Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Oct 20 08:32
    mrexodia commented #2767
  • Oct 20 01:56
    KirkH420 opened #2767
  • Oct 20 01:56
    KirkH420 labeled #2767
  • Oct 16 23:08
    mrexodia commented #2764
  • Oct 16 23:08

    mrexodia on development

    Allow the user to mod backgroun… Merge pull request #2764 from t… (compare)

  • Oct 16 23:08
    mrexodia closed #2764
  • Oct 16 23:08

    mrexodia on development

    Add restart and stop debugging … Merge pull request #2763 from t… (compare)

  • Oct 16 23:08
    mrexodia closed #2763
  • Oct 16 23:07
    mrexodia commented #2730
  • Oct 16 23:07
    mrexodia commented #2730
  • Oct 16 15:06
    AppVeyorBot commented #2764
  • Oct 16 14:46
    torusrxxx opened #2764
  • Oct 15 15:32
    AndyWatterman commented #2749
  • Oct 15 15:30
    AndyWatterman commented #2749
  • Oct 15 14:33
    mrexodia commented #2763
  • Oct 15 14:15
    AppVeyorBot commented #2763
  • Oct 15 14:03
    torusrxxx commented #2730
  • Oct 15 13:55
    torusrxxx opened #2763
  • Oct 15 08:10
    mrexodia commented #2754
  • Oct 15 08:00
    mrexodia commented #2762
x64dbgbot
@x64dbgbot
<SunBeam> I event left 2 pictures showing what I'm looking for; I don't want to do it in x64dbg, I want to understand HOW IT WORKS 🙂
<SunBeam> so I can think of reliable ways to scan, for example, a 500MB executable for a static -- [14556C8800] -- and I'd get in return lines with "mov rax,[14556C8800]", "lea rax,[14556C8800]", "mov [14556C8800],rax", etc.
<ThisIsLibra> This group is a gold mine for entitled requests
x64dbgbot
@x64dbgbot
<EvilSapphire> Dude just dump the pe with scylla and open it on ida or something to get the references. Ida has great cross reference detection
x64dbgbot
@x64dbgbot
<SunBeam> the intention here is not analysis of a file; it's coding a PROXY DLL that SCANS an entire PE of 500MB for a "mov rax,[addr]" reference
<SunBeam> and this - the scanning - happens when the process starts
<SunBeam> I cannot use some pattern to find it because it's a dynamic initializer function in initterm (it's run in TLS)
<SunBeam> then I can't use a hardcoded offset because when the game updates, bye bye offsetting.. the function will change offset/position in initterm tree most likely, this (the position) being determined by the compiler
<SunBeam> so then I thought "what if I find all references for the static address I need and filter/pick the one reference I want?"
<SunBeam> but as it turns out, doing this to find ANY possibility of a mnemonic involving that static address across the entire executable code space of the game will take an enormous amount of time to scan for; file's protected with Denuvo, which means Denuvo has moved all that exec code with length larger than 5 bytes to its gynormously allocated section
<SunBeam> exe is 500+MB 😄
x64dbgbot
@x64dbgbot
<Matti> yes holy shit
<Matti> 'request' is putting it mildly
<SunBeam> k, hope it makes more sense now
x64dbgbot
@x64dbgbot
<mrexodia> ah this
<xuan2261> hello
<mrexodia> it just disassembles linearly and checks the operands
<xuan2261> Someone suggested this to me and I don't know what to do and where to start

<xuan2261> "VMP puts a fake native Layer and due to this you won't see any proper Runtime File in the memory because that is executed using the data available in vmp0 section.

Remove VMP by putting bp just before the execution call in x64dbg and you can Dump Runtime and Main EXE without VMP but as the vmp Section is removed so file won't start."

<xuan2261> Can someone guide me to follow the suggestions above?
x64dbgbot
@x64dbgbot
<raven224> you cannot strip off VMP LOL (re @x64dbg_bot: <xuan2261> i want remove VMP
https://cdn.discordapp.com/attachments/360907625837101067/888432334846701628/unknown.png)
<SWaNk> Well, you can but it is far from trivial... (re @raven224: you cannot strip off VMP LOL)
x64dbgbot
@x64dbgbot
<SWaNk> Unpack vmprotect is not an easy task
<raven224> yeah that what i meant.
i was talking regardless of the above steps he mentioned (re @SWaNk: Well, you can but it is far from trivial...)
<SWaNk> Yeah... way more steps than that lol... (re @raven224: yeah that what i meant.
i was talking regardless of the above steps he mentioned)
<raven224> Need to understand the Virtual machine first over those obfuscation/mutations.
<SWaNk> Right Click protector line in DIE and hit del... Easy like that 😂👍
<SWaNk> Yeah... not trivial (re @raven224: Need to understand the Virtual machine first over those obfuscation/mutations.)
<raven224> Haha that'd much easier (re @SWaNk: Right Click protector line in DIE and hit del... Easy like that 😂👍)
x64dbgbot
@x64dbgbot
<Quame> I need ramsonware
x64dbgbot
@x64dbgbot
<lpcvoid> What is happening
x64dbgbot
@x64dbgbot
<reliatnh> Chat link was shared in theme related chat (re @lpcvoid: What is happening)
<Yogesh> Mobile password thod na Sikhs do
x64dbgbot
@x64dbgbot
<mrfearless> @SunBeam - could be sorta related to your query earlier about pattern matching, includes article link at bottom about that: https://forum.reverse4you.org/t/idapatternsearch-adds-a-capability-of-finding-functions-according-to-bit-patterns/17209
x64dbgbot
@x64dbgbot
<SunBeam> thanks, will have a look!
x64dbgbot
@x64dbgbot
<gurnay> hello friends, I have been trying for days to remove a watermark to a printing program ek print. can someone help me?
x64dbgbot
@x64dbgbot
<mrexodia> Which one? (re @reliatnh: Chat link was shared in theme related chat)
x64dbgbot
@x64dbgbot
<reliatnh> https://t.me/reverseengineeringz (re @mrexodia: Which one?)
x64dbgbot
@x64dbgbot
<mrexodia> Nice, thanks! (re @reliatnh: https://t.me/reverseengineeringz)
Torusrxxx
@torusrxxx
@mrexodia
x64dbgbot
@x64dbgbot
<mrexodia> Sup? (re @x64dbg_bot: <torusrxxx> @mrexodia)
Torusrxxx
@torusrxxx
Torusrxxx
@torusrxxx
The forums seem dead
x64dbgbot
@x64dbgbot
<mrexodia> Yeah it’s Twitter (re @x64dbg_bot: <torusrxxx> The forums seem dead)
<mrexodia> I’m not really using it often to make announcements
<mrexodia> Any big features I missed?
x64dbgbot
@x64dbgbot
<Üzgün> When we open an exe file with x32dbg, how can I search for patterns in the .data section with the command? (re @mrexodia: Sup?)