All Questions
8
questions
0
votes
0
answers
42
views
Exe self-modifies strings searched in debugger
I'm studying a Windows binary file and while searching for some string I noticed the EXE modifies the searched string, e.g., if I search "This is a string", it's modified to "his is a ...
- 1
3
votes
1
answer
787
views
Locating function parameters in x32dbg
I'm a bit rusty and trying to analyze a piece of code in x32dbg. As follows:
0627BF49 | 8B0B | mov ecx,dword ptr ds:[ebx] |
0627BF4B | 8B85 CCF5FFFF ...
2
votes
1
answer
426
views
How to hide a process from all the methods of getting the list of processes?
So it seems that there are a lot of ways of getting the process list, although I'm not sure whether in the low level do they acquire them from same place or not
so these are the ways i know :
...
- 518
1
vote
1
answer
199
views
What is the ending bytes in the MOV instruction in 32 bit applications in windows? (B8 mov)
So i just compared NTterminateProcess between 32 and 64 bit version of a program, and the mov instruction which moves the syscall into eax is almost the same, both 5 byte, (both the B8 mov) but the ...
- 518
0
votes
1
answer
5k
views
x64dbg - Conditional breakpoint based on function argument
How can I set a conditional breakpoint based on the argument of a function?
I am trying to break on the windows function LoadLibraryExW: https://docs.microsoft.com/en-us/windows/desktop/api/...
- 203
1
vote
1
answer
559
views
How to locate an specific data structure in an executable?
I need to locate an specific "struct" variable in the data section from an assembly. This structure is used for an specific System Function (Windows) "SetCommState()". I'm wondering how to locate the ...
- 115
5
votes
1
answer
2k
views
How does this EB F2 x86 instruction work?
In the following code snippet, the EB F2 instruction is causing execution to jump back up to the line indicated by the arrow. How is this the case given that there is no address supplied to EB and the ...
- 1,880
2
votes
1
answer
510
views
Log EIP while in a certain memory range?
I'm looking for a means to log EIP of a process while it is within a certain memory range. I've dabbled a little bit in x64dbg's logging functionality, but was unsuccessful in getting a memory range ...
- 21