+- الفريق العربي للهندسة العكسية (https://www.at4re.net/f)
+-- قسم : ENGLISH FORUM (https://www.at4re.net/f/forum-6.html)
+--- قسم : Tutorials (https://www.at4re.net/f/forum-14.html)
+--- الموضوع : x64dbg Script Programming For Reverse Engineering by Paul Chin (/thread-4619.html)
x64dbg Script Programming For Reverse Engineering by Paul Chin - Stingered - 29-06-2025
x64dbg Script Programming For Reverse Engineering by Paul Chin
See attachment for download locations:
How to use xdbg scripting to automate reverse engineering, hack memory and test protection mechanisms
Welcome to “x64dbg Scripting For Reverse Engineering and Memory Hacking.” This comprehensive course is designed for both new and experienced students in the field of ethical hacking and reverse engineering. Whether you’ve taken my previous x64dbg courses or are familiar with the basics of reverse engineering, this course will take your skills to the next level by diving deep into the power of xdbg scripting.
In this course, you’ll learn how to automate reverse engineering tasks using x64dbg scripting, a critical skill for any serious security researcher. We’ll start with the fundamentals of scripting within x64dbg and gradually move on to more advanced topics, such as modifying process memory to alter control flow logic, patching memory without the need to unpack executables, and test complex packing protections and anti-tampering mechanisms.
The course is structured to provide you with hands-on experience through real-world scenarios and challenges, allowing you to apply what you’ve learned in a practical, problem-solving context. If you’re someone who enjoys solving puzzles and facing challenges head-on, this course will provide you with the tools and knowledge to do just that.
By the end of this course, you’ll have the skills to automate and enhance your reverse engineering process, making you more efficient and effective in your work. Whether you’re a security researcher looking to sharpen your skills or someone passionate about ethical hacking, this course is for you.
Join me in “x64dbg Scripting For Reverse Engineering and Memory Hacking” and start mastering the art of scripting in x64dbg today!
What you’ll learn
Script Programming
Learn new reverse engineering techniques never taught before
Practice and hone your assembly language hacking skills
Hacking process memory
Patch memory of packed program without unpacking
Automating reverse engineering
Debugging packed program without unpacking
Evaluating, Analyzing and Testing UPX, VMProtect, Enigma and Themida Protectors
Automation Using AutoIT
Using AOB (Array of Bytes) Scan To Solve ASLR (Address Space Layout Randomization) Issues
Finding Critical Regions By Tracing Input Strings In Memory
Using Handle Proc Algorithm To Pause Debugger To Run Scripts
Searching For Critical Regions Even Though There Are No Visible Strings
Tracing Input Strings In The Stack and Parameter Windows To Find Critical Region
Enabling disabled Buttons
Modifying Message Boxes With Scripts and AOB Scans
Using Instruction Pointers EIP and RIP To Modify Flow Control
Two Step Input Validation and x64 Calling Conventions
Automatic RTU (Run To User) To Speed Up Search For Critical Regions
Creating Keygens via Scripting
Patching Stack Parameters on The Fly
and more . . .
Table of Contents
Introduction
1 Introduction
2 Installing the tools
3 Why x64dbg Scripting
4 Additional benefits of scripting
5 Installing Visual Studio Code and Writing Your First Hello World Script
6 Creating Your Projects Folder and Downloading Your First Crackme
x64dbg Documentation and Command Input Box
7 x64dbg Documentation and Command Input Box
MOV and Simple Calculations
8 MOV and Simple Calculations
PUSH and POP
9 PUSH and POP
TEST and if-else branching
10 TEST and if-else branching
CMP and if-else branching
11 CMP and if-else branching
Init and Attach
12 Init and Attach
Run and serun
13 Run and Serun
sto Stepover
14 sto Stepping over
Stepping Into
15 Step Into Without Parameters
16 Step Into With Parameters (Recursive Step Into)
17 sti stepinto-2
Swallow exceptions step over and step into (sesto and sesti)
18 Swallow exceptions with sesto and sesti
Running to RET (rtr)
19 Running to RET (rtr)
Skipping Instructions
20 Skipping Instructions using the skip command
InstrUndo
21 How to undo instructions (InstrUndo)
User Modules and System Modules, Setting BP on API calls and Run to User Code
22 Understand User Modules and System Modules, Set BP on API calls and Run to User
Step Until System Call
23 Step Until System Call and Using Loops
Base Address and AOB (Array of Bytes) Scans
24 Base Address and AOB Scans
Patching a Jump with NOPs using Memory Patching
25 Patching Memory With NOPs
Searching For Strings On The Stack
26 Search For Strings On The Stack
Searching For Strings In the Registers
27 Search For Strings In the Registers
Enabling a disabled button – part 1 – tracing breakpoint counts
28 Enable a disabled button by tracing breakpoint counts
Enable a disabled button by patching the SetWindowLong parameters using scripts
29 Enable a disabled button by patching the SetWindowLong parameters using scripts
Modifying MessageBox by Tracing Memory Where Parameters Originally Load
30 Modifying MessageBox by Tracing Memory Where Parameters Originally Load
Modifying MessageBox With Scripts and AoB Scans
31 Modifying MessageBox With Scripts and AoB Scans
Tracing the Stack and Register for Input Strings (Username and Password)
32 Introduction to 04-Crypt0sBeginnerCrackMe – Preliminary Analysis
33 Tracing Input Strings On The Stack and Differences Between ESP & EBP stack view
34 Tracing Password Input String On The Stack
35 Tracing Input Strings in Registers
Exercises on Tracing Stack, Register and Patching to Reverse Jump Logic
36 Intro to whoami crackme and Exercises on Tracing Input String on Stack, Register
37 Patching With NOPs to Reverse Jump Logic
Tracing CMP Instructions
38 Tracing CMP Instructions
39 Patching with NOP to reverse a jump logic
Handle-Proc Algorithm and Two-in-one Patch for MessageBox and Reversing Jump
40 GUI App Basic Input String Search
41 Handle-Proc Algorithm to Find Critical Functions
42 Two-in-one Patch for MessageBox and Reversing Jump
Variations on the Handle-Proc Algorithm and Searching For UTF-16 Input Strings
43 Introduction To CrackMe 9
44 Variations On The Handle-Proc Algorithm and UTF-16 Input Strings
45 Patching To Change Serial Key
Creating Keygen From Results of Search For Input String
46 Introduction to Keygenthis
47 Handle-Proc Variations and Stack Search For Input String
48 Creating a Keygen From Results of Search For Input String
Exercise on Creating Keygen Where There Are No Error MessageBoxes
49 Creating Keygen Where There Are No Error MessageBoxes
Message Breakpoint Method, EBX Register Search and BP on GetDlgItemText
50 Introduction To Trope Crackme
51 The Message Breakpoint Method
52 Fast Tracing By Toggling The ZF Flag
53 Setting Breakpoint On GetDlgItemText API To Find Critical Function
54 Summary Of The Message Breakpoint Method For Finding The Critical Function
Dynamic Bytes in AOB and Modifying EIP To Jump To Exit
55 Introduction To PatchMe-Revamped
56 Avoiding Dynamic Bytes and Modifying EIP to Exit App
57 Identifying Dynamic Bytes In AOB and Replacing Them With Wildcard Placeholders
Two-Step Input Validation and x64 Calling Conventions in Parameter Window
58 The two-step input validation process
59 x64 calling convention and parameter windows
UPX packed – fishing for password and patching
60 Looking for a place to put bp in a packed program
61 Using VirtualProtect to locate unpacked region to insert breakpoint after input
62 Using scripts and AOB scans to set breakpoints in the unpacked region
63 Patching with NOPs to always show the Good Message
UPX packed – fishing for serial and patching
64 Using Handle-Proc Algorithm To Search for Critical Region in UPX Packed Program
65 Patching with JMP to always show good message
Automated Cracking Using AutoIt
66 Introduction to flcksr crackme
67 Installing AutoIt
68 Installing SciTe Editor
69 Creating an AutoIt Script
70 Multiple register search for critical region and patching
Testing VMProtect
71 Basic VMProtect on CrackMe 5
72 Using Script To Patch Memory Without Unpacking VMProtect
73 Installing The Scylla Hide Plugin
74 Hiding Debugger From VMProtect
Testing EnigmaProtector
75 Default Enigma Protection
76 Hiding Debugger From Enigma And Patching Memory
Testing Themida Protector
77 Default Themida Protection
78 Hiding Debugger From Themida And Patching Memory
Resources For Further Studies
79 Resources For Further Studies