<SunBeam> no other way due to variable length instructions and other crap
<SunBeam> was hoping to find some formula or some simplified code; but that
dis.sel() kinda says it all
<c0rt3x0> ???
<mrexodia> What kind of update are you looking for? (re @c0rt3x0: @mrexodia we will have any major update on x64dbg or st3p by step)
<c0rt3x0> Specially
<mrexodia> Likely this is what caused the issue x64dbg/x64dbg#2482
<SunBeam> you seem to fixate on some elements and get stranded there
<SunBeam> I asked for a simple METHOD to scan an entire executable for static executable code references of a (static) pointer
<SunBeam> then looked at the documentation for leads on how "Find references > Address: X" works
<SunBeam> then said "oh, so that's how it works; nothing simple" > imbricated high-level programming, function calling function calling function
<SunBeam> bottom line being you need to disassemble/dissect the executable to be able to start formulating a way in which to scan for mnemonics like "mov r64,[ptr]", "lea r64,[ptr]", etc. -- all possibilities
<SunBeam> if it's not something you can do with some pattern scanner or w.e., then just say "it's more complicated than that" instead of asking simple questions denoting you couldn't be arsed reading the entire story
<SunBeam> I event left 2 pictures showing what I'm looking for; I don't want to do it in x64dbg, I want to understand HOW IT WORKS π
<ThisIsLibra> This group is a gold mine for entitled requests
<SunBeam> and this - the scanning - happens when the process starts
<SunBeam> I cannot use some pattern to find it because it's a
dynamic initializer function in initterm (it's run in TLS)
<SunBeam> then I can't use a hardcoded offset because when the game updates, bye bye offsetting.. the function will change offset/position in initterm tree most likely, this (the position) being determined by the compiler
<SunBeam> so then I thought "what if I find all references for the static address I need and filter/pick the one reference I want?"
<SunBeam> but as it turns out, doing this to find ANY possibility of a mnemonic involving that static address across the entire executable code space of the game will take an enormous amount of time to scan for; file's protected with Denuvo, which means Denuvo has moved all that exec code with length larger than 5 bytes to its gynormously allocated section
<SunBeam> exe is 500+MB π
<Matti> 'request' is putting it mildly
<SunBeam> k, hope it makes more sense now
<xuan2261> hello
<mrexodia> it just disassembles linearly and checks the operands
<xuan2261> Someone suggested this to me and I don't know what to do and where to start
<xuan2261> "VMP puts a fake native Layer and due to this you won't see any proper Runtime File in the memory because that is executed using the data available in vmp0 section.
Remove VMP by putting bp just before the execution call in x64dbg and you can Dump Runtime and Main EXE without VMP but as the vmp Section is removed so file won't start."
<xuan2261> i want remove VMP
https://cdn.discordapp.com/attachments/360907625837101067/888432334846701628/unknown.png
https://cdn.discordapp.com/attachments/360907625837101067/888432334846701628/unknown.png
<xuan2261> Can someone guide me to follow the suggestions above?
<raven224> you cannot strip off VMP LOL (re @x64dbg_bot: <xuan2261> i want remove VMP
https://cdn.discordapp.com/attachments/360907625837101067/888432334846701628/unknown.png)
https://cdn.discordapp.com/attachments/360907625837101067/888432334846701628/unknown.png)
<SWaNk> Well, you can but it is far from trivial... (re @raven224: you cannot strip off VMP LOL)
<raven224> yeah that what i meant.
i was talking regardless of the above steps he mentioned (re @SWaNk: Well, you can but it is far from trivial...)
i was talking regardless of the above steps he mentioned (re @SWaNk: Well, you can but it is far from trivial...)
<SWaNk> Yeah... way more steps than that lol... (re @raven224: yeah that what i meant.
i was talking regardless of the above steps he mentioned)
i was talking regardless of the above steps he mentioned)
<raven224> Need to understand the Virtual machine first over those obfuscation/mutations.
<SWaNk> Right Click protector line in DIE and hit del... Easy like that ππ
<SWaNk> Yeah... not trivial (re @raven224: Need to understand the Virtual machine first over those obfuscation/mutations.)
<raven224> Haha that'd much easier (re @SWaNk: Right Click protector line in DIE and hit del... Easy like that ππ)