Questions tagged [x64dbg]
An open-source x64/x32 debugger for windows with UI inspired by OllyDbg.
225
questions
2
votes
1
answer
2k
views
How to navigate Disassembly view to specific absolute address location?
I have an absolute address that I want to scroll the Disassembly to in order to see which instructions are at that address. I understand that I can scroll by hand, or I can edit RIP. But the former ...
- 187
2
votes
1
answer
476
views
Instructions to compare two strings
I made a list of which instructions compare two strings in disassembly so that when I get to intermodular calls in x64dbg, I can simply type this instructions to see if there is a comparison have been ...
1
vote
0
answers
602
views
x64dbg isn't running the program I'm looking at
I'm almost definitely being an idiot but I have opened up an .exe file in x64dbg and I can run the file just fine when looking at the assembly but it doesn't open a second window so I can see the ...
- 11
0
votes
1
answer
204
views
x64dbg doesn't show Chinese strings in String references?
I'm wondering if x64dbg can show Chinese letters in String references? Because I try to reverse 3 Chinese programs from complete different coders and I never found any Chinese strings. But in the ...
- 1
1
vote
1
answer
1k
views
x64dbg is unable to find string references vs. Ollydbg
I want to know how to find string references in x64dbg as Olly does : it finds every string references I need when I open Memory map window, then rightclick on "Search" and then I enter the ...
- 89
0
votes
1
answer
333
views
please explain the difference between the two types of follow
in file i find
mov rcx,qword ptr ds:[404320]
when I wanted to see what is at the address 404320
i press "follow in dump" and i got a choice between "constant: file.0000000000404320&...
- 3
0
votes
0
answers
156
views
Heavens gate code
Recommend me please how and what better to reverse the code containing "heavens gate"? What tool to bypass protection? Thank you.
I use Intel Pin
push cs
push 0xa02829
jmp far ...
- 21
0
votes
1
answer
747
views
How do I find a function and find out what it does using reverse engineering?
I am attempting to find a function in a specific game. Is there any way that, using the assembly code I get from decompiling the game in either IDA or x64dbg, I can locate a function I am specifically ...
- 39
2
votes
1
answer
840
views
Finding function from pattern
I have been trying to reverse engineer a game for a while now. I have a pattern already for the function I want to find:
\x89\x54\x24\x10\x4C\x89\x44\x24\x18\x4C
\x89\x4C\x24\x20\x48\x83\xEC\x28\x48\...
- 39
2
votes
0
answers
400
views
Strange exception thrown while debugging in Win10, but not Win7
I am disassembling a legacy 32-bit (x86) application using IDA Home (7.6) (for x86 disassembly) in a 64-bit Windows 10 environment running in a virtual machine (VMWare Fusion for Mac). The application ...
- 121
1
vote
1
answer
807
views
A tutorial or docs to unpack a custom packed PE
I am facing an odd situation. I have a licensed game that's doing odd actions on the system. I isolated it as I could and observed the behavior both network and so forth, and I suspect it's a custom-...
- 11
1
vote
1
answer
222
views
How to use decimal in x64dbg calculator?
The x64dbg calculator can evaluate hex expressions.
Is there a syntax to calculate the sum of a hex value and a decimal value? For the example in the snapshot, is it possible to treat 10 as a decimal?...
- 177
0
votes
0
answers
431
views
How to decrypt/decode the strings found in desktop application with x64dbg?
I'm a beginner and I have no experience at all in Reverse Engineering. I want to study it so find the "string" references, but all I get is some incomprehensible strings which are probably ...
- 101
1
vote
3
answers
1k
views
x64dbg Crash on Dynamic Debugging Remove Anti-Debugging Protection
I am trying to run Dynamic code analysis using x64dbg for Windows 64 bit executable. I install the anti-debugging plugin for x64dbg from https://github.com/x64dbg/ScyllaHide. I still find the ...
0
votes
1
answer
482
views
decoding thread context structure in x64dbg
Is there any way to decode the thread context structure returned by "GetThreadContext" and used by "SetThreadContext" in x64dbg?
