Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jan 27 19:29
    MavenDE commented #1884
  • Jan 22 07:04
    idigger edited #2824
  • Jan 22 06:56
    idigger edited #2824
  • Jan 22 06:55
    idigger edited #2824
  • Jan 22 06:54
    idigger edited #2824
  • Jan 22 02:50
    Champollion9012 labeled #2825
  • Jan 22 02:50
    Champollion9012 opened #2825
  • Jan 22 00:26
    mrexodia commented #2824
  • Jan 22 00:05
    mrexodia commented #2824
  • Jan 22 00:03
    mrexodia commented #2824
  • Jan 22 00:02
    SirHerpDerp commented #2824
  • Jan 22 00:00
    SirHerpDerp commented #2824
  • Jan 21 12:30
    idigger labeled #2824
  • Jan 21 12:30
    idigger opened #2824
  • Jan 21 08:54

    torusrxxx on development

    fixed mnemonic brief not shown (compare)

  • Jan 19 00:12

    mrexodia on development

    Make all child dialogs respect … (compare)

  • Jan 19 00:04
    pka4916 commented #2801
  • Jan 19 00:02
    pka4916 opened #2823
  • Jan 19 00:02
    pka4916 labeled #2823
  • Jan 18 21:17
    SirHerpDerp commented #2821
x64dbgbot
@x64dbgbot
<DaotrongChuong> Hi
x64dbgbot
@x64dbgbot
<DaotrongChuong> I have some questions I used the pro version of IDA but now it comes out GHIDRA version of the US Department of Homeland Security and I know that this security department they are the most powerful security department in the world No one can match but in your opinion, this application with IDA PRO is the best, can anyone give me an opinion, thank you very much or I will use both programs.
<apkunpacker> why you saying same thing in all groups ? (re @DaotrongChuong: I have some questions I used the pro version of IDA but now it comes out GHIDRA version of the US Department of Homeland Security and I know that this security department they are the most powerful security department in the world No one can match but in your opinion, this application with IDA PRO is the best, can anyone give me an opinion, thank you very much or I will use both programs.)
x64dbgbot
@x64dbgbot
<GroupAnonymousBot> Read the pin message. (re @DaotrongChuong: I have some questions I used the pro version of IDA but now it comes out GHIDRA version of the US Department of Homeland Security and I know that this security department they are the most powerful security department in the world No one can match but in your opinion, this application with IDA PRO is the best, can anyone give me an opinion, thank you very much or I will use both programs.)
x64dbgbot
@x64dbgbot
<GroupAnonymousBot> Looks like just spam/troll
<DaotrongChuong> I'm sorry that I think each group is different. I'm really sorry and I won't let it happen again and again. Thanks for reminding .
x64dbgbot
@x64dbgbot
<MankindExist_xD> Hui
x64dbgbot
@x64dbgbot
<MankindExist_xD> Very old group (re @mrexodia: Also I made this group public)
x64dbgbot
@x64dbgbot
<uafAdmin> Hello guys, I need a little help, a suggestion
<uafAdmin> I am doing malware analysis and this particular malware creates multiple RWX regions, decrypts code and writes to them. But the issue is it doesn't jump on starting of page, rather it jumps/calls somewhere in the middle of the page and then executes further. Since I don't know where it jumps/calls, I am looking for some plugin/reference on how to break if code starts executing from middle of page.
<uafAdmin> I guess one way would be change the memory protections of the RWX pages to PAGE_NOACCESS and then manually investigating there but if there's an already existing plugin/solution for that, please let me know. That would really help. :D
x64dbgbot
@x64dbgbot
<mrexodia> You might be able to use memory breakpoints (re @uafAdmin: I guess one way would be change the memory protections of the RWX pages to PAGE_NOACCESS and then manually investigating there but if there's an already existing plugin/solution for that, please let me know. That would really help. :D)
x64dbgbot
@x64dbgbot
<brigadir15> Hello! I have a breakpoint. How can write value of the register A (ebp, for example) into the log? A breakpoint has ``Log text'' parameter... What should I write there?
x64dbgbot
@x64dbgbot
<brigadir15> > rax: {rax} formats to rax: 4C76
And now I need to log memory content. Something like this:
{mem;1@ebp}
Works fine, but I need to show 1 byte from dereferenced ebp :-(
<brigadir15> Oh, @[ebp] worked fine... Sorry for bothering :-)
x64dbgbot
@x64dbgbot
<mrexodia> No worries, if you see any improvements to the documentation this is appreciated btw (re @brigadir15: Oh, @[ebp] worked fine... Sorry for bothering :-))
<brigadir15> Yes, it would be nice to have an example for such case in the documentation!
x64dbgbot
@x64dbgbot
<brigadir15> Since the documentation is on GitHub, could/should I propose a patch for an example? (re @mrexodia: No worries, if you see any improvements to the documentation this is appreciated btw)
<mrexodia> Yep! You can click “edit this page” (re @brigadir15: Since the documentation is on GitHub, could/should I propose a patch for an example?)
x64dbgbot
@x64dbgbot
<uafAdmin> Thanks. Will definitely check that out. Didn't think that works on multiple pages long memory allocations. (re @mrexodia: You might be able to use memory breakpoints)
x64dbgbot
@x64dbgbot
<manoj0086> How do unpack vmprotect 1.x (64 bit file)
x64dbgbot
@x64dbgbot
<bilka00> It is far from a fact that what is defined as vmprot 1.X is what it is (re @manoj0086: How do unpack vmprotect 1.x (64 bit file))
<bilka00> sample - this vmprotect 3.5:
<Mwha> Email list avaliable, Contact me price low
x64dbgbot
@x64dbgbot
<kaens> /report (re @Mwha: Email list avaliable, Contact me price low)
<kaens> @mrexodia , that is
<Mwha> /report (re @kaens: /report)
<kaens> Explains the low price. Matches the intelligence.
<apkunpacker> can you send this sample in dm please , which show false detection for VMP in die? (re @bilka00: )
<bilka00> I can’t this one, but now I’ll pack Hello world. (re @apkunpacker: can you send this sample in dm please , which show false detection for VMP in die?)
<mrexodia> Read the rules (re @bilka00: I can’t this one, but now I’ll pack Hello world.)
<bilka00> That there is a sample to throw here? (this is not a crack, this is just an example) (re @mrexodia: Read the rules)
<mrexodia> But it’s not about x64dbg
<mrexodia> Feel free to DM each other
x64dbgbot
@x64dbgbot
<CL4X0> Why some asm commands changes when we reach them through some memory or hardware breakpoint and scroll up?
x64dbgbot
@x64dbgbot
<mrexodia> Could you explain a bit more?
<CL4X0> Like i set a memory breakpoint on a section of memory and I break on a jmp
But,when I scroll up,there is no jmp,it is changed into something else
Making it impossible to set a soft breakpoint in that jmp
x64dbgbot
@x64dbgbot
<mrexodia> This is a longstanding question. Basically x64dbg doesn't magically know how to disassemble when you scroll up so in obfuscated code (or when code is mixed with data) you get this type of thing
<mrexodia> You can use B to manually mark things as data and it will disassemble correctly
<CL4X0> Okay thanks,I will try and see
<CL4X0> Your debugger is really impressive
jackwolail
@jackwolail
anyone here
x64dbgbot
@x64dbgbot
<Atn> No nobody here
<Atn> Try next door
x64dbgbot
@x64dbgbot
<kaens> @mrexodia nickname spam (re @mix-smm.ru Любые накрутки: )
x64dbgbot
@x64dbgbot
<SHINOLAA> Hi, does this program work with FL Studio?
<kaens> Are you making x86 chip music or something xD
<CL4X0> @[telegram] SHINOLAA#0000 this thing is not available as a vst yet lol
x64dbgbot
@x64dbgbot
<__fastcall> x64dbg music 💀
x64dbgbot
@x64dbgbot
<CL4X0> Hatsune debugger