horsicq / pex64dbg Goto Github PK

I hope I can fill in the address by myself, For some memory PE.
maybe

address: [ 0x10000000 ] [Reload]

....

Fix in x64dbg: x64dbg/x64dbg#3234

Reproduction code (you need to run it on an x64dbg with the fix above, otherwise it triggers anyway):

#include <Windows.h>
#include <cstdio>
#include <cinttypes>

int main()
{
    puts("");

    wchar_t executablePath[MAX_PATH] = L"";
    GetModuleFileNameW(0, executablePath, _countof(executablePath));

    auto hNtdll = CreateFileW(L"C:\\Windows\\system32\\ntdll.dll", GENERIC_READ, 0, nullptr, OPEN_EXISTING, 0, nullptr);
    printf("[AntiDebugHandle] ntdll: 0x%zX (LastError: %u)\n", (uintptr_t)hNtdll, GetLastError());

    auto hExe = CreateFileW(executablePath, GENERIC_READ, 0, nullptr, OPEN_EXISTING, 0, nullptr);
    printf("[AntiDebugHandle] exe: 0x%zX (LastError: %u)\n", (uintptr_t)hExe, GetLastError());
    
    puts("");
}

You would probably need to create a fake QIODevice (or whatever is the abstract of QFile) and use a file mapping backend. Once you have the section mapping open you can close the file handle and things will work fine.

Hi, my friend :
can you add a column with the address of that item, and maybe Follow menu in CPU,dump ?

Thanks for the nice work

Hello, I can't debug any .dll file if the plugin is installed. the breakpoint at the EntryPoint is never reached, also I tried activating the option to break on DLL load in the debugger but it didn't help.

There's no crash or anything similar, so I can't provide a crash dump or any more helpful info, sorry about that.

Hi :
I am trying to compile the project but I keep always get missing files.

BR