Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 13:39
    wasd845 commented #2886
  • 13:34
    wasd845 commented #2986
  • 10:51

    mrexodia on development

    Add line prefix for ASM-Style h… Simplify the formatting code Merge pull request #2986 from w… (compare)

  • 10:51
    mrexodia closed #2986
  • 10:51
    mrexodia commented #2986
  • 10:50
    mrexodia synchronize #2986
  • 00:26

    mrexodia on development

    Align the section size by page … Fix the highlighting of the CIP… (compare)

  • 00:19
    mrexodia labeled #2967
  • 00:19
    mrexodia labeled #2979
  • 00:19
    mrexodia labeled #2979
  • 00:18
    mrexodia commented #2979
  • 00:18
    mrexodia closed #2980
  • 00:18
    mrexodia commented #2980
  • 00:16
    mrexodia closed #2984
  • 00:16
    mrexodia commented #2984
  • 00:09
    mrexodia closed #2985
  • 00:09
    mrexodia commented #2985
  • Dec 01 12:53
    AppVeyorBot commented #2986
  • Dec 01 12:37
    wasd845 commented #2886
  • Dec 01 12:33
    wasd845 opened #2986
x64dbgbot
@x64dbgbot
<mrfearless> thanks
<mrfearless> might also depend on how the pdb was created - since newer versions of studio do things differently, mainly for its own debugging support (re @x64dbg_bot: <santaclos> i tried to debug with src and pdb in the same folder but the source tab is still empty. I'm trying to find a video on youtube
https://cdn.discordapp.com/attachments/360907625837101067/993221636335599676/unknown.png)
x64dbgbot
@x64dbgbot
<santaclos> okk thanks for the info i'll try with different settings since i'm still not seeing the source code
<mrfearless> i think turn off whole program optimization thing as i believe having that puts in dependancy for a c1.dll file that is used with debugging in the visual studio stuff. And change the C/C++->General->Debug Information Format to just Program Database (Zi)
<mrfearless> then C/C++->Code Generation->Runtime Library - might have to change that as well - depends on your project. At a guess i would try Multi-threaded Debug (/MTd)
<mrfearless> check Librarian or Linker command line to see if its showing that /FASTDEBUG or something like that, it wont create the pdb that x64dbg can use from what i understand, so thats a quick way of checking that.
x64dbgbot
@x64dbgbot
<mrfearless> Yes the linker->Debugging->Generate Debug Info should be set to Generate Debug information (/DEBUG)
<mrfearless> and not the /DEBUG:FASTLINK or /DEBUG:FULL options
<mrfearless> Advanced you can set Randomized Base Address to /DYNAMICBASE:NO
<mrfearless> for your source coding
<mrfearless> if release then perhaps you want that
x64dbgbot
@x64dbgbot
<santaclos> tried but still not working
<santaclos> x64dbg/x64dbg#2264
i'll follow this later and see if that works
<santaclos> thanks for your help
<mrfearless> no worries, hope that helps
x64dbgbot
@x64dbgbot
<mrfearless> if its a simple program you can always zip it up and i can take a look. no promises tho that i will fix it, but no harm either
<mrfearless> could try moving the exe and the pdb into the src folder as well just on the offhand chance it works better there
x64dbgbot
@x64dbgbot
<brigadir15> /FASTDEBUG
x64dbgbot
@x64dbgbot
<mrexodia> hey tami
x64dbgbot
@x64dbgbot
<mrexodia> @nw you around?
<mrexodia> x64dbg/x64dbg#2902 I think this would be a cool feature
<mrexodia> maybe the API needs some extending though
x64dbgbot
@x64dbgbot
<albertsjohnson> Is there a plugin that can trace certain values?
<albertsjohnson> For example, when F9 is pressed, if a certain value, such as "MyPassword" appears in the memory, the app stops
x64dbgbot
@x64dbgbot
<Dmitriy_Karbovskiy> How do you expect it to work? Scan the whole virtual memory all the time? Place breakpoints on everything?
<Dmitriy_Karbovskiy> It seems doable for a known small region, but not the whole memory.
<Dmitriy_Karbovskiy> Actually.
<Dmitriy_Karbovskiy> It might be possible with a bit of context.
<Dmitriy_Karbovskiy> Since you are expecting a string, you may want to hook string functions of whatever library/language your program is built upon.
<Dmitriy_Karbovskiy> If you expect a password, it will probably be loaded from file or typed via keyboard. Might as well check that.
x64dbgbot
@x64dbgbot
<Dmitriy_Karbovskiy> x64dbg shows the list of used libraries and imported functions.
<Dmitriy_Karbovskiy> You may want to start from that. The rest depends on your case.
<albertsjohnson> When app runs, current values are shown on the comment region
<albertsjohnson> is it possible to write a plugin to search for these values in a real time?
<albertsjohnson> or just compare each of these values to the target string
<albertsjohnson> and if they are matched, then stop
x64dbgbot
@x64dbgbot
<albertsjohnson> it will be very helpful if some plugins can do that
x64dbgbot
@x64dbgbot
<Dmitriy_Karbovskiy> You'll need to repeatedly scan the memory.
That's no good and extremely, I mean extremely slow.
<Dmitriy_Karbovskiy> I am no expert in x64dbg though.
Neither I know how to write plugins for that.
<Dmitriy_Karbovskiy> I would recommend to only scan pages with R/RW rights or something.
Scan the stack, scan the heap, skip import, exports and read-only constants (skip .idata, .edata, .reloc, .rdata, .bss and other useless sections)
x64dbgbot
@x64dbgbot
<Dmitriy_Karbovskiy> You probably only want to scan dynamic memory. If it's Windows we're talking about, you can enumerate heaps and thread, therefore you might be able to find their stacks.
<albertsjohnson> I found some plugins
<albertsjohnson> maybe they are helpful
<albertsjohnson> thank you
x64dbgbot
@x64dbgbot
<Dmitriy_Karbovskiy> Good luck.
x64dbgbot
@x64dbgbot
<Rhyle12> Hi
Please tell me how to crack the ex4 file through x32dbg
Thanks in advance
x64dbgbot
@x64dbgbot
<gmh5225> Yes. I am
Do you think it makes sense to add this feature within the X64DBG
Or still only available as a plugin
x64dbgbot
@x64dbgbot
<mrexodia> I would say to start with only a plugin. The feature seems kinda niche and adding it to x64dbg itself would be a maintenance burden I think
x64dbgbot
@x64dbgbot
<gmh5225> OK. I see
x64dbgbot
@x64dbgbot
<Atn> @SunBeam are u around ?