I have two exe files a patched one and the original one (the original one was patched using x64dbg), I want to know what are the differences between the two files using x64dbg or ollydbg.Which mean I want to know where the original file was modified with x64dbg. thanks.
Asked
Active
Viewed 784 times
1
-
Rather than a debugger/disassembler like `ollydbg` or `x64dbg`, you need a binary diffing tool such as `DarumGrim`, `bindiff`, `WinDiff`, etc. See https://stackoverflow.com/questions/8166697/tool-for-comparing-2-binary-files-in-windows for further information. – fpmurphy Nov 14 '22 at 03:11
2 Answers
2
You shouldn't use a debugger to do this, use a diff tool instead. These are some tools that can compare binary files:
- HxD: Freeware, close-source.
- radare2-radiff2: Freeware, open-source, docs
These tools only compare the differences in bytes without disassembling them, but knowing the offsets of the differences you could easily take a look at the opcodes in x64dbg.
There is also an IDA plugin for this: patchdiff2, although I haven't tried this one. You can also consider writing your own x64dbg plugin, it shouldn't be too hard.
thedemons
- 1,139
- 2
- 9
- 25
0
i still couldn't find exact solution. lets assume that i patched File1.exe with x64dbg and saved, i want to compare file1.exe and patchedfile.exe by looking through jmp je mov dissasembled sections.
Halil Nevzat Demirel
- 47
- 5
-
This does not really answer the question. If you have a different question, you can ask it by clicking [Ask Question](https://stackoverflow.com/questions/ask). To get notified when this question gets new answers, you can [follow this question](https://meta.stackexchange.com/q/345661). Once you have enough [reputation](https://stackoverflow.com/help/whats-reputation), you can also [add a bounty](https://stackoverflow.com/help/privileges/set-bounties) to draw more attention to this question. - [From Review](/review/late-answers/33459668) – コリン Dec 25 '22 at 14:46