Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jan 20 23:31
    stevemk14ebr commented #1908
  • Jan 20 23:28
    blaquee commented #1908
  • Jan 20 23:01
    stevemk14ebr commented #1908
  • Jan 20 22:59
    stevemk14ebr commented #1908
  • Jan 20 22:45
    stevemk14ebr commented #1908
  • Jan 20 18:21
    stevemk14ebr commented #1908
  • Jan 20 18:18
    stevemk14ebr commented #1908
  • Jan 20 18:15
    stevemk14ebr commented #2278
  • Jan 20 18:15
    stevemk14ebr commented #2278
  • Jan 20 18:14
    stevemk14ebr commented #1908
  • Jan 20 15:49
    stevemk14ebr commented #2278
  • Jan 20 13:51
    mrexodia commented #2278
  • Jan 20 13:34
    mrexodia commented #2277
  • Jan 19 21:02
    stevemk14ebr commented #2278
  • Jan 19 20:59
    stevemk14ebr edited #2278
  • Jan 19 20:57
    mrexodia labeled #2278
  • Jan 19 20:57
    mrexodia commented #2278
  • Jan 19 20:37
    stevemk14ebr commented #2278
  • Jan 19 20:37
    stevemk14ebr commented #2278
  • Jan 19 20:37
    stevemk14ebr commented #2278
x64dbgbot
@x64dbgbot
<Antitrack> 64bits = 8 bytes
<Antitrack> RAX is fatter than your brain! :D
<levitanious> Also as the immediate operands for 64-bit operations only the signed 32-bit values are possible, with the only exception being the mov instruction with destination operand being 64-bit general purpose register. Trying to force the 64-bit immediate with any other instruction will cause an error.
<levitanious> ~_~ Stop abusing my sleepy brain
<levitanious> Will you
<Antitrack> hrhrhr
<levitanious> Use memory
<levitanious> Or stack
<levitanious> Actually stack works nice.
<levitanious> (by memory i meant heap)
<Antitrack> stackoverflow!
<levitanious> ...hic!*
<Antitrack> prost
<Antitrack> mov ah, al ; shr ax, 4
x64dbgbot
@x64dbgbot
<levitanious> Ohoho, tasty
<levitanious> 👌
x64dbgbot
@x64dbgbot
<levitanious> movabs rax, 0x0123456789abcdef; xor rax, rax
<levitanious> 😂! You wanted to cram it in, right? Let's cram it in all the way!
<levitanious> <highfives>
x64dbgbot
@x64dbgbot
<mrexodia> 😀
x64dbgbot
@x64dbgbot
<Jojo00182> Hi, is this the right place to ask a question?
x64dbgbot
@x64dbgbot
<mrexodia> Yea about x64dbg
x64dbgbot
@x64dbgbot
<Jojo00182> thx, i think i fixed it at least for one exe. When i load steam game into the debugger and let it run it says terminated "debugging stopped" but the game runs
x64dbgbot
@x64dbgbot
<Forlax> x64dbg can be scripted to auto add patches?
Cos there is nothing about that beside debugging stuffs in the documentations https://i.imgur.com/nBb9ndV.png
x64dbgbot
@x64dbgbot
<mrexodia> Put a steam_appid.txt next to the game with the correct appid (re @x64dbg_bot: <Jojo00182> thx, i think i fixed it at least for one exe. When i load steam game into the debugger and let it run it says terminated "debugging stopped" but the game runs)
<Forlax> mrexodia, is this possible with the current engine that x64dbg uses or it's not in there yet. Because I got no clue, I asked around and they sent me here.
<mrexodia> What are you trying to do?
x64dbgbot
@x64dbgbot
<Forlax> well to code a simple script that append some specific instructions in the nullbytes of modules, more of a codecaver
x64dbgbot
@x64dbgbot
<kofteror> Hey, can i add assembly lines in x64dbg?
<Atn> Add ?
<kofteror> Yup..
x64dbgbot
@x64dbgbot
<mrexodia> Some elaboration would be good. What do you mean with “add”? Like append to the executable? (re @kofteror: Hey, can i add assembly lines in x64dbg?)
<mrexodia> Sorry I forgot to answer. Check the “mov” instruction (re @x64dbg_bot: <Forlax> mrexodia, is this possible with the current engine that x64dbg uses or it's not in there yet. Because I got no clue, I asked around and they sent me here.)
<mrexodia> You can mov a byte pattern in a location
<mrexodia> And there is also a command to assemble
x64dbgbot
@x64dbgbot
<levitanious> @kofteror If you talk about inline assembly during debugging -- yes.
<levitanious> Right click on an opcode and then -- assemble. You can find code caves or make your own.
<levitanious> Then you just assemble whatever you want there and then patch to preserve changes.
<mrexodia> Also multimate assembler is a great plugin worth mentioning
x64dbgbot
@x64dbgbot
<billy-jon> there seems to be a bug relating to int3 bps and remapping. bps get to a point where the disassembly view does not show them as present, but the bp window says they are and enabled. when that happens, i cannot delete them, or enable/disable
<billy-jon> it seems like it has something to do with how bps are stored. if i create them after the remapping, im guessing that the debugger doesn't know to store them as relative to a particular module's base address and instead stores absolute addresses
<billy-jon> but if i restart the process and there now IS a module there, even though the literal address is unchanged, things bug out
x64dbgbot
@x64dbgbot
<mrexodia> Remapping?
<mrexodia> Breakpoints are stored as module+rva or if there is no module as an absolute address
x64dbgbot
@x64dbgbot
<billy-jon> sorry, i had been under the impression that you have looked at the blizzard anti debug stuff. they will remap the binary with CreateFile(), memcpy, MapViewOfFile() or some such thing to give SEC_NO_CHANGE to the whole binary. just like what is described here: https://github.com/changeofpace/Self-Remapping-Code
<billy-jon> incidentally it would be awesome if the db files for each program could be plaintext like json or something so i could go and remove those bps manually
<Nukem> they are plaintext/json if compression is disabled
<billy-jon> once the debugger encounters an int3 bp it doesnt expect to be there, i cant figure out how to get execution to continue
<billy-jon> oh look at that, thanks
x64dbgbot
@x64dbgbot
<billy-jon> okay so yeah the problematic bps seem to be ones that i created after the remap