| 22 Mar 2024 |
 x64dbgbot | <daamseh> Thanks bro | 21:58:04 |
| x64dbgbot | <el_garro> It's a debugger, you can use it to inspect, poke and prod on a lot of programs (re @daamseh: For another program) | 21:58:47 |
| 23 Mar 2024 |
| x64dbgbot | Redacted or Malformed Event | 09:48:12 |
| 24 Mar 2024 |
| x64dbgbot | <wgz0001> 有没有玩逆向的群,推荐一下,谢谢 | 11:56:39 |
| x64dbgbot | <ufmfhsbn> Easiest way to search on an address in memory in win32dbg? | 13:09:35 |
| x64dbgbot | <ufmfhsbn> Figured it out. | 13:51:49 |
| x64dbgbot | <mrexodia> Care to share with the group? ^^ (re @ufmfhsbn: Figured it out.) | 16:59:53 |
| x64dbgbot | <ufmfhsbn> Sure. Had an assignment in reverse engineeriing where I had to go to a specific address in memory and do some stuff. CTRL + G and enter the address and you will go there. Important to know that the debugger is not going there. So you are just moving around in the file while the program can be located at another 'breakpoint'. We use x32dbg for our lab: | 17:11:05 |
| x64dbgbot | 
Download file_1966.jpg | 17:11:06 |
| x64dbgbot | <ufmfhsbn> Sure @mrexodia. Had an assignment in reverse engineeriing where I had to go to a specific address in memory and do some stuff. CTRL + G and enter the address and you will go there. Important to know that the debugger is not going there. So you are just moving around in the file while the program can be located at another 'breakpoint'. We use x32dbg for our lab: | 17:11:31 |
| x64dbgbot | 
Download file_1966.jpg | 17:11:32 |
| x64dbgbot | <el_garro> What? Ctrl g does take you to the correct address, can you explain that better? Do you want to go there to see the memory content or do you want the EIP to jump to that address? (re @ufmfhsbn: Sure @mrexodia. Had an assignment in reverse engineeriing where I had to go to a specific address in memory and do some stuff. CTRL + G and enter the address and you will go there. Important to know that the debugger is not going there. So you are just moving around in the file while the program can be located at another 'breakpoint'. We use x32dbg for our lab:) | 17:18:08 |
| x64dbgbot | <el_garro> Oh just got the context of what you were saying, nevermind | 17:20:55 |
| x64dbgbot | <el_garro> Oh just got the context of what you were saying, nevermind | 18:25:36 |
| x64dbgbot | <ufmfhsbn> Digression: I'm fearly new into reverse engineering and have it as a topic on my MSc in Cyber Security now until summer. Work as a DevSecOps fulltime. If there is any other people out there that want to connect and like to do CTF's and solve issues. Just send me a DM and we can connect. 😊 | 20:33:21 |
| x64dbgbot | <ufmfhsbn> Sure @mrexodia. Had an assignment in reverse engineeriing where I had to go to a specific address in memory and do some stuff. CTRL + G and enter the address and you will go there. Important to know that the debugger is not going there. So you are just moving around in the file while the program can be located at another 'breakpoint'. We use x32dbg for our lab: | 21:06:46 |
| x64dbgbot | 
Download file_1966.jpg | 21:06:47 |
| x64dbgbot | <wgz0001> 打CTF的都是大佬👍 | 23:15:57 |
| 25 Mar 2024 |
| x64dbgbot | <wgz0001> 打CTF的都是大佬👍 | 08:44:00 |
| x64dbgbot | <elvis6356> when I hold F8 or spamming F8, it just running instead of step over. Does anyone have same issue? | 15:32:03 |
| x64dbgbot | <mordaur> how would one set a breakpoint when RDX contains a certain value? from what i've found one needs to do a trace over, and set a bp? would the syntax "rdx == 00000000FFFFFFFF" be okay for this, so that the execution breaks when RDX contains "00000000FFFFFFFF"? or am i way off here? | 19:54:59 |
| x64dbgbot | <mordaur> how would one set a breakpoint when RDX contains a certain value? from what i've found one needs to do a trace over, and set a break condition? would the syntax "rdx == 00000000FFFFFFFF" be okay for this, so that the execution breaks when RDX contains "00000000FFFFFFFF"? or am i way off here? | 19:55:54 |
| x64dbgbot | <Drawing> yeah that should work. i just tested it | 20:13:31 |
| x64dbgbot | <mordaur> thx | 20:18:10 |
| x64dbgbot | <mordaur> painfully slow though 🤪 | 20:27:07 |
|  riccio8 joined the room. | 21:16:52 |
| x64dbgbot | <Fsocityi> https://youtu.be/9U3aq2SaLOM?si=N07kn5jZuWCDtCXQ | 23:59:44 |
| 26 Mar 2024 |
| x64dbgbot | <fabiogiovanni> Are you stepping over calls? (re @elvis6356: when I hold F8 or spamming F8, it just running instead of step over. Does anyone have same issue?) | 03:06:44 |
| x64dbgbot | <elvis6356> I don't remember. But it's not something like "call without return" | 03:23:15 |
| x64dbgbot | <fabiogiovanni> Perhaps, but what if deeper inside there is for example jmp rax or push rax, ret? Does this behaviour always happen in there or just occasionally? | 03:49:10 |
