All Questions
Tagged with x64dbg disassembly
15
questions
3
votes
1
answer
971
views
x64dbg: is there a way to save the complete disassembly of a module to a text file?
Is it possible to save the complete disassembly / listing to a file, and if so, how can it be done?
- 187
1
vote
0
answers
426
views
x64dbg placing a on write breakpoint on a dynamic allocated address
I am currently trying to reverse the registration scheme of a crackme. I found the jump instruction that decides if the title of the program says “registered” or “unregistered” by simply searching for ...
- 11
2
votes
1
answer
476
views
Instructions to compare two strings
I made a list of which instructions compare two strings in disassembly so that when I get to intermodular calls in x64dbg, I can simply type this instructions to see if there is a comparison have been ...
1
vote
1
answer
807
views
A tutorial or docs to unpack a custom packed PE
I am facing an odd situation. I have a licensed game that's doing odd actions on the system. I isolated it as I could and observed the behavior both network and so forth, and I suspect it's a custom-...
- 11
1
vote
3
answers
1k
views
x64dbg Crash on Dynamic Debugging Remove Anti-Debugging Protection
I am trying to run Dynamic code analysis using x64dbg for Windows 64 bit executable. I install the anti-debugging plugin for x64dbg from https://github.com/x64dbg/ScyllaHide. I still find the ...
0
votes
1
answer
8k
views
How to use memory address information from IDAFree to set a breakpoint in x32dbg?
I have a DLL paused at EntryPoint in x32dbg. I am interested in examining memory following a specific API call that this DLL makes. I found the API call in the imports section when I open the DLL in ...
- 233
2
votes
1
answer
1k
views
How to navigate Disassembly view to the current instruction location?
I'm using x32dbg and I've set a hardware memory breakpoint. It triggers successfully for a specified module and the debugger pauses and a message on the bottom says:
Hardware breakpoint (byte, read/...
- 123
2
votes
2
answers
692
views
Find a instruction in a binary file (PE) based on a virtual address of a string reference
English is not my first language, so I'm sorry if my text isn't so clear.
I'm trying to program an automatic patcher for a PE binary that should work for multiple versions of this executable. For ...
- 23
1
vote
2
answers
2k
views
Difference between 32 bit and 64 bit disassemblers
As far as my level of understanding goes, the only difference between a 32 bit and 64 bit disassembler is that the produced assembler-code of a 32 bit disassembler is only using 32 bit assembly ...
- 15
1
vote
1
answer
199
views
What is the ending bytes in the MOV instruction in 32 bit applications in windows? (B8 mov)
So i just compared NTterminateProcess between 32 and 64 bit version of a program, and the mov instruction which moves the syscall into eax is almost the same, both 5 byte, (both the B8 mov) but the ...
- 518
0
votes
1
answer
1k
views
What does ds mean?
When debugging with x64dbg I sometimes see mov ss:[address] 0xAA, I know that this means: move 0xAA into memory at specified address.
But what does
mov ds:[address] 0xAA
mean?
- 113
1
vote
1
answer
1k
views
Trace back function call
I'm learning reverse engineering and I'm trying to find where an error message is called.
I want to get in the part of the code, in the main module, where it decides to display the error message or ...
1
vote
1
answer
820
views
identifying function prototype from dll
I have an exe file and a dll file. This exe file uses the dll to decode input file. This exe file is gui based and does not support command line execution.
So my requirement is to create a program ...
- 13
5
votes
2
answers
10k
views
Tracing function calls in x64dbg
I'm new with x64dbg and want to know if there is any way to get the trace of a functions inside a module?
I've used trace over option, but basically it just traces all the insturctions but doesn't "...
- 203
5
votes
1
answer
2k
views
How does this EB F2 x86 instruction work?
In the following code snippet, the EB F2 instruction is causing execution to jump back up to the line indicated by the arrow. How is this the case given that there is no address supplied to EB and the ...
- 1,880