Complete x64dbg & x32dbg tutorial – Ollydbg 64 alternative
In order to remove bugs from a program or to modify an app with or without having the source code, a process called debugging is used. Debugging is a process of finding & removing bugs from the program or an application or modifying the code as per your need. Debugging is usually done under 2 situations- When source code is available & when source code is not available.
Here in this tutorial, the situation when source code is not available is considered. To debug we need to use a program called “Debugger”. For different platforms & languages in which software is written, there are different types of debuggers. In this tutorial, the basics of the x64dbg debugger are covered.
What is x64dbg?
As the name suggests it’s a 64 bit debugger meant for 64-bit of programs. It is specifically meant for Microsoft Windows. x64dbg is an open source project by the author Mr. eXodia. It is also a dynamic debugger like ollydbg but it is quite nascent in age. Let’s move forward to a basic intro, which is specially meant for newbies.
Alternate to ollydbg 64
One of the most used & free to use, debugger for windows is “Ollydbg”. It is an EXCELLENT dynamic debugger for x86 targets in Windows. Ollydbg 64 bit aka Ollydbg 2.01 is present, but it has not been updated since 2013 by the author & hence not fully functional. In order to fill the gap, x64dbg was developed. But if you want to run it, you can test it by downloading it from here.
How to install x64dbg?
- Download the setup(link given below video).
- Extract the zip package where you want to.
- Open the folder named “x64dbg” which you just extracted.
- Then open sub-folder named “release”.
- Double click on “x96dbg.exe”, then Popup will appear saying “Do you want to register a shell extension?” , Click “Yes”.
- Then click “Yes” to “Do you want to create Desktop Shortcuts?” & “Do you want to register the database icon?”.
- If all done properly then success message will appear “New configuration written!”.
You can use the target files given below to try things yourself. Also, these files are safe, some AV may detect it as FalsePositive. If you still have some doubt, running files in Virtual machine is recommended.
- Target file for How to use x64dbg tutorial =>can be downloaded here.
- Target file for How to Crack any software =>can be downloaded here.
- Target file for Ollydbg tutorial =>can be downloaded here.
Brief intro to x32dbg
Based on architecture, there are 2 types of processors(nowadays)- 32 bit & 64 bit. So 2 type of programs based on the version of Windows. So x64dbg contains two sets of debuggers-:
It is meant for debugging x86(32 bit) of files. It is just like Olly debugger meant for windows 8, 8.1, 10 versions.
It is meant for debugging x64(64 bit) of files. It is just like ollydbg 64 which can be used for dynamic debugging & malware analysis.
Overview of x64dbg
User Interface of x64dbg is divided broadly into 4 sections-:
- Registers & Flags
The word “disassemble” means to “to break down” or “to take apart”. In software reverse engineering, disassembly means to break the “Machine language” into human-readable assembly language.
In the disassembly window of x64dbg, the 1st column shows the address in memory of the instructions. The second column shows opcodes which mean “OPeration CODES”. The 3rd column shows the assembly code, which is what most matters to us. In the 4th column, the debugger displays comment about instructions.
Registers & Flags
This segment shows Registers which are used to perform mathematical operations. For 32-bit Intel processor has 8 general purpose registers. For 64 bit number of registers get increased to 16.
Flags in assembly language are used to tell the current state of the processor. In x64dbg, individual flag status can be changed by double-clicking on them. Flags play a vital role while doing an analysis of the code.
The Dump window shows the hex-code of the program in the memory. It is just like the hex editor which shows the raw data in both hexadecimal & ASCII/UNICODE format. If you want to change something in it, just double-click on that selected portion which you wanna change & edit the bytes.
The stack is space in memory in which is used to temporarily used to store data. It stores data in a particular order – LIFO(Last In First Out) or FILO(First In Last Out). Having a decent knowledge of Stack is very useful while debugging.
How to use the x64dbg debugger?
- First of install x64dbg as explained above.
- Choose either x64dbg or x32dbg according to, if the file is 64 bit or 32 bit respectively.
- To load the file in debugger either drag & drop it on the icon or attach the process to x64dbg (File→ Attach or Alt+A)
- After loading the file in the debugger, your creativity is the limit 😉
After reaching till here, hope you will have some more knowledge about x64dbg basics i.e how to download, install & how to use it. In the near future, I’ll try to make a tut on using x64dbg on 64-bit files. Hope you like this tutorial made especially for beginners who are just going to start their debugging journey.