Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Feb 18 14:47
    jarmovanlenthe closed #2250
  • Feb 18 14:47
    jarmovanlenthe commented #2250
  • Feb 18 13:37
    sage444 opened #2295
  • Feb 17 11:34
    mrexodia closed #2265
  • Feb 17 11:34
    mrexodia commented #2265
  • Feb 17 11:33
    HassanSajjad-302 commented #2265
  • Feb 16 09:25
    mrexodia commented #2265
  • Feb 16 00:35
    HassanSajjad-302 commented #2265
  • Feb 14 15:18
    AbedKarmi closed #2291
  • Feb 14 15:18
    AbedKarmi commented #2291
  • Feb 14 14:58
    mrexodia commented #2291
  • Feb 14 14:35
    AbedKarmi commented #2291
  • Feb 14 13:55
    mrexodia closed #2293
  • Feb 14 13:55
    mrexodia commented #2293
  • Feb 14 13:55
    mrexodia labeled #2293
  • Feb 14 13:52
    mrexodia commented #2265
  • Feb 14 13:48
    mrexodia commented #2294
  • Feb 14 13:47
    mrexodia labeled #2294
  • Feb 14 13:47
    mrexodia labeled #2294
  • Feb 14 13:33
    thatcashcow opened #2294
x64dbgbot
@x64dbgbot
<billy-jon> if i allow the app to execute until the remap happens, and use the ForcePageProtection plugin, i can disable, but not enable the bp. when i try to re-enable the bp in this case it says: Could not enable breakpoint <address> (SetBPX)
x64dbgbot
@x64dbgbot
<billy-jon> it seems like there is some kind of sanity check on whether an int3 is due to a bp created by the debugger, and that sanity check does not support remapped code. something like this: "is_my_int3(ea) { if is_in_module(ea) and rva_bp_exists(ea_to_rva(ea)) { return true; } else if abs_bp_exists(ea) { return true; } else { return false; }"
<billy-jon> but probably when the bp is first applied it should remember the ea and check against that later on
x64dbgbot
@x64dbgbot
<mrexodia> Did you try using a virtual module? (re @x64dbg_bot: <billy-jon> okay so yeah the problematic bps seem to be ones that i created after the remap)
x64dbgbot
@x64dbgbot
This message was deleted
x64dbgbot
@x64dbgbot
<billy-jon> mrexodia, no i dont think i knew that x64dbg could do that
<mrexodia> “Can do that” haha
<mrexodia> More like kinda can do it maybe
x64dbgbot
@x64dbgbot
<Nukem> quality 👏 software 👏
x64dbgbot
@x64dbgbot
<levitanious> (free and open-source, tho)
<levitanious> (also pretty badass)
<levitanious> A wise old man once said: "You make a punchline of what i cannot do and berate me for what i can... send, patches young one!" 😂
<kaens> People would even berate the wise men :<
x64dbgbot
@x64dbgbot
<levitanious> I mean, i'm no wise man and i guess the old man was clearly trying to make it into reddit's fp at a time
<levitanious> But the idea! That matters.
<levitanious> <attempt at humour, badum-tsss>
<kaens> A wisecracker is one who can make em patches, amirite?
<Nukem> lol
<kaens> Wish I could chat to the Chinese community. Keep seeing so many weird protections for minor engines
x64dbgbot
@x64dbgbot
<billy-jon> im not making jokes about it. i just didnt know it could.
x64dbgbot
@x64dbgbot
<shepz> Hi, who know StrongOD where can buy ? :)
x64dbgbot
@x64dbgbot
<shepz> who have plugin or bypass vmprotect on x64 ( ScyllaHide dont work on my file ) PM
<mrexodia> Just read the ScyllaHide issues or use titanhide
x64dbgbot
@x64dbgbot
<hans_> wonders how to check if one is banned from a github issue tracker or not
x64dbgbot
@x64dbgbot
<hans__> any idea if TitanHide constantly has an open handle to C:\TitanHide.log or if it's just opened when it needs to be?
<hans__> nvm, it's the latter
x64dbgbot
@x64dbgbot
<firelegend> Does x64dbg implement mem bp on execution via PAGE_GUARD or removing the PAGE_EXECUTE_READWRITE flag?
<firelegend> I was grepping through thecode to figure that out.
x64dbgbot
@x64dbgbot
<levitanious> Have you tried opening the x64dbg itself and going to breakpoints tab?
<levitanious> There's conditional breakpoints context menu.
<levitanious> Maybe it has what you're looking for.
<ARCHANGEL_ahteam> Why do you need this info? (re @x64dbg_bot: <firelegend> Does x64dbg implement mem bp on execution via PAGE_GUARD or removing the PAGE_EXECUTE_READWRITE flag?)
x64dbgbot
@x64dbgbot
<firelegend> Just writing my own memory tracer tool for a project.
<ARCHANGEL_ahteam> Use page guard, it will work
<firelegend> I have a protection that doesn't like int3 bps and HW bps so I have to rely on mem bp
x64dbgbot
@x64dbgbot
<ARCHANGEL_ahteam> Use PAGE_GUARD
<firelegend> thanks
x64dbgbot
@x64dbgbot
<levitanious> You can always use UD2 bps, no? :D
<ARCHANGEL_ahteam> What type of protection are we talking about?
x64dbgbot
@x64dbgbot
<firelegend> @levitanious, not really, already used by the protection + code checks on 25k locations
<firelegend> 25k that I statically identified
<ARCHANGEL_ahteam> Does this protection have a name?
<levitanious> Have you identified the thing you're going up against? :D
x64dbgbot
@x64dbgbot
<mrexodia> GleeBug implements this (re @x64dbg_bot: <firelegend> Does x64dbg implement mem bp on execution via PAGE_GUARD or removing the PAGE_EXECUTE_READWRITE flag?)
<mrexodia> My guess it’s Blizzard stuff, overwatch perhaps? (re @ARCHANGEL_ahteam: Does this protection have a name?)
<ARCHANGEL_ahteam> Never met this stuff, but thank you (re @mrexodia: My guess it’s Blizzard stuff, overwatch perhaps?)
x64dbgbot
@x64dbgbot
<levitanious> There are whole toolkits to clean off overwatch proto, github to the rescue.
x64dbgbot
@x64dbgbot
<mrexodia> For hwbp you can do a semi-generic bypass by hooking the exception dispatcher and rtlrestorecontext (re @x64dbg_bot: <firelegend> I have a protection that doesn't like int3 bps and HW bps so I have to rely on mem bp)
<mrexodia> Remove hwbp on dispatch and restore in restorcontext
x64dbgbot
@x64dbgbot
<billy-jon> is there a way to suppress logging of first chance exceptions (even if its only ones i have configured the debugger to pass)?