X64dbg Explained

x64dbg
Developer:mrexodia
Released:July 31, 2014
Programming Language:C++
Platform:Windows

x64dbg is a free and open-source[1] debugging software created by mrexodia available on Windows 7 and later versions. x64dbg is used to analyze 64-bit executable files, while its near identical counterpart, x32dbg is used to analyze 32-bit executable files. Debugging is a process of looking into executable files translated into low-level assembly code, allowing the user of the debugger to see what is going on inside of an application; even if it is not open source. This is called reverse engineering.[2] It is very similar and often interchangeable with other debugging software. x64dbg is one of the most popular debugging software programs.[3]

Features & usage

The GUI of x64dbg is very overwhelming and cramped at first sight. The ribbon at the top of the screen includes all of the main tabs for the software, and allows you to navigate between different screens. x64dbg also supports plugins.[4]

The CPU tab is the tab you will most frequently use. It contains the assembly code of the file you dragged in. You are able to insert breakpoints labelled as grey circles to the left of the assembly code. These are important for when you execute the file you are examining, and you want the code to pause at a certain section. To the right of this, you are able to see your FPU Registers which store data of the file you dragged in. Debuggers automatically generate their own variable names for variables referenced in the assembly code itself, and you can view the values of these variables here.

At the bottom of the GUI, you can see a dump section which stores memory of the currently running process.

You can view other tabs by clicking different sections of the ribbon, or you can alternatively click on the "View" tab at the top which brings a dropdown listing every other tab. These tabs include; CPU, Log, Notes, Breakpoints, Memory Map, Call Stack, SEH Chain (Structured Exception Handling), Script, Symbols, Modules, Source, References, Threads, Handles, Graph, and Trace.

Patches

Patches are a way of allowing you to make modifications to the code, they let you save the code as a new file. This is often used when you want to make permanent changes to a file.

See also

References

  1. Web site: x64dbg . 2024-08-08 . x64dbg.com.
  2. Web site: Nym . Millie . 2023-07-17 . Reverse Engineering Walkthrough Analyzing A Sample Of Arechclient2 . 2024-08-08 . SentinelOne . en-US.
  3. Web site: Harakhavik . Yaroslav . 2020-08-05 . CPR Anti-Debug Encyclopedia: The Check Point Anti-Debug Techniques Repository . 2024-08-08 . Check Point Research . en-US.
  4. Web site: Plugins . 2024-08-08 . GitHub . en.