Questions tagged [x64dbg]
An open-source x64/x32 debugger for windows with UI inspired by OllyDbg.
225
questions
1
vote
0
answers
31
views
how to logging API call in x64dbg
I want to logging all API calls between two breakpoint.
I have tried the trace option but it can not logging API name.
Any good plugin achieve this?
0
votes
0
answers
22
views
Dumping all import symbols from x64dbg
I want to export the symbol addresses from all loaded modules in x64dbg. I know I can do this DLL-by-DLL from the Symbols tab (click on one module > right click in table > Copy > Export Table)...
0
votes
0
answers
47
views
How to get which Tedit is referenced when retrieving text
Reversing a borland builder 6 application, I came across this function: @Controls@TControl@GetText$qqrv
Now, the two parameters for the function are:
LEA param_2=>local_8,[EBP + -0x4]
MOV param_1,...
0
votes
0
answers
27
views
x64dbg string references can not find
i am trying to register a software with x64dbg, but my experience is not enaugh for do this. Anyone can help me ? i am ready to pay price. Problem is can not find string references in x64dbg.i already ...
3
votes
1
answer
99
views
How can I set up a conditional breakpoint for the CreateFileW function for when a specific file/path is read in x64dbg?
I'm currently debugging a program using x64dbg, and I'm struggling to set up a conditional breakpoint on the CreateFileW function:
HANDLE CreateFileW(
[in] LPCWSTR lpFileName,...
0
votes
1
answer
83
views
X64DBG Conditional Breakpoint on Specific Opcode?
Is there any way to break on specific opcode in X64DBG?
For example i want to break on start of a function which is
55 | push ebp
8BEC | mov ebp,esp
can i set a breakpoint like opcode == 0x00EC8B55?
...
0
votes
0
answers
48
views
Why a breakpoint works in x64dbg but not in IDA?
I've spent all morning trying to find a solution to debug with IDA the same function I'm debugging in x64dbg.
In x64dbg, I just go to Symbols -> ws2_32.dll -> WSARecvFrom -> F2 (set ...
0
votes
2
answers
145
views
How can I debug if the program closes directly?
I'm trying to debug a game and it's closing under few circumstances:
When debugging (solved by hooking IsDebuggerPresent to return false when called by the game)
When setting a memory/hardware ...
0
votes
0
answers
94
views
Question about anti-debug methods and anti-anti-debug methods
I've come across several binaries that have simple anti-debug methods in place, like checking IsDebuggerPresent(), NtQueryInformationProcess(), etc. But I recently came across a binary that looked ...
0
votes
0
answers
40
views
How can I find the part of cmd.exe that processes windows batch commands before they're executed?
I'm able to find the ReadConsoleInputW commands for pause and reading input for commands but I'm unable to find the actual processing of the commands. I'm using x64dbg but I'm fairly new to Reverse ...
0
votes
0
answers
40
views
how to set a BP on button in SunAwtCanvas in x96dbg
I'm trying to debug a program in x96dbg that I think this is written in Matlab. There is no string related to buttons or something interesting. Then I go to Handles tab to find buttons and set break ...
0
votes
0
answers
125
views
Scylla error on FThunk import (manually unpacking UPX)
I'm trying to practice on manual unpacking starting from UPX.
I'm using putty.exe x64
This is what I'm doing:
upx -o putty_packed.exe putty.exe
Disable Dynamic base (ASLR) using CFF Explorer on ...
1
vote
2
answers
268
views
reversing pyinstaller compiled exe
i created some compiled binaries using different languages and tried to understand them using x64dbg, the compiled binaries produced by the c language/gcc compiler were pretty easy to understand, then ...
0
votes
0
answers
77
views
Logging function call in x64dbg without asm
I want to log every call of the function to see the what parameters are passed and function result. Currently I'm loading a DLL module, hook function I need and then see function output in my log file....
0
votes
0
answers
221
views
Need Help Cracking a Program
So I've got this .exe that I want to crack. It's an old management system for people in truck loading business.
I kind of understand what's happening with window API calls but I'm unable to access the ...
0
votes
0
answers
42
views
Exe self-modifies strings searched in debugger
I'm studying a Windows binary file and while searching for some string I noticed the EXE modifies the searched string, e.g., if I search "This is a string", it's modified to "his is a ...
0
votes
0
answers
153
views
Retrieve hardcoded string in WinDev compiled app
I wrote an application with WinDev allowing you to open encrypted PDFs without the user having to enter or know the password.
This of course only works with PDFs that I have encrypted myself, always ...
0
votes
0
answers
47
views
X64dbg question
I got a program that I try to patch. Normally you get a message box or something to get at the right point in program. But this program behaves else. It opens, then you can type in your license number ...
1
vote
0
answers
32
views
Is it possible to create a CStringT struct in x32dbg/x64dbg to make them more readable?
I'm working on analyzing a program which makes extensive use of CStringT but I am unclear as to how these are represented in memory, as it does not seem to be consistent. For example using a x32dbg, ...
0
votes
1
answer
113
views
Create exe that jumps directly into main()-function from C
I am using x64dbg to explore image files on Windows. After the computer finishes prowling ntdll.dll it jumps to OptionalHeader.AddressOfEntryPoint.
But this is not my main()-function.
What is this ...
1
vote
0
answers
107
views
Can't find the error message in x32dbg
Am trying to reverse an activation program using the error message in reference string
but searching for the string is not successful "all modules - string reference"
tried to pause after ...
1
vote
2
answers
556
views
How can I jump to the start/end of a function in x64dbg?
I'm currently debugging a program using x64dbg, and I'm wondering how to quickly jump to the start or end (prologue/epilogue) of a function while I'm in the middle of it. I couldn't find this ...
1
vote
0
answers
105
views
Notepad can find my string, but x64dbg can't
I open v2game.exe with notepad, and I can see string "teleport" occurs a bunch of times.
Now I open v2game.exe with x64dbg (not running the exe). x64dbg can't find the needed string. Why? ...
1
vote
0
answers
121
views
Techniques for analysing an exe file
I am learning to use x64dbg application and I am exploring different methods for studying an application.
So far I know of only a few techniques as listed below:
String References Search
Call Stack
...
2
votes
0
answers
161
views
Help with reversing an application with x64dbg
I am a newbie to reverse engineering. I am trying to reverse engineer an app that uses some form of internet explorer frame kind of thing because I could see use of mshtml.dll and jscript9.dll and ...
3
votes
1
answer
337
views
Load PDB for MemoryModule-loaded DLL in x64dbg
I need to debug a DLL, which I have a PDB file for.
The debug target is a program, that loads the DLL using MemoryModule library from Github.
The loaded module isn't listed as a module in x64dbg, ...
3
votes
0
answers
318
views
How to see parameters in stack in x64dbg like in OllyDbg for known API calls?
Based on Detailed API call descriptions not available in x64dbg
When I debug a known API call like for example WSARecv, in OllyDbg I can nicely see the parameters in the stack:
I've installed both ...
4
votes
2
answers
291
views
Malware analysis - Debugger hangs at HttpSendRequestA
I'm reverse engineering a malware that at some point tries to connect to http://api.ipify.org in order to get the IP address of the infected PC.
I was able to replicate this behaviour with a small ...
2
votes
1
answer
136
views
Understanding the logic behind decompiled code
Hi I was learning reverse engineering by doing some crackme(s) found online using IDA and x64dbg.
I'm quite confused on the below decompiled code.
bool Logic()
{
char CODE[] = "RAND_STRING&...
4
votes
1
answer
976
views
Change string value when string is in a RAM address x64 c++ program
I'm new to reverse engineering.
I'm simply trying to change the value of a string in x64dbg, of a program I make myself in VS
(It's a c++ program, and is VERY simple; it just prints a string, and two ...