Skip to main content
Reverse Engineering

All Questions

Ask Question
Tagged with
8 questions
Newest Active Bountied Unanswered
3 votes
0 answers
501 views

Anti Dumping Techniques (C++)

how would I go about blocking Memory Dumps by corrupting the PE Header or blocking the Debugger to get an Handle? I tried this already but it didnt work. Scylla could still dump it fine.
Heinz Josef's user avatar
Heinz Josef
  • 31
0 votes
1 answer
6k views

In x64dbg, how to set software breakpoint on specific memory address?

This is something I know how to do in Olly Debugger, and can't figure out how to do in x64dbg. In Olly Debugger, it's possible to set a hardware or software breakpoint, either on access or on write, ...
tomysshadow's user avatar
tomysshadow
  • 137
0 votes
1 answer
8k views

How to use memory address information from IDAFree to set a breakpoint in x32dbg?

I have a DLL paused at EntryPoint in x32dbg. I am interested in examining memory following a specific API call that this DLL makes. I found the API call in the imports section when I open the DLL in ...
learnerX's user avatar
learnerX
  • 233
2 votes
1 answer
842 views

What's the fastest way to set a breakpoint when a value I know gets written in memory, if the memory address is different each time due to ASLR?

I have a 64bit exe I'm debugging with x64dbg. I'm searching for a specfic string value myvalue that sits encrypted somewhere in the exe (so, searching for myvalue at the beginning returns nothing). ...
Saturnix's user avatar
Saturnix
  • 151
2 votes
1 answer
3k views

Does x64dbg display the whole memory info even for a simple program opened?

I'm very new in software reverse engineering. I created a very simple c program using Visual Studio and the code is listed below. #include <stdio.h> void main() { int x, y, z; while(...
Just a learner's user avatar
Just a learner
  • 177
1 vote
1 answer
2k views

Is it possible to set breakpoints relatively to the memory block in x64dbg or a similar debugger?

Some of my breakpoints perfectly survive multiple restarts. But many interesting parts of the code I am debugging have different locations in memory after a restart. It seems the reason is, that the ...
Maurice Döpke's user avatar
Maurice Döpke
  • 150
3 votes
1 answer
4k views

Find what writes to a dynamic memory address

I am looking at some code using x64dbg and found the assembly code that writes to a certain block of memory: dword ptr [rdx + 0x18]. And changing this space in the dump has an output that I am looking ...
Seen Green's user avatar
Seen Green
  • 31
1 vote
0 answers
1k views

Find memory mapped file with x64dbg

I have 64 bit process I want to debug with x64dbg. There is memory mapped file, I found with help of Process Explorer. Properties windows says: Type: Section Description: A memory mapped file or ...
Zergatul's user avatar
Zergatul
  • 111