All Questions
12
questions
4
votes
1
answer
976
views
Change string value when string is in a RAM address x64 c++ program
I'm new to reverse engineering.
I'm simply trying to change the value of a string in x64dbg, of a program I make myself in VS
(It's a c++ program, and is VERY simple; it just prints a string, and two ...
- 41
3
votes
0
answers
318
views
How would I crack a software that has Xor encryption
So, before you shout at me to go on google I would just like to say I am new to reverse Engineering. Like I have been doing it for a hour. So, I was doing a bunch of crackmes.one using the search all ...
- 31
2
votes
1
answer
3k
views
How to get offset of specific function in exe?
Suppose I have self-compiled exe-file (aka portable executable), its source (c/c++) and generated pdb-file. And what if I want to get offset of its function (non-winapi function) in debugger (x64dbg, ...
- 23
0
votes
1
answer
371
views
Calling MessageBoxW x64 confused about pointer
OK, I am very new to x64dbg. I used to use OllyDbg a lot and I'm having some problems with this.
I just made a customized version of MS-PAINT for practice by changing a few things like the default ...
- 101
2
votes
1
answer
1k
views
x64dbg or alternative: Run to selection while storing all ran opcodes
I'm trying to trace a function, but unfortunately that function is huge and has lots and lots of jumps to other locations, making it almost impossible to trace for humans. I know the entry point and ...
- 123
1
vote
1
answer
1k
views
cannot find a string in x64dbg even when using search all strings
I am trying to debug a program for testing but for some reason i can NOT find any strings related to registeration like Registered, Unregistered,Blocked in x64dbg, i can see all these strings in the ...
- 11
2
votes
1
answer
426
views
How to hide a process from all the methods of getting the list of processes?
So it seems that there are a lot of ways of getting the process list, although I'm not sure whether in the low level do they acquire them from same place or not
so these are the ways i know :
...
- 518
1
vote
1
answer
199
views
What is the ending bytes in the MOV instruction in 32 bit applications in windows? (B8 mov)
So i just compared NTterminateProcess between 32 and 64 bit version of a program, and the mov instruction which moves the syscall into eax is almost the same, both 5 byte, (both the B8 mov) but the ...
- 518
1
vote
1
answer
559
views
How to locate an specific data structure in an executable?
I need to locate an specific "struct" variable in the data section from an assembly. This structure is used for an specific System Function (Windows) "SetCommState()". I'm wondering how to locate the ...
- 115
3
votes
1
answer
488
views
Unable to use CreateRemoteThread in target process
I'm trying to get a debugger attached to a malware, but it seems to pick up whenever a new remote thread is created (which makes it so I can't use Scyllahide).
Even if I suspend all threads, it does ...
- 33
0
votes
1
answer
2k
views
Calling DLL exports in x64dbg
I am attempting to debug a x64bit dll with x64dbg. Is there an export caller similar to Ollydbg? I checked the documents and haven't seen anything.
- 191
1
vote
0
answers
1k
views
Find memory mapped file with x64dbg
I have 64 bit process I want to debug with x64dbg. There is memory mapped file, I found with help of Process Explorer. Properties windows says:
Type: Section
Description: A memory mapped file or ...
- 111