Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Feb 17 11:34
    mrexodia closed #2265
  • Feb 17 11:34
    mrexodia commented #2265
  • Feb 17 11:33
    HassanSajjad-302 commented #2265
  • Feb 16 09:25
    mrexodia commented #2265
  • Feb 16 00:35
    HassanSajjad-302 commented #2265
  • Feb 14 15:18
    AbedKarmi closed #2291
  • Feb 14 15:18
    AbedKarmi commented #2291
  • Feb 14 14:58
    mrexodia commented #2291
  • Feb 14 14:35
    AbedKarmi commented #2291
  • Feb 14 13:55
    mrexodia closed #2293
  • Feb 14 13:55
    mrexodia commented #2293
  • Feb 14 13:55
    mrexodia labeled #2293
  • Feb 14 13:52
    mrexodia commented #2265
  • Feb 14 13:48
    mrexodia commented #2294
  • Feb 14 13:47
    mrexodia labeled #2294
  • Feb 14 13:47
    mrexodia labeled #2294
  • Feb 14 13:33
    thatcashcow opened #2294
  • Feb 14 00:04
    Rexkh opened #2293
  • Feb 13 20:26
    HassanSajjad-302 commented #2265
  • Feb 13 20:25
    HassanSajjad-302 commented #2265
x64dbgbot
@x64dbgbot
<mrexodia> Haha
<mrexodia> Itโ€™s the noun
<mrexodia> But yeah
<mrexodia> Improvements are welcome
<billy-jon> wait, so its NEVER the verb?
<billy-jon> i now have to re-evaluate the entire thing. i had always interpreted it as record (as opposed to play, pause, fast-forward), or as in recordING a trace
<billy-jon> something tells me my "improvements" would make it worse :P
x64dbgbot
@x64dbgbot
<billy-jon> if you wanted to do a quick eli5 for tracing i could try and write it more formally. i think a high-level overview at http://help.x64dbg.com/en/latest/commands/tracing/index.html would be helpful
x64dbgbot
@x64dbgbot
<mrexodia> Yeah thatโ€™s a good introduction (re @x64dbg_bot: <billy-jon> oh wait i just found this: https://x64dbg.com/blog/2016/07/09/introducing-contemporary-reverse-engineering-technique-to-real-world-use.html)
x64dbgbot
@x64dbgbot
<giuseppe_brutto> Hi.
Hasp for 64 bit applications has a signature (for example for 32 bit applications was "cmp bh, 32" 80FF32h)? (re @Gabriele_Vezzani: Easy enough!)
x64dbgbot
@x64dbgbot
<Konrad> " kernel/hypervisor mode debugging"
<Konrad> that would be cool something like DBVM for x64dbg
<Konrad> but still shitty softwares can detect it/scan for drivers
<Konrad> maybe unless you manually map your driver.. with some vulnerable driver
<Konrad> and that driver is not blacklisted too
x64dbgbot
@x64dbgbot
<Gabriele_Vezzani> No, its an archaic pattern. Things are changed nowadays. (re @giuseppe_brutto: Hi.
Hasp for 64 bit applications has a signature (for example for 32 bit applications was "cmp bh, 32" 80FF32h)?)
x64dbgbot
@x64dbgbot
<Antitrack> one could use any "mov rax, 0123456789abcdef" and use THAT value as signature (or xor rax, 0123456789abcdef)
<Antitrack> (just saying)
x64dbgbot
@x64dbgbot
<levitanious> That's probably not a 64-bit addressing.
<levitanious> 16 bytes, that's more like 128 bit.
<levitanious> Wait a second. My brain didn't switched properly (that's not a string, damn it!). <siiiiiiiiigh>
I blame the lack of 0x notation >_>
As my assembler would say............ error: illegal instruction
x64dbgbot
@x64dbgbot
<levitanious> No, wait, i was right
<levitanious> The addressing is actually off. I need sleep, apparently.
x64dbgbot
@x64dbgbot
<Antitrack> 8 bytes... dont code and drive drivel on irc! :D
<levitanious> ...hic!
<levitanious> Still, RAX isn't as fat
<levitanious> Come on
<levitanious> You are trying to cram too much, it won't fit!
x64dbgbot
@x64dbgbot
<Antitrack> 64bits = 8 bytes
<Antitrack> RAX is fatter than your brain! :D
<levitanious> Also as the immediate operands for 64-bit operations only the signed 32-bit values are possible, with the only exception being the mov instruction with destination operand being 64-bit general purpose register. Trying to force the 64-bit immediate with any other instruction will cause an error.
<levitanious> ~_~ Stop abusing my sleepy brain
<levitanious> Will you
<Antitrack> hrhrhr
<levitanious> Use memory
<levitanious> Or stack
<levitanious> Actually stack works nice.
<levitanious> (by memory i meant heap)
<Antitrack> stackoverflow!
<levitanious> ...hic!*
<Antitrack> prost
<Antitrack> mov ah, al ; shr ax, 4
x64dbgbot
@x64dbgbot
<levitanious> Ohoho, tasty
<levitanious> ๐Ÿ‘Œ
x64dbgbot
@x64dbgbot
<levitanious> movabs rax, 0x0123456789abcdef; xor rax, rax
<levitanious> ๐Ÿ˜‚! You wanted to cram it in, right? Let's cram it in all the way!
<levitanious> <highfives>
x64dbgbot
@x64dbgbot
<mrexodia> ๐Ÿ˜€
x64dbgbot
@x64dbgbot
<Jojo00182> Hi, is this the right place to ask a question?