Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Aug 16 14:50
    Tzvisapp commented #1861
  • Aug 16 11:44
    lyshark edited #2921
  • Aug 16 11:35
    lyshark edited #2921
  • Aug 13 23:16
    mrexodia commented #2926
  • Aug 13 22:19
    MaxBayne commented #2926
  • Aug 13 21:10
    mrexodia closed #2926
  • Aug 13 20:22
    mrfearless commented #2926
  • Aug 13 20:13
    MaxBayne opened #2926
  • Aug 13 20:13
    MaxBayne labeled #2926
  • Aug 13 15:06
    mrexodia labeled #2925
  • Aug 13 15:06
    mrexodia unlabeled #2925
  • Aug 13 15:06
    mrexodia labeled #2925
  • Aug 13 15:06
    mrexodia commented #2925
  • Aug 13 14:56
    ScyllaHide labeled #2925
  • Aug 13 14:56
    ScyllaHide opened #2925
  • Aug 10 17:58
    mrexodia closed #2924
  • Aug 10 17:58
    mrexodia commented #2924
  • Aug 10 17:39
    ELF-EXELABRU opened #2924
  • Aug 10 17:39
    ELF-EXELABRU labeled #2924
  • Aug 10 17:14
    moeray commented #2923
x64dbgbot
@x64dbgbot
<mrfearless> I imagine you could do it in a plugin, have breakpoints on VirtualAlloc - either manually or from the plugin itself perhaps. Then when breakpoint is triggered, plugin can check if it was for VirtualAlloc call, (determine length of alloc and store that) then it can single step, collect the value in eax, check its not null, then dump to file based on debuggee name + concat of "_dump"+ dumpNo for the length of the alloc
x64dbgbot
@x64dbgbot
<exploit1337> Thx , the issue is that there are about 200+ calls of virtualalloc and I need at least to check them at dump view to see the headers that interests me (re @mrfearless: https://twitter.com/IntezerLabs/status/1467842258653245445?s=20)
x64dbgbot
@x64dbgbot
<exploit1337> Which script I should check to get help?
x64dbgbot
@x64dbgbot
<exploit1337> So with xAnalyzer can i get exact argument values ?
<exploit1337> Only constants are shown
x64dbgbot
@x64dbgbot
<Gdhkeix> Hi all!
Im facing some problem on arm based Win11 with x64 emulation. For example if im injecting simple code to x64 process like
int 3
mov rbp, 0x11223344
nop
so when i hit first bp and step then mov instruction i see 0x11223344 in rbp, but when i step to nop rbp becomes zero (rbp == 0)!!! Is it binary translation bug?
Thnx in advance
x64dbgbot
@x64dbgbot
<Dimy> Hello guys, I feel like I'm missing something dumb but how can I log an adress relative to the module's base adresse ?
I tried the following but it only gives me some "???" in the log when opened with a text editor
https://cdn.discordapp.com/attachments/360907625837101067/917792764148727839/unknown.png
<Dimy> I tried to put the whole expression between{} so it gets evaluated but it doesn't work unfortunately, I'm probably missing something dumb
x64dbgbot
@x64dbgbot
<Rainb0wCodes_484> some apps doesnt show up
<Rainb0wCodes_484> such as Minecraft.Windows.exe
<Rainb0wCodes_484> only the applicationframehost is there
<Rainb0wCodes_484> i am running as administrator
<mrexodia> program:0 is already the base
<mrexodia> but yeah looks like a bug
x64dbgbot
@x64dbgbot
<Dimy> Oh got it thanks !
x64dbgbot
@x64dbgbot
<Diacaprio> How to extract source code of application using this
<lpcvoid> You can't
x64dbgbot
@x64dbgbot
<Diacaprio> Oh ok how can we do it
<Diacaprio> Any other options
x64dbgbot
@x64dbgbot
<GroupAnonymousBot> You can’t - and you can’t decompile application with x64dbg if that’s the question. (re @Diacaprio: Any other options)
x64dbgbot
@x64dbgbot
<kaens> You can't, full stop
You can pretend to have done that using decompilers but w
x64dbgbot
@x64dbgbot
<Yakov5776> With enough effort, decompiling could be enough to reconstruct the source and compile
x64dbgbot
@x64dbgbot
<c0rt3x0> @mrexodia I pm u Tuts4you for the name
x64dbgbot
@x64dbgbot
<mrexodia> ? (re @c0rt3x0: @mrexodia I pm u Tuts4you for the name)
<mrexodia> Read the rules
<c0rt3x0> Yes sorry my mistacke
<kaens> Compilers optimise; that alone makes it impossible to get the exact source, not to mention all the formatting and comments which are sometimes http://uguu.org/sources.html :)
<kaens> @Yakov5776
<Yakov5776> Oh I know
x64dbgbot
@x64dbgbot
<Yakov5776> But once you get to the stage where you can compile, the rest is fun
<kaens> I'd say if the goal is to "extract the source" that's nothing but fun... If you wanna analyse or patch, you can analyse or patch assembly and binary
x64dbgbot
@x64dbgbot
<big steppa> im dragging my exe to my x64dbg application but nothing happens
<big steppa> but it works with other files i tried on a dll but havent tried on another exe though
x64dbgbot
@x64dbgbot
<c0rt3x0> did you tried to attach it ?
x64dbgbot
@x64dbgbot
<big steppa> got it working now
<big steppa> i just had to launch the 32 bit version of x64dbg
x64dbgbot
@x64dbgbot
<Ismando> How do I do reverse engineering protected .pdc?
x64dbgbot
@x64dbgbot
<Jim Colerick> What is pdc
x64dbgbot
@x64dbgbot
<Ismando> it is protected PDF that is coded with different sofware. It will not let you screenshoot (re @x64dbg_bot: <Jim Colerick> What is pdc)
<Ismando> It has an extention of .pdc
<GroupAnonymousBot> Ok how is this related to x64dbg? (re @Ismando: It has an extention of .pdc)
<GroupAnonymousBot> ^ (re @mrexodia: Official x64dbg group chat.
Rules:
<Ismando> no Idea
<GroupAnonymousBot> Ok then it’s off topic
<Ismando> I swaw your youtube
<Ismando> I am not a coder