Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Oct 16 23:08
    mrexodia commented #2764
  • Oct 16 23:08

    mrexodia on development

    Allow the user to mod backgroun… Merge pull request #2764 from t… (compare)

  • Oct 16 23:08
    mrexodia closed #2764
  • Oct 16 23:08

    mrexodia on development

    Add restart and stop debugging … Merge pull request #2763 from t… (compare)

  • Oct 16 23:08
    mrexodia closed #2763
  • Oct 16 23:07
    mrexodia commented #2730
  • Oct 16 23:07
    mrexodia commented #2730
  • Oct 16 15:06
    AppVeyorBot commented #2764
  • Oct 16 14:46
    torusrxxx opened #2764
  • Oct 15 15:32
    AndyWatterman commented #2749
  • Oct 15 15:30
    AndyWatterman commented #2749
  • Oct 15 14:33
    mrexodia commented #2763
  • Oct 15 14:15
    AppVeyorBot commented #2763
  • Oct 15 14:03
    torusrxxx commented #2730
  • Oct 15 13:55
    torusrxxx opened #2763
  • Oct 15 08:10
    mrexodia commented #2754
  • Oct 15 08:00
    mrexodia commented #2762
  • Oct 15 08:00

    mrexodia on development

    Fix some warnings Merge pull request #2762 from Z… (compare)

  • Oct 15 08:00
    mrexodia closed #2762
  • Oct 14 19:49
    mrexodia commented #2760
x64dbgbot
@x64dbgbot
<SunBeam> mmmm
<SunBeam> cpp void MemoryMapView::findReferencesSlot() { auto base = getCellUserdata(getInitialSelection(), 0); auto size = getCellUserdata(getInitialSelection(), 1); DbgCmdExec(QString("reffindrange %1, %2, dis.sel()").arg(ToPtrString(base)).arg(ToPtrString(base + size))); emit showReferences(); }
<SunBeam> not cool, man, not cool 😄
<SunBeam> so I'd need a disassembler 😦
x64dbgbot
@x64dbgbot
<mrexodia> Hm? (re @x64dbg_bot: <SunBeam> not cool, man, not cool 😄)
x64dbgbot
@x64dbgbot
<SunBeam> x64 programs need to be disassembled, apparently 😦
<SunBeam> no other way due to variable length instructions and other crap
<SunBeam> was hoping to find some formula or some simplified code; but that dis.sel() kinda says it all
x64dbgbot
@x64dbgbot
<mrexodia> Simplified code to do what? It’s just passing the disassembly selection to the command
x64dbgbot
@x64dbgbot
<c0rt3x0> @mrexodia we will have any major update on x64dbg or st3p by step
<c0rt3x0> ???
<mrexodia> What kind of update are you looking for? (re @c0rt3x0: @mrexodia we will have any major update on x64dbg or st3p by step)
x64dbgbot
@x64dbgbot
<c0rt3x0> For the strings
<c0rt3x0> Specially
x64dbgbot
@x64dbgbot
<mrexodia> Pull requests with fixes are welcome
<mrexodia> Likely this is what caused the issue x64dbg/x64dbg#2482
x64dbgbot
@x64dbgbot
<SunBeam> hey, I already asked in the beginning of my quest what I was looking for
<SunBeam> you seem to fixate on some elements and get stranded there
<SunBeam> I asked for a simple METHOD to scan an entire executable for static executable code references of a (static) pointer
<SunBeam> then looked at the documentation for leads on how "Find references > Address: X" works
<SunBeam> then said "oh, so that's how it works; nothing simple" > imbricated high-level programming, function calling function calling function
<SunBeam> bottom line being you need to disassemble/dissect the executable to be able to start formulating a way in which to scan for mnemonics like "mov r64,[ptr]", "lea r64,[ptr]", etc. -- all possibilities
<SunBeam> if it's not something you can do with some pattern scanner or w.e., then just say "it's more complicated than that" instead of asking simple questions denoting you couldn't be arsed reading the entire story
<SunBeam> I event left 2 pictures showing what I'm looking for; I don't want to do it in x64dbg, I want to understand HOW IT WORKS 🙂
x64dbgbot
@x64dbgbot
<SunBeam> so I can think of reliable ways to scan, for example, a 500MB executable for a static -- [14556C8800] -- and I'd get in return lines with "mov rax,[14556C8800]", "lea rax,[14556C8800]", "mov [14556C8800],rax", etc.
<ThisIsLibra> This group is a gold mine for entitled requests
x64dbgbot
@x64dbgbot
<EvilSapphire> Dude just dump the pe with scylla and open it on ida or something to get the references. Ida has great cross reference detection
x64dbgbot
@x64dbgbot
<SunBeam> the intention here is not analysis of a file; it's coding a PROXY DLL that SCANS an entire PE of 500MB for a "mov rax,[addr]" reference
<SunBeam> and this - the scanning - happens when the process starts
<SunBeam> I cannot use some pattern to find it because it's a dynamic initializer function in initterm (it's run in TLS)
<SunBeam> then I can't use a hardcoded offset because when the game updates, bye bye offsetting.. the function will change offset/position in initterm tree most likely, this (the position) being determined by the compiler
<SunBeam> so then I thought "what if I find all references for the static address I need and filter/pick the one reference I want?"
<SunBeam> but as it turns out, doing this to find ANY possibility of a mnemonic involving that static address across the entire executable code space of the game will take an enormous amount of time to scan for; file's protected with Denuvo, which means Denuvo has moved all that exec code with length larger than 5 bytes to its gynormously allocated section
<SunBeam> exe is 500+MB 😄
x64dbgbot
@x64dbgbot
<Matti> yes holy shit
<Matti> 'request' is putting it mildly
<SunBeam> k, hope it makes more sense now
x64dbgbot
@x64dbgbot
<mrexodia> ah this
<xuan2261> hello
<mrexodia> it just disassembles linearly and checks the operands
<xuan2261> Someone suggested this to me and I don't know what to do and where to start

<xuan2261> "VMP puts a fake native Layer and due to this you won't see any proper Runtime File in the memory because that is executed using the data available in vmp0 section.

Remove VMP by putting bp just before the execution call in x64dbg and you can Dump Runtime and Main EXE without VMP but as the vmp Section is removed so file won't start."

<xuan2261> Can someone guide me to follow the suggestions above?
x64dbgbot
@x64dbgbot
<raven224> you cannot strip off VMP LOL (re @x64dbg_bot: <xuan2261> i want remove VMP
https://cdn.discordapp.com/attachments/360907625837101067/888432334846701628/unknown.png)
<SWaNk> Well, you can but it is far from trivial... (re @raven224: you cannot strip off VMP LOL)
x64dbgbot
@x64dbgbot
<SWaNk> Unpack vmprotect is not an easy task
<raven224> yeah that what i meant.
i was talking regardless of the above steps he mentioned (re @SWaNk: Well, you can but it is far from trivial...)
<SWaNk> Yeah... way more steps than that lol... (re @raven224: yeah that what i meant.
i was talking regardless of the above steps he mentioned)