Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Oct 16 23:08
    mrexodia commented #2764
  • Oct 16 23:08

    mrexodia on development

    Allow the user to mod backgroun… Merge pull request #2764 from t… (compare)

  • Oct 16 23:08
    mrexodia closed #2764
  • Oct 16 23:08

    mrexodia on development

    Add restart and stop debugging … Merge pull request #2763 from t… (compare)

  • Oct 16 23:08
    mrexodia closed #2763
  • Oct 16 23:07
    mrexodia commented #2730
  • Oct 16 23:07
    mrexodia commented #2730
  • Oct 16 15:06
    AppVeyorBot commented #2764
  • Oct 16 14:46
    torusrxxx opened #2764
  • Oct 15 15:32
    AndyWatterman commented #2749
  • Oct 15 15:30
    AndyWatterman commented #2749
  • Oct 15 14:33
    mrexodia commented #2763
  • Oct 15 14:15
    AppVeyorBot commented #2763
  • Oct 15 14:03
    torusrxxx commented #2730
  • Oct 15 13:55
    torusrxxx opened #2763
  • Oct 15 08:10
    mrexodia commented #2754
  • Oct 15 08:00
    mrexodia commented #2762
  • Oct 15 08:00

    mrexodia on development

    Fix some warnings Merge pull request #2762 from Z… (compare)

  • Oct 15 08:00
    mrexodia closed #2762
  • Oct 14 19:49
    mrexodia commented #2760
x64dbgbot
@x64dbgbot
<mrexodia> It might be worth checking the contents of the font
<mrexodia> maybe it's fixable
<mrexodia> btw @the_janitor I was very stupid and tried to reproduce and test your TitanEngine patch with GleeBug 🤦‍♂️
<mrexodia> I'll try to test again
x64dbgbot
@x64dbgbot
<the_janitor> sure np, let me know how it goes, or PM me
x64dbgbot
@x64dbgbot
<mrfearless> yeh could be a nice addition
<mrexodia> Created
x64dbgbot
@x64dbgbot
<SunBeam> @mrexodia (before sending me to the source code) how does the "Find references to:" -> "Address: <static>" feature work on x64?
<SunBeam> I know how to do it on x86, as it's just a simple bswap of the ptr bytes (DWORD)
<SunBeam> e.g.:
<SunBeam> am interested in an overview, not in-depth
x64dbgbot
@x64dbgbot
<SunBeam> mmmm
<SunBeam> cpp void MemoryMapView::findReferencesSlot() { auto base = getCellUserdata(getInitialSelection(), 0); auto size = getCellUserdata(getInitialSelection(), 1); DbgCmdExec(QString("reffindrange %1, %2, dis.sel()").arg(ToPtrString(base)).arg(ToPtrString(base + size))); emit showReferences(); }
<SunBeam> not cool, man, not cool 😄
<SunBeam> so I'd need a disassembler 😦
x64dbgbot
@x64dbgbot
<mrexodia> Hm? (re @x64dbg_bot: <SunBeam> not cool, man, not cool 😄)
x64dbgbot
@x64dbgbot
<SunBeam> x64 programs need to be disassembled, apparently 😦
<SunBeam> no other way due to variable length instructions and other crap
<SunBeam> was hoping to find some formula or some simplified code; but that dis.sel() kinda says it all
x64dbgbot
@x64dbgbot
<mrexodia> Simplified code to do what? It’s just passing the disassembly selection to the command
x64dbgbot
@x64dbgbot
<c0rt3x0> @mrexodia we will have any major update on x64dbg or st3p by step
<c0rt3x0> ???
<mrexodia> What kind of update are you looking for? (re @c0rt3x0: @mrexodia we will have any major update on x64dbg or st3p by step)
x64dbgbot
@x64dbgbot
<c0rt3x0> For the strings
<c0rt3x0> Specially
x64dbgbot
@x64dbgbot
<mrexodia> Pull requests with fixes are welcome
<mrexodia> Likely this is what caused the issue x64dbg/x64dbg#2482
x64dbgbot
@x64dbgbot
<SunBeam> hey, I already asked in the beginning of my quest what I was looking for
<SunBeam> you seem to fixate on some elements and get stranded there
<SunBeam> I asked for a simple METHOD to scan an entire executable for static executable code references of a (static) pointer
<SunBeam> then looked at the documentation for leads on how "Find references > Address: X" works
<SunBeam> then said "oh, so that's how it works; nothing simple" > imbricated high-level programming, function calling function calling function
<SunBeam> bottom line being you need to disassemble/dissect the executable to be able to start formulating a way in which to scan for mnemonics like "mov r64,[ptr]", "lea r64,[ptr]", etc. -- all possibilities
<SunBeam> if it's not something you can do with some pattern scanner or w.e., then just say "it's more complicated than that" instead of asking simple questions denoting you couldn't be arsed reading the entire story
<SunBeam> I event left 2 pictures showing what I'm looking for; I don't want to do it in x64dbg, I want to understand HOW IT WORKS 🙂
x64dbgbot
@x64dbgbot
<SunBeam> so I can think of reliable ways to scan, for example, a 500MB executable for a static -- [14556C8800] -- and I'd get in return lines with "mov rax,[14556C8800]", "lea rax,[14556C8800]", "mov [14556C8800],rax", etc.
<ThisIsLibra> This group is a gold mine for entitled requests
x64dbgbot
@x64dbgbot
<EvilSapphire> Dude just dump the pe with scylla and open it on ida or something to get the references. Ida has great cross reference detection
x64dbgbot
@x64dbgbot
<SunBeam> the intention here is not analysis of a file; it's coding a PROXY DLL that SCANS an entire PE of 500MB for a "mov rax,[addr]" reference
<SunBeam> and this - the scanning - happens when the process starts
<SunBeam> I cannot use some pattern to find it because it's a dynamic initializer function in initterm (it's run in TLS)
<SunBeam> then I can't use a hardcoded offset because when the game updates, bye bye offsetting.. the function will change offset/position in initterm tree most likely, this (the position) being determined by the compiler
<SunBeam> so then I thought "what if I find all references for the static address I need and filter/pick the one reference I want?"
<SunBeam> but as it turns out, doing this to find ANY possibility of a mnemonic involving that static address across the entire executable code space of the game will take an enormous amount of time to scan for; file's protected with Denuvo, which means Denuvo has moved all that exec code with length larger than 5 bytes to its gynormously allocated section
<SunBeam> exe is 500+MB 😄