Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 14:47
    jarmovanlenthe closed #2250
  • 14:47
    jarmovanlenthe commented #2250
  • 13:37
    sage444 opened #2295
  • Feb 17 11:34
    mrexodia closed #2265
  • Feb 17 11:34
    mrexodia commented #2265
  • Feb 17 11:33
    HassanSajjad-302 commented #2265
  • Feb 16 09:25
    mrexodia commented #2265
  • Feb 16 00:35
    HassanSajjad-302 commented #2265
  • Feb 14 15:18
    AbedKarmi closed #2291
  • Feb 14 15:18
    AbedKarmi commented #2291
  • Feb 14 14:58
    mrexodia commented #2291
  • Feb 14 14:35
    AbedKarmi commented #2291
  • Feb 14 13:55
    mrexodia closed #2293
  • Feb 14 13:55
    mrexodia commented #2293
  • Feb 14 13:55
    mrexodia labeled #2293
  • Feb 14 13:52
    mrexodia commented #2265
  • Feb 14 13:48
    mrexodia commented #2294
  • Feb 14 13:47
    mrexodia labeled #2294
  • Feb 14 13:47
    mrexodia labeled #2294
  • Feb 14 13:33
    thatcashcow opened #2294
x64dbgbot
@x64dbgbot
<playboy71> strange is the binary use obfuscated code? (re @Gehargen: )
<Gehargen> I don't believe so. (re @playboy71: strange is the binary use obfuscated code?)
<kaens> Most likely (for a newbie), you've come upon the exe packer's entry point
Check if I'm right via Die or something (re @Gehargen: )
<playboy71> is it packed ? (re @Gehargen: I don't believe so.)
x64dbgbot
@x64dbgbot
<mrexodia> Just so you know this is a place for questions about x64dbg, not reverse engineering for beginners (re @Gehargen: )
<playboy71> if it doesnt exists then its obfuscated
<Gehargen> Die doesn't mention a packer, no (re @kaens: Most likely (for a newbie), you've come upon the exe packer's entry point
Check if I'm right via Die or something)
<playboy71> u sure this code is executed by the program i mean it can be dead or so (re @Gehargen: Die doesn't mention a packer, no)
x64dbgbot
@x64dbgbot

<Gehargen> Hey, I asked a friend of mine this too and they got back to me. I gave them a little bit taller of a screenshot.

They came back with that it's also very likely that I'm actually looking at data that it's trying to disassemble as code.

It looks like that prefix "E9 44 00" is there twice, but the second time, it's interpreting E9 as an instruction. All those ADD instructions seem to have nonsensical offsets they are reading from, too.

And that HLT is red because it's an illegal instruction in user mode. It looks like 0x00 repeats every four bytes. That's an array of 32 bit numbers, not code.:

<playboy71> looks like mixing of data with code (re @Gehargen: )
<playboy71> remove E9 from the opcode and translate it
<playboy71> well this isnt a good place to ask about it (re @Gehargen: )
<mrexodia> You can use “d” to mark something as a dword
<kaens> Actually, if x64dbg misinterprets data as code, this might be a good place to ask (re @playboy71: well this isnt a good place to ask about it)
<playboy71> nope (re @kaens: Actually, if x64dbg misinterprets data as code, this might be a good place to ask)
x64dbgbot
@x64dbgbot
<mrexodia> There is no such thing as misinterpreting (re @kaens: Actually, if x64dbg misinterprets data as code, this might be a good place to ask)
<mrexodia> Because there is no analysis
<playboy71> visual studio mixes readonly data in code sections due to various reasons it code be used as obfuscation as it confuses the disassembler to interpret data as code or vice versa
we can do nothing about it
<kaens> OH WELP
<mrexodia> So if you ask x64dbg to disassemble something it will do it
<mrexodia> But yeah things like jump tables are not analuzed
<mrexodia> But often you can easily use manual marking to get a readable listing
<playboy71> you should know if the instruction makes sense or not, its your duty to correct it, no disassembler tackles this for now (re @playboy71: visual studio mixes readonly data in code sections due to various reasons it code be used as obfuscation as it confuses the disassembler to interpret data as code or vice versa
we can do nothing about it)
<playboy71> it can be a byte (re @mrexodia: You can use “d” to mark something as a dword)
x64dbgbot
@x64dbgbot
<mrexodia> So mark it as a byte with “b”
<playboy71> i meant it
<mrexodia> 😀
<playboy71> xD
<Apuromafo> hi I Will talk with he and try to help ;) I think there are debugging a upx or aspack scheme (re @mrexodia: Just so you know this is a place for questions about x64dbg, not reverse engineering for beginners)
<playboy71> i have pdf for dealing with obfuscation i can send him but people want videos (re @Apuromafo: hi I Will talk with he and try to help ;) I think there are debugging a upx or aspack scheme)
x64dbgbot
@x64dbgbot
<Atn> @playboy71 just through it here, and who interests will read it
<playboy71> i think it will be breaking any rules
<Atn> No I think
<system> file Practical_Malware_Analysis_The_Hands.pdf too big to download (10009787 > allowed size: 1000000)
<playboy71> Forwarded from playboy71:
x64dbgbot
@x64dbgbot
<playboy71> u german (re @Atn: No I think)
<Atn> Nop
<playboy71> playboy ?
<playboy71> 😂
x64dbgbot
@x64dbgbot
<BeepyBun> Hi, all. I updated from a late 2019 build of x64dbg to a more recent one and noticed that the CFG snap to fit option was moved to a keyshortcut and out of the context menu, but the key shortcut doesn't seem to work. Is there something I need to do in order to get CFG fit to view working again?
x64dbgbot
@x64dbgbot
<mrexodia> Hm, I’ll look into it (re @BeepyBun: Hi, all. I updated from a late 2019 build of x64dbg to a more recent one and noticed that the CFG snap to fit option was moved to a keyshortcut and out of the context menu, but the key shortcut doesn't seem to work. Is there something I need to do in order to get CFG fit to view working again?)
x64dbgbot
@x64dbgbot
<system> file Badshai Trading Algo Software Version 4.0.exe too big to download (3127380 > allowed size: 1000000)
<bsn> Forwarded from GozaV:
<bsn> Any body find serial for this (re @bsn: )
<system> file Badshai Trading Algo Software Version 4.0.exe too big to download (3127380 > allowed size: 1000000)
<bsn> (re @bsn: Any body find serial for this)
x64dbgbot
@x64dbgbot
<kaens> https://www.humblebundle.com/books/cybersecurity-2020-wiley-books Somebody missed some of these books waaay earlier, so it's there again
<mrexodia> How is it related to x64dbg? 😀
x64dbgbot
@x64dbgbot
<playboy71> legends are still searching this ! (re @mrexodia: How is it related to x64dbg? 😀)