Results 1 to 7 of 7

Thread: Tools for 64bit Assembly/Debugging/Patching ??

  1. #1

    Question Tools for 64bit Assembly/Debugging/Patching ??

    Is anyone aware of proper tools that lets edit/patch 64bit binaries using assembly instruction.

    For example, for 32 bit binaries we could press "space-bar" in Olly and type "mov ebx, eax". Since, Olly will not handle 64bit binaries, what are the other sane options to debug and patch the 64bit cousins ?

    My problem is:
    - I know the location to patch.
    - I know the x68 ASM code to patch with.
    - I *DONT* know the corresponding 64bit translation of the ASM.

    Options I have tried:
    - Visual DuxCore Debugger (doesn't seem to let edit/patch)
    - Manually editing byte in 64 bit IDA disassembly and checking the 64 bit translation. (with limited success)
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2

    As Above

    Microsoft Windows Debugger.

    Surprisingly Good.

    Have Phun
    Blame Microsoft, get l337 !!

  3. #3
    The best option I have found for patching x64 is Hiew 8.x. It allows you to modify the assembly command directly, as well as it's hexadecimal representation.

  4. #4
    IDA can debug native 64 applications i done it and its realy cool
    for editing the asm well you can use any Hex editor but if you are looking for
    somthing that will translate the ASM command to byte code Hiew is the tool for you.

  5. #5
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Ring -1
    Blog Entries
    Won't the "hidden" IDA patch tools do it too?
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  6. #6
    I have a probably stupid question.
    Do 32 bit and 64 bit applications of the same software look identical in hex editors?
    So for example if you patched a 32 bit program, can you use a hex editor to patch the 64 bit version by find/replace the same hex patterns?

    I'm trying to do the same thing as OP but don't understand anything you guys are talking about x.x

  7. #7
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    No, they't not identical. If they were identical then you wouldn't need two different versions to begin with.

Similar Threads

  1. gdbinit 64bit
    By xarti in forum Tools of Our Trade (TOT) Messageboard
    Replies: 1
    Last Post: April 7th, 2011, 04:25
  2. Is there any 64bit debugger for linux?
    By Hero in forum Linux RCE
    Replies: 4
    Last Post: June 30th, 2010, 19:33
  3. Assembly Patching
    By Goveynetcom in forum Advanced Reversing and Programming
    Replies: 3
    Last Post: March 29th, 2010, 08:55
  4. 64bit debugging
    By omega_red in forum Tools of Our Trade (TOT) Messageboard
    Replies: 17
    Last Post: July 31st, 2009, 16:26
  5. Debugging Tools for Windows, v6.5.3.7 has been released
    By 0rp in forum Tools of Our Trade (TOT) Messageboard
    Replies: 0
    Last Post: July 4th, 2005, 13:00

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts