Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 13:34
    alex-shr commented #2296
  • Feb 22 20:59
    mrexodia commented #2296
  • Feb 22 20:50
    blaquee commented #2296
  • Feb 22 19:56
    mrexodia commented #2296
  • Feb 22 18:32
    alex-shr commented #2296
  • Feb 22 18:29
    alex-shr commented #2296
  • Feb 22 18:26
    alex-shr commented #2296
  • Feb 22 18:24
    alex-shr commented #2296
  • Feb 22 18:19
    alex-shr commented #2296
  • Feb 22 17:57
    mrexodia labeled #2296
  • Feb 22 17:57
    mrexodia commented #2296
  • Feb 22 16:22
    alex-shr edited #2296
  • Feb 22 16:21
    alex-shr edited #2296
  • Feb 22 16:21
    alex-shr edited #2296
  • Feb 22 16:10
    alex-shr edited #2296
  • Feb 22 16:02
    alex-shr edited #2296
  • Feb 22 16:00
    alex-shr edited #2296
  • Feb 22 15:48
    alex-shr opened #2296
  • Feb 21 03:31
    Paliha commented #2261
  • Feb 21 03:29
    Paliha commented #2261
x64dbgbot
@x64dbgbot
<billy-jon> i now have to re-evaluate the entire thing. i had always interpreted it as record (as opposed to play, pause, fast-forward), or as in recordING a trace
<billy-jon> something tells me my "improvements" would make it worse :P
<billy-jon> if you wanted to do a quick eli5 for tracing i could try and write it more formally. i think a high-level overview at http://help.x64dbg.com/en/latest/commands/tracing/index.html would be helpful
x64dbgbot
@x64dbgbot
<mrexodia> Yeah that’s a good introduction (re @x64dbg_bot: <billy-jon> oh wait i just found this: https://x64dbg.com/blog/2016/07/09/introducing-contemporary-reverse-engineering-technique-to-real-world-use.html)
x64dbgbot
@x64dbgbot
<giuseppe_brutto> Hi.
Hasp for 64 bit applications has a signature (for example for 32 bit applications was "cmp bh, 32" 80FF32h)? (re @Gabriele_Vezzani: Easy enough!)
x64dbgbot
@x64dbgbot
<Konrad> " kernel/hypervisor mode debugging"
<Konrad> that would be cool something like DBVM for x64dbg
<Konrad> but still shitty softwares can detect it/scan for drivers
<Konrad> maybe unless you manually map your driver.. with some vulnerable driver
<Konrad> and that driver is not blacklisted too
x64dbgbot
@x64dbgbot
<Gabriele_Vezzani> No, its an archaic pattern. Things are changed nowadays. (re @giuseppe_brutto: Hi.
Hasp for 64 bit applications has a signature (for example for 32 bit applications was "cmp bh, 32" 80FF32h)?)
x64dbgbot
@x64dbgbot
<Antitrack> one could use any "mov rax, 0123456789abcdef" and use THAT value as signature (or xor rax, 0123456789abcdef)
<Antitrack> (just saying)
x64dbgbot
@x64dbgbot
<levitanious> That's probably not a 64-bit addressing.
<levitanious> 16 bytes, that's more like 128 bit.
<levitanious> Wait a second. My brain didn't switched properly (that's not a string, damn it!). <siiiiiiiiigh>
I blame the lack of 0x notation >_>
As my assembler would say............ error: illegal instruction
x64dbgbot
@x64dbgbot
<levitanious> No, wait, i was right
<levitanious> The addressing is actually off. I need sleep, apparently.
x64dbgbot
@x64dbgbot
<Antitrack> 8 bytes... dont code and drive drivel on irc! :D
<levitanious> ...hic!
<levitanious> Still, RAX isn't as fat
<levitanious> Come on
<levitanious> You are trying to cram too much, it won't fit!
x64dbgbot
@x64dbgbot
<Antitrack> 64bits = 8 bytes
<Antitrack> RAX is fatter than your brain! :D
<levitanious> Also as the immediate operands for 64-bit operations only the signed 32-bit values are possible, with the only exception being the mov instruction with destination operand being 64-bit general purpose register. Trying to force the 64-bit immediate with any other instruction will cause an error.
<levitanious> ~_~ Stop abusing my sleepy brain
<levitanious> Will you
<Antitrack> hrhrhr
<levitanious> Use memory
<levitanious> Or stack
<levitanious> Actually stack works nice.
<levitanious> (by memory i meant heap)
<Antitrack> stackoverflow!
<levitanious> ...hic!*
<Antitrack> prost
<Antitrack> mov ah, al ; shr ax, 4
x64dbgbot
@x64dbgbot
<levitanious> Ohoho, tasty
<levitanious> πŸ‘Œ
x64dbgbot
@x64dbgbot
<levitanious> movabs rax, 0x0123456789abcdef; xor rax, rax
<levitanious> πŸ˜‚! You wanted to cram it in, right? Let's cram it in all the way!
<levitanious> <highfives>
x64dbgbot
@x64dbgbot
<mrexodia> πŸ˜€
x64dbgbot
@x64dbgbot
<Jojo00182> Hi, is this the right place to ask a question?
x64dbgbot
@x64dbgbot
<mrexodia> Yea about x64dbg
x64dbgbot
@x64dbgbot
<Jojo00182> thx, i think i fixed it at least for one exe. When i load steam game into the debugger and let it run it says terminated "debugging stopped" but the game runs
x64dbgbot
@x64dbgbot
<Forlax> x64dbg can be scripted to auto add patches?
Cos there is nothing about that beside debugging stuffs in the documentations https://i.imgur.com/nBb9ndV.png
x64dbgbot
@x64dbgbot
<mrexodia> Put a steam_appid.txt next to the game with the correct appid (re @x64dbg_bot: <Jojo00182> thx, i think i fixed it at least for one exe. When i load steam game into the debugger and let it run it says terminated "debugging stopped" but the game runs)
<Forlax> mrexodia, is this possible with the current engine that x64dbg uses or it's not in there yet. Because I got no clue, I asked around and they sent me here.