Using x64dbg debugger to analyze xmm registers
Вставка
- Опубліковано 16 вер 2024
- Notes:
In this video I demonstrate how to analyze a struct and also to understand the xmm registers.
movss = move scalar single-precision floating-point value
copies the lowest 32 bits (4 bytes/dword) of the xmm register
eg,
movss xmm0, [a] ;load from memory
movsd = move scalar double-precision floating-point value
copies the lowest 64 bits (8 bytes/qword) of the xmm register
eg,
movsd xmm0, qword ptr ds:[7FF64435C3453221]
movapd = move aligned packed double-precision floating-point value
copies one xmm register to another xmm register
eg movapd xmm1, xmm0
ref:
What are xmm registers:
en.wikipedia.o...
x86 and amd64 instruction reference:
www.felixclout...
Download globalstruct.exe and source code:
drive.google.c...
Download x64dbg:
x64dbg.com/
It's in a good slow pace and saved my day. Thank you!
Mr.paul mantab, penjelasan sangat detail, 👍👍👍👍
Terima kasih!
hey Paul, what courses would you recommend for cracking game cheats/cheat loaders?
Hi, Sir. Recently I'm dealing with reversing program that written in Delphi 4 professional. No packer detected by DIE. The software have trial version for about 7 days. I can't reverse the software as when we debug the software & trying various jumps it always end up with thread xxxx exit. When I set the PC date to the date after the trial registration, the software can run back on trial mode. But when we debug, debugger can run, but looks like going to different path & always stop with thread no xxxx exit... I need your help to give a hint what type of protection I'm dealing with. Thanks in advance
hello Paul
i'm wanna know if i can experiment the webcam biofeedback (: thanks
Sure, here is a free coupon: www.udemy.com/course/opencv-and-java/?couponCode=JUN20FREE100
hi paul, what if the program uses protector enigma?
Hello sir when we can't see strings & also no message box in intermodular calls how we can trace messages ?
You can try the call stack method. Once you see a messagebox with the bad message appearing. You immediately pause the debugger. Then click on the Call Stack menu and there you will see the list of history of function calls. There is a column with the title "From". There, look for the address belonging to the User space usually 0x004xxxxx for 32-bit process. Just follow it in disassembler and you will land in the memory where the logic for checking serial key is found. All this is explained in my CSL and CSP courses on my website: crackinglessons.com/learn
Thanks
Welcome Ray!
Hello Sir. I just quorious to know is there any reversing tools/pluggins that can log the binary code jump when we do reversing? So if we have running software (licensed), we can compare the jump log files between the licensed & un-licensed software so we can be easily patch the un-licensed one to be "licensed/registered" . Another question, how to bypass a dongle protection, can you suggest which course I should take ? Thank you so much. Have a nice time !!!
(1) There are some tools that can do the comparison. But I have never used them. You can google for "binary diff". (2) So far, I have never tried to bypass dongle protection because I have never owned any dongle protectors. Thanks for your interest. You can take the CSL and CSP course on my website: crackinglessons.com/learn
@@PaulChin20 Thank you so much & appreciate for your info.
@@f1education383 Welcome F1
Sorry futher question. I ever got the Olly debugger pluggins that can log all the jump command into text file. But I don't remember any more the pluggin name as I found long time ago that the latest windows version was still windows XP. I never tried it before to do the comparison. But I ever try the pluggin one time & wonderfully I Saw all the jump was logged into text file.
@@f1education383 Thanks for the tip!
Hi Mr. Paul. I just quorious to know if we can crack PHP encrypted file using ioncube 12 encryption, PHP version 5.1.16 & also video encrypted file with gem extension? We don't have the key/password. The other thing, is there any fastest way to crack the Zip/rar password instead of brute forcing that we don't have certainty of time taken? Really appreciate if you can help. I have the sample files if necessary.
Paul what course is best for cracking vmprotected software?
how to crack login pages of any exe
You can try using x64dbg debugger. When you get the error message saying wrong password, pause the xdbg. Then in the Call Stack window, go to the from column and look for a suitable User module address. Once you find that, go to that address and locate the jump instruction that shows the bad message and reverse the jump. My CSL and CSP courses cover this: crackinglessons.com/learn/
Hello sir I want learn ludo king game hacking can you teach me how to hack this game
Sorry, I have not tried hacking that game. But I have a Udemy course on game hacking for beginners: www.udemy.com/course/cheat-engine-game-hacking-basics/?referralCode=38D1B917FCCFBAD3613D
Hello sir, I’ve been trying to contact you regarding your Udemy class I’ve taken on frida for beginners. If you could, would you please contact me as I have a few questions regarding reverse engineering. Thank you 🙏 I have submitted a “contact us” request via your website as well.
If it is related to the Frida Course, please post in the Udemy Q & A section for that course. That way it can benefit other students who are also taking that course. Thanks!