Highest Voted 'x64dbg' Questions

3

votes

1 answer

What is this "r8d" in x64dbg?

I'm debugging my x64 c++ program to learn how it look in x64dbg. I see some register for r8-r15 on the right window, but I don't see r8d. There were others like r15d too. So what is it? Here is a screenshot of my x64dbg.

reverse-engineering x64dbg

asked Nov 21 '21 at 02:40

binary_assemble

394
3
17

2

votes

0 answers

How to track RIP/EIP (Instruction pointer) value while debugging

While debugging, when a debugger hits, the value of RIP register is the current address where debugger was attached. But, Is there a way to know previous value of RIP/EIP register, so that it would be clear what opcode executed before that current…

debugging assembly x86-64 x64dbg

asked Aug 28 '21 at 02:32

PeaceBeUponYou

35
5

2

votes

2 answers

How to break in x64dbg from ghidra's corresponding instructions?

I have x64dbg and ghidra synchronized via ret-sync. I found an interesting point in ghidra: 1800382b1 4d 8b e0 MOV R12,rebitData 1800382b4 48 63 f2 MOVSXD packetSize_,packetSize in the listing view; the file…

debugging assembly breakpoints ghidra x64dbg

asked Jan 18 '21 at 03:16

Soleil

6,404
5
41
61

2

votes

3 answers

Can't modify assembly in x64dbg

When i double click on a line in x64dbg to open 'assemble at' window and change "jne" to "jmp", it takes me to next step and not opening assemble dialog box. what am i doing wrong?

debugging assembly x86-64 disassembly x64dbg

asked Aug 15 '20 at 17:22

compulsive coder

164
1
10

1

vote

1 answer

X64dbg is not loading program expected address space (Not same as Ghidra shows)

I have this code written in "Visual studio community edition" in main.cpp and built a release version called Test.exe #include int main() { int i = 0; i++; std::string s; std::cout << "Hello World" << i << std::endl; …

assembly reverse-engineering ghidra x64dbg

asked May 01 '23 at 19:28

rajesh.khanna

43
4

1

vote

0 answers

Understanding the logic behind decompiled code

Hi I was learning reverse engineering by doing some crackme(s) found online using IDA and x64dbg. I'm quite confused on the below decompiled code. bool Logic() { char CODE[] = "RAND_STRING", *lpString1, *v13, v14; char CONST_STRING1[] =…

ida x64dbg

asked Apr 12 '23 at 09:34

Nimrod

375
1
12

1

vote

2 answers

how to compare two exe files with x64dbg

I have two exe files a patched one and the original one (the original one was patched using x64dbg), I want to know what are the differences between the two files using x64dbg or ollydbg.Which mean I want to know where the original file was modified…

exe reverse-engineering patch ollydbg x64dbg

asked Nov 11 '22 at 22:15

walid761

35
3

1

vote

0 answers

Get address of symbols by using x64dbgpy

I want to write a python script to automatically control x64dbg. And I need to find out a the address of a symbol. How can I do it? It seems they only have these argument of symbol: mod, name, rva, manual, type.

python python-2.7 reverse-engineering x64dbg

asked Oct 10 '22 at 16:51

Rachel Duan

11
1

1

vote

0 answers

How to ignore thread switches and analyze a single thread

I am currently using x64dbg to analyze a multi-threaded program. Every time a thread switches, x64dbg automatically breaks, which happens frequently. I want to focus on analyzing one thread. Is there any way to disable the break on thread switches…

reverse-engineering x64dbg

asked Sep 30 '21 at 12:39

Rendon

11
3

1

vote

0 answers

no output after depacking C packed script with UPX

I learn how to pack then unpack scripts with UPX and C language. Here is my script which I packs: it is quite simple, just types string "hello world" on a screen. Well, I pack it using next commands: gcc -m32 main.c -o main upx main.exe -o…

c assembly reverse-engineering upx x64dbg

asked Aug 24 '21 at 16:50

Mark Minerov

309
1
8

1

vote

0 answers

Runtime error C0000005 of an unpacked executable file [UPX 3.91+]

The problem manifests itself when trying to execute an unpacked executable file. The original file is packaged with UPX (3.91 +) [modified], which is reported by Detect It Easy. The unpacking process looked like this: Using x64dbg the instructions…

assembly x86 x86-64 ollydbg x64dbg

asked Jun 16 '21 at 17:40

01 01

11
1

1

vote

1 answer

Changing network request path of application using reverse engineering techniques

I am debugging my own application, so please avoid legal advices, I am new to reverse engineering. I want to know, if it is possible to change application network request path. Let's suppose, my application is making API call to this server…

.net debugging reverse-engineering decompiling x64dbg

asked Apr 07 '21 at 05:01

Yohofik

23
4

0

votes

0 answers

Shellcoding emacs to make it run vim

I am attempting to modify the x64 assembly code of emacs to make it run vim in background using a shellcode. I normally do this on x32 with pushad and pushfd but I am blocked in x64. I will give more context. The normal assembly of emacs is as…

assembly 64-bit portable-executable shellcode x64dbg

asked Aug 08 '23 at 19:13

Rudeus123

13
2

0

votes

0 answers

Debugging a .so file, compiled by cython

I have a .so file that has some functions in it (about inferencing model of deep learning) The .pyx file accidently got deleted during compile. I imported it in my python code regularly. I want to debug it with any tools possible even x64 Ida etc. I…

python reverse-engineering cpython ida x64dbg

asked Jul 22 '23 at 12:07

Ali aalami

1
1

0

votes

0 answers

Alternatives of " Find OEP by section hop " for X64dbg

Now, I am starting to learn about malware unpacking. In the practical malware analysis book they told about the " Find OEP by section hop ".The program will hit a breakpoint just before the OEP executes. Most of the cases in which I am using xdbg…

debugging reverse-engineering malware ida x64dbg

asked Jun 06 '23 at 07:24

Nanduzz

1

Questions tagged [x64dbg]