<SunBeam> to call that function with args passed in eax and esi registers
<SunBeam> the default behavior I get in MSVS is pushing to stack
<Atn> Inside the debugger !
<SunBeam> no, in visual studio π
<Atn> Lol
<SunBeam> so that the compiled code ends-up passing them in eax and esi
<SunBeam> don't think I can without a wrapper π¦
<Atn> Yah I think so too
<Atn> Of course dll will handle the exception handler
<Atn> Use AddVectoredExceptionHandler
<SunBeam> π
<SunBeam> ```
extern "C"
{
DWORD stdcall _GetFullName( class UObject const , char buffer );
DWORD UObjectGetFullName = NULL; // retrieved from a FindPattern
wchar_t szNull[] = L"None";
}
..
..
char szOutBuffer[3 * sizeof(int)] = { 0 };
fprintf( Log, "[%08i] %08X %S\n", i, UObject::GObjObjects()->Data[i], _GetFullName( UObject::GObjObjects()->Data[i], szOutBuffer ) );..
..
.486
.model flat, stdcall
option casemap: none
PUBLIC _GetFullName
EXTERN szNull: dword
EXTERN UObject__GetFullName: dword
.data
.code
_GetFullName PROC uses esi a:dword, b:dword
mov eax,b
mov esi,a
call [UObject__GetFullName]
cmp dword ptr [eax+4],0
je short _L1
mov eax,dword ptr [eax]
jmp short _L2
_L1:
mov eax,szNull
_L2:
ret_GetFullName ENDP
align 10h
END
```
<SunBeam> and a quick dump
<SunBeam> << again, if super off-topic, I'll clean-up the above >>
<thewh1teagle> Idk if it's offtopic but maybe someone can help
I found this x64dbg script
https://github.com/x64dbg/Scripts/blob/master/VMProtect%20v3.x.x%20OEP%20Finder.txt
It works and disable vmprotect completly
I want somehow patch the PE so I will get binary without vmprotect
Is that possible?
Hi all. I have 2 files. One is the original and the second is the same protected with themida ver.2. Is it possible to dump the second one by attaching it to X64dbg 32bit when it is fully working and do a comparison with the first one? Can i use the OEP from second file to dump the first? TIA
<mrexodia> Just try it (re @ektwr: Hi all. I have 2 files. One is the original and the second is the same protected with themida ver.2. Is it possible to dump the second one by attaching it to X64dbg 32bit when it is fully working and do a comparison with the first one? Can i use the OEP from second file to dump the first? TIA)
<mrfearless> result in clipboard is
E8 57 D7 00 00
<mrfearless> which is the hex opcodes
I mean if its possible to select 3 or more lines and do copy only the hex opcodes.
<T4rr4g4> Hi group!, you know how to "restart" from a script.
<antipatico> I'm trying by using the command
ticnd (mod.party(dis.branchdest(cip)) == 0) but without success, the step into is always executed, no matter the result of the condition
<mrexodia> So it will stop when the condition is true
<mrexodia> Try evaluating it on the command line
<mrexodia> To see if it does what you expect
<mrexodia> The animate command has no purpose in my opinion
<mrexodia> Itβs just to hold f7 without holding the button
<Atn> Set begin and end address
<Atn> And log what u want
<Atn> U can build ur own log
<Atn> With the details u want