All Questions
42
questions
0
votes
0
answers
47
views
How to get which Tedit is referenced when retrieving text
Reversing a borland builder 6 application, I came across this function: @Controls@TControl@GetText$qqrv
Now, the two parameters for the function are:
LEA param_2=>local_8,[EBP + -0x4]
MOV param_1,...
- 1
3
votes
1
answer
99
views
How can I set up a conditional breakpoint for the CreateFileW function for when a specific file/path is read in x64dbg?
I'm currently debugging a program using x64dbg, and I'm struggling to set up a conditional breakpoint on the CreateFileW function:
HANDLE CreateFileW(
[in] LPCWSTR lpFileName,...
- 85
0
votes
0
answers
48
views
Why a breakpoint works in x64dbg but not in IDA?
I've spent all morning trying to find a solution to debug with IDA the same function I'm debugging in x64dbg.
In x64dbg, I just go to Symbols -> ws2_32.dll -> WSARecvFrom -> F2 (set ...
- 161
0
votes
2
answers
145
views
How can I debug if the program closes directly?
I'm trying to debug a game and it's closing under few circumstances:
When debugging (solved by hooking IsDebuggerPresent to return false when called by the game)
When setting a memory/hardware ...
- 161
0
votes
0
answers
40
views
How can I find the part of cmd.exe that processes windows batch commands before they're executed?
I'm able to find the ReadConsoleInputW commands for pause and reading input for commands but I'm unable to find the actual processing of the commands. I'm using x64dbg but I'm fairly new to Reverse ...
0
votes
0
answers
40
views
how to set a BP on button in SunAwtCanvas in x96dbg
I'm trying to debug a program in x96dbg that I think this is written in Matlab. There is no string related to buttons or something interesting. Then I go to Handles tab to find buttons and set break ...
- 1
0
votes
0
answers
221
views
Need Help Cracking a Program
So I've got this .exe that I want to crack. It's an old management system for people in truck loading business.
I kind of understand what's happening with window API calls but I'm unable to access the ...
1
vote
2
answers
556
views
How can I jump to the start/end of a function in x64dbg?
I'm currently debugging a program using x64dbg, and I'm wondering how to quickly jump to the start or end (prologue/epilogue) of a function while I'm in the middle of it. I couldn't find this ...
- 85
4
votes
2
answers
291
views
Malware analysis - Debugger hangs at HttpSendRequestA
I'm reverse engineering a malware that at some point tries to connect to http://api.ipify.org in order to get the IP address of the infected PC.
I was able to replicate this behaviour with a small ...
- 308
2
votes
1
answer
435
views
xdbg64 Unable to find string.. Need help cracking a program
Ive been trying to crack my friends program for quite some time. He gave me permission and we are trying to see if his mod menu is ready to hit the market. Ive watched a couple youtube videos and I am ...
- 21
5
votes
0
answers
636
views
Comparison of Windows Debuggers
I have some experience reverse engineering ELF files using tools like GDB, radare2, and Ghidra, but I am new to Windows debugging. There are quite a few different debuggers out there for Windows and ...
- 161
-1
votes
1
answer
177
views
Anti-patching checksum [closed]
I'm busy with debugging a program in x64dbg and it has some kind of anti-patching mechanism so can someone please advise me on how I would go about finding the functions which are calculating the ...
- 49
2
votes
0
answers
333
views
Find caller function by DLL loading in x64dbg
First of all I'm noob at debugging task and I'm try to self-study to learn how to debug exe using x64dbg.
I have EXE file packed by themida. i bypassed themida packing using themida plugin in x64dbg....
2
votes
1
answer
476
views
Instructions to compare two strings
I made a list of which instructions compare two strings in disassembly so that when I get to intermodular calls in x64dbg, I can simply type this instructions to see if there is a comparison have been ...
2
votes
0
answers
400
views
Strange exception thrown while debugging in Win10, but not Win7
I am disassembling a legacy 32-bit (x86) application using IDA Home (7.6) (for x86 disassembly) in a 64-bit Windows 10 environment running in a virtual machine (VMWare Fusion for Mac). The application ...
- 121