<Scylla_Hide> admin good point
<Atn> No (re @Scylla_Hide: admin good point)
<Atn> Try without admin
<Scylla_Hide> it works now. you really have to set "Run as Admin" in the Compatibility menu again after overwritting.
windows and its admin stuff. I mean i already gave the user account full admin rights.
<Scylla_Hide> Okay it is solved thank you Atn never had guessed the admin thing is again the problem
<CC> Hello have a nice day how can I learn x64dbg I don't know assembly very hard
<Nosferatus96> Is there anyway to except threads entry and exit from the Logs? https://gyazo.com/ef1967354e02d6729d31618dac63053b
It makes it hard to view my actual logs
It makes it hard to view my actual logs
<BradlyLess> Hey everyone, i have serious doubts against a proprietary program so i want to inspect it and i found out that x64dbg is the best program to do so, but i have literally 0 idea on how to use it 😅
I'd like to use it to know exactly which data that program is collecting (in privacy policy they say device id, device type, os, cpu and ram but this is too generic by cpu and ram they just mean the model or they go deep into serial numbers cpuid etc? I'd like to discover this
I'd like to use it to know exactly which data that program is collecting (in privacy policy they say device id, device type, os, cpu and ram but this is too generic by cpu and ram they just mean the model or they go deep into serial numbers cpuid etc? I'd like to discover this
<BradlyLess> If anyone can help me here I'll be very grateful, i know its a difficult thing but maybe someone knows how to do it
<mrexodia> Start by reading the rules (re @BradlyLess: Hey everyone, i have serious doubts against a proprietary program so i want to inspect it and i found out that x64dbg is the best program to do so, but i have literally 0 idea on how to use it 😅
I'd like to use it to know exactly which data that program is collecting (in privacy policy they say device id, device type, os, cpu and ram but this is too generic by cpu and ram they just mean the model or they go deep into serial numbers cpuid etc? I'd like to discover this)
I'd like to use it to know exactly which data that program is collecting (in privacy policy they say device id, device type, os, cpu and ram but this is too generic by cpu and ram they just mean the model or they go deep into serial numbers cpuid etc? I'd like to discover this)
<Nosferatus96> I can't find much documentation on logging
<Nosferatus96> Nvm Im blind
Complex Type
• {mem;size@address} will print the size bytes starting at address in hex.
• {winerror@code} will print the name of windows error code(returned with GetLastError()) and the
description of it(with FormatMessage). It is similar to ErrLookup utility.
• {ntstatus@code} will print the name of NTSTATUS error code and the description of it(with
FormatMessage).
• {ascii[;length]@address} will print the ASCII string at address with an optional length (in
bytes).
• {ansi[;length]@address} will print the ANSI string at address with an optional length (in bytes).
• {utf8[;length]@address} will print the UTF-8 string at address with an optional length (in bytes).
• {utf16[;length]@address} will print the UTF-16 string at address with an optional length (in
words).
• {disasm@address} will print the disassembly at address (equivalent to {i:address}).
• {modname@address} will print the name of the module at address.
• {bswap[;size]@value} will byte-swap value for a specified size (size of pointer per default).
• {label@address} will print the (auto)label at address.
• {comment@address} will print the (auto)comment at address.
Examples
• rax: {rax} formats to rax: 4C76
• password: {s:4*ecx+0x402000} formats to password: L"s3cret"
• function type: {mem;1@[ebp]+0xa} formats to function type: 01
• {x:bswap(rax)} where rax=0000000078D333E0 formats to E033D37800000000 because of bswap
fun which reverse the hex value
• {bswap;4@rax} where rax=1122334455667788 formats to 88776655
• mnemonic: {dis.mnemonic(dis.sel())} formats to mnemonic: push
Complex Type
• {mem;size@address} will print the size bytes starting at address in hex.
• {winerror@code} will print the name of windows error code(returned with GetLastError()) and the
description of it(with FormatMessage). It is similar to ErrLookup utility.
• {ntstatus@code} will print the name of NTSTATUS error code and the description of it(with
FormatMessage).
• {ascii[;length]@address} will print the ASCII string at address with an optional length (in
bytes).
• {ansi[;length]@address} will print the ANSI string at address with an optional length (in bytes).
• {utf8[;length]@address} will print the UTF-8 string at address with an optional length (in bytes).
• {utf16[;length]@address} will print the UTF-16 string at address with an optional length (in
words).
• {disasm@address} will print the disassembly at address (equivalent to {i:address}).
• {modname@address} will print the name of the module at address.
• {bswap[;size]@value} will byte-swap value for a specified size (size of pointer per default).
• {label@address} will print the (auto)label at address.
• {comment@address} will print the (auto)comment at address.
Examples
• rax: {rax} formats to rax: 4C76
• password: {s:4*ecx+0x402000} formats to password: L"s3cret"
• function type: {mem;1@[ebp]+0xa} formats to function type: 01
• {x:bswap(rax)} where rax=0000000078D333E0 formats to E033D37800000000 because of bswap
fun which reverse the hex value
• {bswap;4@rax} where rax=1122334455667788 formats to 88776655
• mnemonic: {dis.mnemonic(dis.sel())} formats to mnemonic: push
<reaverus> if i right click on my 2nd monitor (on the left side)
<reaverus> context menu comes to main monitor, is there some setting?
<Scylla_Hide> another stupid question, can edit in ASM directly in x64dbg?
i want to write mov al,0 into the binary, right now i can only find binary edit, which needs me to enter "B0 00", but sometimes i know only the ASM instruction and not its hex representation.
Is this possible like in olly?
<Atn> Right click follow in cpu window, press space, write the asm instruction u want, done
<svenskithesource> ah makes sense
Is it possible to have a breakpoint with a Log Condition like: strstr(utf8(rdx), "Text")?
Im getting strange behaviors from x64dbg if i do this.
<kyawswar88>
<grandarab> I heard that can somehow exit the program when x64dbg is detected. Not by process name (re @gderuki: I believe @grandarab is looking for some kind of an obfuscation (since you can't really hide CPU/memory instructions, my guess is to use obfuscation on a python level, to make debugging harder to perform).)
<grandarab> That is, so that when a memory change occurs via x64dbg, the program is closed via sys.exit
<gt853> Using HWBP, not swbp