Questions tagged [x64dbg]
An open-source x64/x32 debugger for windows with UI inspired by OllyDbg.
225
questions
2
votes
1
answer
4k
views
How can I define a struct in x64/x32Dbg?
See the image how there is ecx, ecx+4, ecx+8, ecx+24, etc... What if this is a struct and I want to define it... Can I do this in x64Dbg and if so, how? I do see a Struct tab in the hex dump area, but ...
- 1,880
5
votes
1
answer
9k
views
Dealing with exceptions in x64dbg
I'm debugging a game and I often come across an exception (EXCEPTION_PRIV_INSTRUCTION)
The debugger pauses on the address where it stops, now I want to step over one command at a time but when I step ...
- 107
3
votes
0
answers
259
views
Define function in x64dbg
I am reversing a fairly complex app. In x64dbg (with xAnalyzer), is it possible to have custom function definitions?
A simple example would be to have a definition for WinMain(hInstance, ...
- 141
2
votes
0
answers
325
views
How can I fix an unpacked binary which calls out-of-bounds memory?
I've unpacked a binary which was packed with PECompact v2.2 (according to Detect It Easy) and successfully rebuilt the IAT. The binary actually does run, but when I open it in IDA Pro debugger, it is ...
- 1,880
5
votes
1
answer
449
views
School project - Cracking a school emulator
John here. I'm in the last half of our IT school, and we got a side project from one of our teachers. He wrote a emulator back in 2009 in delphi, which is in use till that time. Nothing special, just ...
- 51
2
votes
1
answer
510
views
Log EIP while in a certain memory range?
I'm looking for a means to log EIP of a process while it is within a certain memory range. I've dabbled a little bit in x64dbg's logging functionality, but was unsuccessful in getting a memory range ...
- 21
7
votes
2
answers
5k
views
How to label local variables in x64dbg
As the title stands, I want to label local variables ([ebp - x] addresses) the same way I do with functions and global variables. What I've learned:
I found no way to label locals in the debugger ...
2
votes
1
answer
363
views
In a native debugger, what must be done in order to resolve ntdll/other API symbols manually?
I'm reversing a Windows binary using x32Dbg and I have the following instruction: call ntdll.776C695A.
What steps should I take in order to find out which function this is and/or what it does? The ...
- 1,880
3
votes
0
answers
322
views
What tool is able to analyze/decompile asm execution trace?
I got a trace of the execution from x64dbg and I need to analyze it. The problem is that the trace is quite large and there are quite big chunks of the code that repeat (I assume they are loops).
I ...
- 131
4
votes
2
answers
7k
views
How to break when specific text is found
In this line of code:
mov eax,dword ptr [eax+8];
eax+8 contains a long string of text, I want to find out where it originally came from.
In either OllyDbg or x32dbg, how can I break when ...
- 361
3
votes
1
answer
4k
views
Find what writes to a dynamic memory address
I am looking at some code using x64dbg and found the assembly code that writes to a certain block of memory: dword ptr [rdx + 0x18]. And changing this space in the dump has an output that I am looking ...
- 31
0
votes
1
answer
2k
views
Calling DLL exports in x64dbg
I am attempting to debug a x64bit dll with x64dbg. Is there an export caller similar to Ollydbg? I checked the documents and haven't seen anything.
- 191
1
vote
0
answers
1k
views
Find memory mapped file with x64dbg
I have 64 bit process I want to debug with x64dbg. There is memory mapped file, I found with help of Process Explorer. Properties windows says:
Type: Section
Description: A memory mapped file or ...
- 111
4
votes
1
answer
2k
views
IDA Pro Plugin to add x64dbg
Is there a plugin for IDA Pro to enable me to add x64dbg debugger support to IDA Pro 6.8 or 6.9?
- 311
4
votes
1
answer
3k
views
Displaying IDA names in x64dbg or OllyDbg
I like x64dbg, but, without seeing IDA's names, it's hard to keep track of all the hex. Is there any way to export IDA's names into x64dbg (ideally contiuously)
- 41