<mrfearless> I imagine you could do it in a plugin, have breakpoints on VirtualAlloc - either manually or from the plugin itself perhaps. Then when breakpoint is triggered, plugin can check if it was for VirtualAlloc call, (determine length of alloc and store that) then it can single step, collect the value in eax, check its not null, then dump to file based on debuggee name + concat of "_dump"+ dumpNo for the length of the alloc
<exploit1337> Which script I should check to get help?
<exploit1337> So with xAnalyzer can i get exact argument values ?
<exploit1337> Only constants are shown
<Gdhkeix> Hi all! Im facing some problem on arm based Win11 with x64 emulation. For example if im injecting simple code to x64 process like int 3 mov rbp, 0x11223344 nop so when i hit first bp and step then mov instruction i see 0x11223344 in rbp, but when i step to nop rbp becomes zero (rbp == 0)!!! Is it binary translation bug? Thnx in advance