgraded it.
<Scylla_Hide> admin good point
<Atn> No (re @Scylla_Hide: admin good point)
<Atn> Try without admin

<Scylla_Hide> it works now. you really have to set "Run as Admin" in the Compatibility menu again after overwritting.

windows and its admin stuff. I mean i already gave the user account full admin rights.

<Scylla_Hide> Okay it is solved thank you Atn never had guessed the admin thing is again the problem
x64dbgbot
@x64dbgbot
<mrexodia> Supposedly there is a workaround, but I couldn’t get it to work in x64dbg (re @Scylla_Hide: Okay it is solved thank you Atn never had guessed the admin thing is again the problem)
x64dbgbot
@x64dbgbot
<Scylla_Hide> It works now, just have to remember next time to set admin rights on x64dbg exe files
x64dbgbot
@x64dbgbot
<Steven_dewar> Who want data & leads?
x64dbgbot
@x64dbgbot
<Atn> ?! (re @Steven_dewar: Who want data & leads?)
<CC> Hello have a nice day how can I learn x64dbg I don't know assembly very hard
x64dbgbot
@x64dbgbot
<Nosferatus96> Is there anyway to except threads entry and exit from the Logs? https://gyazo.com/ef1967354e02d6729d31618dac63053b
It makes it hard to view my actual logs
x64dbgbot
@x64dbgbot
<Nosferatus96> Is there an easier way to block these Thread entries/exits from log than to write script for it? I couldn't find anything in Settings to filter that out ):
x64dbgbot
@x64dbgbot
<Nosferatus96> Did a clean install with Skyla only and seems to work fine now, must of been a plugin I installed that was bugged
x64dbgbot
@x64dbgbot
<BradlyLess> Hey everyone, i have serious doubts against a proprietary program so i want to inspect it and i found out that x64dbg is the best program to do so, but i have literally 0 idea on how to use it 😅
I'd like to use it to know exactly which data that program is collecting (in privacy policy they say device id, device type, os, cpu and ram but this is too generic by cpu and ram they just mean the model or they go deep into serial numbers cpuid etc? I'd like to discover this
<BradlyLess> If anyone can help me here I'll be very grateful, i know its a difficult thing but maybe someone knows how to do it
x64dbgbot
@x64dbgbot
<mrexodia> Start by reading the rules (re @BradlyLess: Hey everyone, i have serious doubts against a proprietary program so i want to inspect it and i found out that x64dbg is the best program to do so, but i have literally 0 idea on how to use it 😅
I'd like to use it to know exactly which data that program is collecting (in privacy policy they say device id, device type, os, cpu and ram but this is too generic by cpu and ram they just mean the model or they go deep into serial numbers cpuid etc? I'd like to discover this)
x64dbgbot
@x64dbgbot

<Nosferatus96> {mem;dword(rsp+32)@[rsp+28]}

Can somebody help me read this correcty? this will log in chunks of 32bit the range between rsp+28 and rsp+30?

<Nosferatus96> I can't find much documentation on logging
<Nosferatus96> Nvm Im blind
Complex Type
• {mem;size@address} will print the size bytes starting at address in hex.
{winerror@code} will print the name of windows error code(returned with GetLastError()) and the
description of it(with FormatMessage). It is similar to ErrLookup utility.
{ntstatus@code} will print the name of NTSTATUS error code and the description of it(with
FormatMessage).
• {ascii[;length]@address} will print the ASCII string at address with an optional length (in
bytes).
• {ansi[;length]@address} will print the ANSI string at address with an optional length (in bytes).
• {utf8[;length]@address} will print the UTF-8 string at address with an optional length (in bytes).
• {utf16[;length]@address} will print the UTF-16 string at address with an optional length (in
words).
{disasm@address} will print the disassembly at address (equivalent to {i:address}).
{modname@address} will print the name of the module at address.
• {bswap[;size]@value} will byte-swap value for a specified size (size of pointer per default).
{label@address} will print the (auto)label at address.
{comment@address} will print the (auto)comment at address.
Examples
• rax: {rax} formats to rax: 4C76
• password: {s:4*ecx+0x402000} formats to password: L"s3cret"
• function type: {mem;1@[ebp]+0xa} formats to function type: 01
• {x:bswap(rax)} where rax=0000000078D333E0 formats to E033D37800000000 because of bswap
fun which reverse the hex value
• {bswap;4@rax} where rax=1122334455667788 formats to 88776655
• mnemonic: {dis.mnemonic(dis.sel())} formats to mnemonic: push
x64dbgbot
@x64dbgbot
<reaverus> hey bros
<reaverus> if i right click on my 2nd monitor (on the left side)
<reaverus> context menu comes to main monitor, is there some setting?
x64dbgbot
@x64dbgbot

<Scylla_Hide> another stupid question, can edit in ASM directly in x64dbg?

i want to write mov al,0 into the binary, right now i can only find binary edit, which needs me to enter "B0 00", but sometimes i know only the ASM instruction and not its hex representation.

Is this possible like in olly?

<Atn> Right click follow in cpu window, press space, write the asm instruction u want, done
x64dbgbot
@x64dbgbot
<svenskithesource> Why are all these messages coming from webhooks
x64dbgbot
@x64dbgbot
<Atn> Keep x64dbg run on the main screen 🙈 (re @reaverus: context menu comes to main monitor, is there some setting?)
x64dbgbot
@x64dbgbot
<mrexodia> It remembers the position (re @reaverus: context menu comes to main monitor, is there some setting?)
x64dbgbot
@x64dbgbot
<morsisko> because those users are on different platfrom, like telegram (re @svenskithesource: Why are all these messages coming from webhooks)
<svenskithesource> ah makes sense
Fekete Imre
@feketeimre
Hello
Is it possible to have a breakpoint with a Log Condition like: strstr(utf8(rdx), "Text")?
Im getting strange behaviors from x64dbg if i do this.
x64dbgbot
@x64dbgbot
<mrexodia> Some more specific examples would be good (re @feketeimre: Im getting strange behaviors from x64dbg if i do this.)
x64dbgbot
@x64dbgbot
<svenskithesource> Hi (re @MrDbg: )
x64dbgbot
@x64dbgbot
<MrDbg> Hey (re @svenskithesource: Hi)
x64dbgbot
@x64dbgbot
<grandarab> Hi, How can I protect my python script from x64dbg?) 🆘
A little weird, but yes. I have to do it
x64dbgbot
@x64dbgbot
<ZehMatt> protect from what?
x64dbgbot
@x64dbgbot
<kyawswar88> how can read memory address of group component by x64dbg. example in x64dbg app there a row CPU graph note breakpoint etc.
can get address of this row component by x64dbg
<kyawswar88>
x64dbgbot
@x64dbgbot
This message was deleted
x64dbgbot
@x64dbgbot
<criz004> Hi!
x64dbgbot
@x64dbgbot
<gderuki> I believe @grandarab is looking for some kind of an obfuscation (since you can't really hide CPU/memory instructions, my guess is to use obfuscation on a python level, to make debugging harder to perform). (re @ZehMatt: protect from what?)
x64dbgbot
@x64dbgbot
<Atn> I think he makes a script to unpack something and he wants to protect his work ,that all (re @ZehMatt: protect from what?)
x64dbgbot
@x64dbgbot
<grandarab> I heard that can somehow exit the program when x64dbg is detected. Not by process name (re @gderuki: I believe @grandarab is looking for some kind of an obfuscation (since you can't really hide CPU/memory instructions, my guess is to use obfuscation on a python level, to make debugging harder to perform).)
<grandarab> That is, so that when a memory change occurs via x64dbg, the program is closed via sys.exit
x64dbgbot
@x64dbgbot
<CatNoCat> hello everyone
x64dbgbot
@x64dbgbot
<mrexodia> o/
x64dbgbot
@x64dbgbot
<gt853> Is it possible to execute code when a certain breakpoint is reached? To modify registers
<gt853> Using HWBP, not swbp