Reverse Engineering Stack Exchange
Reverse Engineering Stack Exchange

Questions tagged [debugging]

Process of analyzing live programs through software (e.g. ptrace) or hardware (e.g. JTAGs) devices.

Debugging is the process of analyzing live programs through software (e.g. ptrace) or hardware (e.g. JTAGs) devices. This term is usually coined to describe the process of understanding the origin of bugs in the program, but the definition can be extended to a deep inspection of how the program works for reverse-engineering purpose.

Reverse-engineers prefer to call it dynamic analysis because the goal radically differ from its original usage, though it is using the exact same techniques.

630 questions
11
votes
3 answers

x64dbg how to debug a DLL called from an application

I have a 64 bit application that when runs will load a dll (plugin) I want to debug only this plugin, I have tried setting x64dbg to break on dll load, but two issues, this app loads hundreds of other dlls, and when I do get to my dll and try and…
Raz Razman
  • 361
  • 1
  • 3
  • 8
5
votes
2 answers

What is replay debugging?

I've read some info here but looks like the site concerned itself only with vmware and moreover it has abandoned the idea. How can this concept be used with existing debugging environments like IDA and gdb.If it has already been implemented, I would…
viv
  • 784
  • 1
  • 4
  • 17
4
votes
1 answer

gdb debug show error "not in executable format: file format not recognized"

[root@localhost Relay]# file RelayD RelayD: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), stripped [root@localhost Relay]# ./start : no process killed ./start: line 2: 2066 Segmentation fault …
sycoi001
  • 53
  • 1
  • 1
  • 4
4
votes
3 answers

Window application - Does the debugger stop the window thread?

Playing with the debugger x64dbg, I noticed that my application uses multiple threads as shown below: Among them, one thread is certainly used for the window, as the application is a window application. The strange thing is that the EIP never…
Duke Nukem
  • 191
  • 1
  • 5
3
votes
4 answers

How to debug a NSIS installer in order to find where the compressed data is?

NISIS installers compress data using bizp2, lzma or zlib -- I don't know if there are others algorithms--. At some point in the installation process one of those algorithms has to be applied to certain buffer of data. Of course, that data was readed…
Raydel Miranda
  • 223
  • 3
  • 8
2
votes
0 answers

How we capture serial data on wirshark

I have capture this data but I am not understanding this data
Pooja
  • 21
  • 1
2
votes
0 answers

Problems trying to debug a running application on my PC

I've been reverse engineering an application out of necessity, meaning I'm a beginner on the subject. After days analyzing decompiled code from ILSpy I noticed that debugging the application would really help me to figure out better what parts of…
Gabriel Minosso
  • 21
  • 2
2
votes
0 answers

Manipulating Raw Stack Data without Local Variables and Function Parameters

Imagine a scenario where a program's stack data is corrupt and you need to diagnose the issue. How would you go about manipulating and analyzing the raw stack data without the use of any local variables or function parameters, considering the…
raheel0x01
  • 181
  • 6
2
votes
1 answer

Stuck at ntdll when trying to enter a game loop

I'm new to reverse enginnering and currently following Lena's tutorials. I wanted to put my new skills to use and wanted to reverse a simple game: https://github.com/Zolomon/labyrinth. I think I'm stuck somewhere in ntdll. How do I get out of that?…
user10829235
  • 65
  • 3
2
votes
2 answers

How do debuggers help one with finding information about how a program does something?

Let's say I want to reverse engineer an executable that interprets some data type. I want to see how the program interferes with the file, and what is stored. In the case that decompilation is not an option, I have disassembly and debugging left.…
John K
  • 153
  • 1
  • 9
1
vote
1 answer

Rename a program's button using x64dbg?

I'm trying to change the name of a button, but I can't find anything that references it. I looked for the CreateWindow function in the intermodular calls, but I only found a reference to the main window. I also tried through strings but without…
William Marques
  • 11
  • 1
1
vote
0 answers

Is there a debugger that will trace into ring-0 code?

Is there a debugger these days that will trace beyond a syscall or sysenter into ring-0 code? Or is there a technique using a debugger like Windbg? I have read that if you get close enough to the syscall/sysenter function, then set a BP in ring-0…
gordo999
  • 11
  • 2
1
vote
1 answer

Bypassing IsDebuggerPresent

I am currently trying to attach a debugger to a program with a callback for IsDebuggerPresent. Normally, i would patch the program to pass over this check, but patching the program is not an option. How would I go about getting a debugger attached…
nathan
  • 111
  • 1
1
vote
0 answers

How to trace in x64dbg?

Does x64dbg have ““Add entries of all procedures”. option to trace the instructions and save the output as a *.txt file?
Kıvanç Cantimur
  • 65
  • 4
1
vote
0 answers

How to find which event is bound to which GUI part

let's say, I am debugging (with x64dbg) a specific program (in Windows, native programs, probably they are called standard MFC-kind programs ): that program has a button xyz: 1) how to find out which line/command is executed by clicking on that…
T.Todua
  • 643
  • 2
  • 9
  • 20
1
2