EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > x64 OS

Notices

Reply
 
Thread Tools Display Modes
  #31  
Old 11-16-2016, 20:21
mak mak is offline
Friend
 
Join Date: Feb 2010
Posts: 22
Rept. Given: 10
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 10
Thanks Rcvd at 6 Times in 4 Posts
mak Reputation: 1
AttachHelper plugin for x64dbg

This plug-in automatically restores that "DbgBreakPoint", "DbgUiRemoteBreakin".

http://www.mediafire.com/file/priwaetcn9g4lp4/x64dbg_AttachHelper.zip
Reply With Quote
The Following 3 Users Say Thank You to mak For This Useful Post:
niculaita (11-17-2016), pps44 (11-19-2016), quygia128 (12-07-2016)
  #32  
Old 11-20-2016, 04:57
mak mak is offline
Friend
 
Join Date: Feb 2010
Posts: 22
Rept. Given: 10
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 10
Thanks Rcvd at 6 Times in 4 Posts
mak Reputation: 1
OW Imports
by: qwerty9384 / bloodwrath
released: 11.13.2016

summary:
this plugin adds the 'oiu' command to x64dbg. executing the command with the IAT's base address will label all obfuscated winapi imports and log the address / label names in the x64dbg log tab. generated labels are automatically deleted once you stop debugging. behavior is undefined if used on any other address or if you run the command more than once per debug session.

note:
the IAT is dynamically built some time between the second TLS callback and the creation of the second thread.

how to use:
1. click on the "Memory Map" tab in x64dbg.
2. find the first region (lowest address) of virtual memory of size 0x3000. it's always near the top of the mem map table.
3. go to this region's base address in the disassembly view.
4. you should see something like this:
00000000000B0000 | 48 | MOVABS RAX, iphlpapi.7FEF9F73F33 |
00000000000B000A | 48 | ADD RAX, 39F9 |
00000000000B0010 | 71 | JNO B0014 |
5. click the base address, press 'ALT+INSERT' to copy the address.
6. press 'CTRL+ENTER' to focus the cmd line.
7. type 'oiu ', paste the address, press enter.
8. check the log for the import name / address dump.
9. all labels will be automatically removed when you stop debugging.


http://www.mediafire.com/file/5zorao...ats.me%5D_.zip
Reply With Quote
  #33  
Old 11-22-2016, 17:07
mr.exodia's Avatar
mr.exodia mr.exodia is offline
Super Moderator
 
Join Date: Nov 2011
Posts: 815
Rept. Given: 474
Rept. Rcvd 1,149 Times in 307 Posts
Thanks Given: 72
Thanks Rcvd at 407 Times in 165 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
@mak could you give sources of where the plugins came from?
__________________
x64dbg: http://x64dbg.com
My Blog: http://mrexodia.cf
Reply With Quote
  #34  
Old 11-25-2016, 19:04
mak mak is offline
Friend
 
Join Date: Feb 2010
Posts: 22
Rept. Given: 10
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 10
Thanks Rcvd at 6 Times in 4 Posts
mak Reputation: 1
Quote:
Originally Posted by mr.exodia View Post
@mak could you give sources of where the plugins came from?
Files indicate the source, once again

OW Imports https://www.unknowncheats.me/forum/o...in-x64dbg.html

AttachHelper plugin for x64dbg https://forum.tuts4you.com/
The author was asked to send the plugin to you, but dont know if he did it.
Reply With Quote
  #35  
Old 01-06-2017, 22:58
dave_omirora dave_omirora is offline
VIP
 
Join Date: Dec 2006
Location: Osaka
Posts: 162
Rept. Given: 24
Rept. Rcvd 68 Times in 32 Posts
Thanks Given: 2
Thanks Rcvd at 5 Times in 4 Posts
dave_omirora Reputation: 68
x64 dbg that have support new api for Hasp protected?
I can't open program.
Reply With Quote
  #36  
Old 01-07-2017, 07:36
mr.exodia's Avatar
mr.exodia mr.exodia is offline
Super Moderator
 
Join Date: Nov 2011
Posts: 815
Rept. Given: 474
Rept. Rcvd 1,149 Times in 307 Posts
Thanks Given: 72
Thanks Rcvd at 407 Times in 165 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
@dave_omirora you have to be more specific than that. Could you open an issue on http://issues.x64dbg.com?
__________________
x64dbg: http://x64dbg.com
My Blog: http://mrexodia.cf
Reply With Quote
  #37  
Old 01-27-2017, 04:35
user1's Avatar
user1 user1 is offline
Family
 
Join Date: Sep 2012
Location: Romania
Posts: 467
Rept. Given: 296
Rept. Rcvd 98 Times in 48 Posts
Thanks Given: 183
Thanks Rcvd at 104 Times in 54 Posts
user1 Reputation: 20
When is planned to release an stable version? I m using 5 may 2016 release, but latest nighty builds are only for debug testing.
Reply With Quote
  #38  
Old 03-23-2017, 04:47
serseri_1453 serseri_1453 is offline
Friend
 
Join Date: Mar 2014
Location: Turkey
Posts: 19
Rept. Given: 40
Rept. Rcvd 13 Times in 4 Posts
Thanks Given: 62
Thanks Rcvd at 0 Times in 0 Posts
serseri_1453 Reputation: 13
Quote:
Originally Posted by quygia128 View Post
My first plugin for x64_dbg, this plugin for test only.(32bit support)

Follow in file readme.txt to get more information.

greetz
quygia128
alternatif link please mega or mediafire etc...
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
using x64_dbg rcer General Discussion 8 09-06-2015 08:28


All times are GMT +8. The time now is 02:42.


ICP05004977
vBulletin Security provided by vBSecurity v2.2.0 (Lite) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX