├── output ├── hello.dll ├── assem_0x00.exe ├── func_0x00.exe ├── main_0x00.exe ├── main_0x01.exe └── main_0x02.exe ├── x64dbg-brief.pdf ├── crackmes ├── crackme0x00.exe ├── crackme0x01.exe ├── crackme0x02.exe ├── crackme0x03.exe ├── crackme0x04.exe ├── crackme0x05.exe ├── crackme0x06.exe ├── crackme0x07.exe ├── crackme0x08.exe └── crackme0x09.exe ├── main ├── main_0x00.c ├── main_0x01.c ├── main_0x02.c └── func_0x00.c ├── notes.txt ├── compile.sh ├── dll └── hello.c ├── assem ├── assem_0x00.asm └── assem_0x01.asm └── README.md /output/hello.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stryker2k2/dbg-demo/HEAD/output/hello.dll -------------------------------------------------------------------------------- /x64dbg-brief.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stryker2k2/dbg-demo/HEAD/x64dbg-brief.pdf -------------------------------------------------------------------------------- /output/assem_0x00.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stryker2k2/dbg-demo/HEAD/output/assem_0x00.exe -------------------------------------------------------------------------------- /output/func_0x00.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stryker2k2/dbg-demo/HEAD/output/func_0x00.exe -------------------------------------------------------------------------------- /output/main_0x00.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stryker2k2/dbg-demo/HEAD/output/main_0x00.exe -------------------------------------------------------------------------------- /output/main_0x01.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stryker2k2/dbg-demo/HEAD/output/main_0x01.exe -------------------------------------------------------------------------------- /output/main_0x02.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stryker2k2/dbg-demo/HEAD/output/main_0x02.exe -------------------------------------------------------------------------------- /crackmes/crackme0x00.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stryker2k2/dbg-demo/HEAD/crackmes/crackme0x00.exe -------------------------------------------------------------------------------- /crackmes/crackme0x01.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stryker2k2/dbg-demo/HEAD/crackmes/crackme0x01.exe -------------------------------------------------------------------------------- /crackmes/crackme0x02.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stryker2k2/dbg-demo/HEAD/crackmes/crackme0x02.exe -------------------------------------------------------------------------------- /crackmes/crackme0x03.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stryker2k2/dbg-demo/HEAD/crackmes/crackme0x03.exe -------------------------------------------------------------------------------- /crackmes/crackme0x04.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stryker2k2/dbg-demo/HEAD/crackmes/crackme0x04.exe -------------------------------------------------------------------------------- /crackmes/crackme0x05.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stryker2k2/dbg-demo/HEAD/crackmes/crackme0x05.exe -------------------------------------------------------------------------------- /crackmes/crackme0x06.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stryker2k2/dbg-demo/HEAD/crackmes/crackme0x06.exe -------------------------------------------------------------------------------- /crackmes/crackme0x07.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stryker2k2/dbg-demo/HEAD/crackmes/crackme0x07.exe -------------------------------------------------------------------------------- /crackmes/crackme0x08.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stryker2k2/dbg-demo/HEAD/crackmes/crackme0x08.exe -------------------------------------------------------------------------------- /crackmes/crackme0x09.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stryker2k2/dbg-demo/HEAD/crackmes/crackme0x09.exe -------------------------------------------------------------------------------- /main/main_0x00.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main(int argv, char* argc[]) 4 | { 5 | printf("Hello from main()!"); 6 | } 7 | 8 | // x86_64-w64-mingw32-gcc -o ./output/main_0x00.exe ./main/main_0x00.c -------------------------------------------------------------------------------- /main/main_0x01.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main(int argv, char* argc[]) 5 | { 6 | HINSTANCE hinst; 7 | BOOL result; 8 | 9 | hinst = LoadLibraryA("hello.dll"); 10 | result = FreeLibrary(hinst); 11 | } 12 | 13 | // x86_64-w64-mingw32-gcc -o ./output/main_0x01.exe ./main/main_0x01.c -------------------------------------------------------------------------------- /notes.txt: -------------------------------------------------------------------------------- 1 | ### Ubuntu 20.04 2 | - sudo apt install git 3 | - sudo apt install build-essential 4 | - sudo apt install gcc-mingw-w64-x86-64 5 | - sudo snap install code --classic 6 | - git clone https://github.com/stryker2k2/dbg-demo.git 7 | 8 | ### Windows 10 9 | - Install x64dbg (https://x64dbg.com) 10 | - Install Ghidra (https://ghidra-sre.org) -------------------------------------------------------------------------------- /compile.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | rm ./output/* 4 | 5 | x86_64-w64-mingw32-gcc -shared -o ./output/hello.dll ./dll/hello.c 6 | x86_64-w64-mingw32-gcc -o ./output/main_0x00.exe ./main/main_0x00.c 7 | x86_64-w64-mingw32-gcc -o ./output/main_0x01.exe ./main/main_0x01.c 8 | x86_64-w64-mingw32-gcc -o ./output/main_0x02.exe ./main/main_0x02.c 9 | x86_64-w64-mingw32-gcc -o ./output/func_0x00.exe ./main/func_0x00.c 10 | 11 | sudo rm /media/sf_Shared/*.exe 12 | sudo rm /media/sf_Shared/*.dll 13 | sudo cp ./output/*.exe /media/sf_Shared 14 | sudo cp ./output/*.dll /media/sf_Shared 15 | 16 | echo [*] Done -------------------------------------------------------------------------------- /dll/hello.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | static DWORD __stdcall HelloMsgBox(char* fdwReason) 5 | { 6 | MessageBox(NULL, fdwReason, "Hello World!", MB_OK); 7 | } 8 | 9 | __declspec(dllexport) 10 | BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) 11 | { 12 | switch (fdwReason) 13 | { 14 | case DLL_PROCESS_ATTACH: 15 | OutputDebugString("DLL_PROCESS_ATTACH"); 16 | HelloMsgBox("DLL_PROCESS_ATTACH"); 17 | break; 18 | 19 | case DLL_THREAD_ATTACH: 20 | OutputDebugString("DLL_THREAD_ATTACH"); 21 | HelloMsgBox("DLL_THREAD_ATTACH"); 22 | break; 23 | 24 | case DLL_THREAD_DETACH: 25 | OutputDebugString("DLL_THREAD_DETACH"); 26 | break; 27 | 28 | case DLL_PROCESS_DETACH: 29 | OutputDebugString("DLL_PROCESS_DETACH"); 30 | break; 31 | } 32 | 33 | return TRUE; 34 | } 35 | 36 | // x86_64-w64-mingw32-gcc -shared -o ./output/hello.dll ./dll/hello.c 37 | // rundll32.exe hello.dll,DllMain -------------------------------------------------------------------------------- /main/main_0x02.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main(int argv, char* argc[]) 5 | { 6 | HANDLE processHandle; 7 | PVOID remoteBuffer; 8 | wchar_t dllPath[] = (L"Z:\\hello.dll"); 9 | int result; 10 | LPVOID loadLibAddr; 11 | LPDWORD lpThreadID; 12 | HANDLE hThread; 13 | 14 | LoadLibraryW(dllPath); 15 | 16 | processHandle = GetCurrentProcess(); 17 | remoteBuffer = VirtualAllocEx(processHandle, NULL, sizeof dllPath, MEM_COMMIT, PAGE_READWRITE); 18 | result = WriteProcessMemory(processHandle, remoteBuffer, (LPVOID)dllPath, sizeof dllPath, NULL); 19 | loadLibAddr = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA"); 20 | PTHREAD_START_ROUTINE threadStartRoutineAddress = (PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(TEXT("Kernel32")), "LoadLibraryW"); 21 | hThread = CreateThread(NULL, 0, threadStartRoutineAddress, dllPath, 0, NULL); 22 | 23 | WaitForSingleObject(hThread, INFINITE); 24 | CloseHandle(hThread); 25 | CloseHandle(processHandle); 26 | 27 | return 0; 28 | } 29 | 30 | // x86_64-w64-mingw32-gcc -o ./output/main_0x02.exe ./main/main_0x02.c -------------------------------------------------------------------------------- /assem/assem_0x00.asm: -------------------------------------------------------------------------------- 1 | ; ------------------------------------------------------------------ 2 | ; helloworld.asm 3 | ; 4 | ; This is a Win32 console program that writes "Hello World" 5 | ; on a single line and then exits. 6 | ; 7 | ; To assemble to .obj: nasm -f win32 assem_0x00.asm 8 | ; To compile to .exe: gcc assem_0x00.obj -o assem_0x00.exe 9 | ; 10 | ; Follow the instructions at this link 11 | ; https://labs.bilimedtech.com/nasm/windows-install/1.html 12 | ; ------------------------------------------------------------------ 13 | 14 | global _main ; declare main() method 15 | extern _printf ; link to external library 16 | 17 | segment .data 18 | message: db 'Hello world', 0xA, 0 ; text message 19 | ; 0xA (10) is hex for (NL), carriage return 20 | ; 0 terminates the line 21 | 22 | ; code is put in the .text section 23 | section .text 24 | _main: ; the entry point! void main() 25 | push message ; save message to the stack 26 | call _printf ; display the first value on the stack 27 | add esp, 4 ; clear the stack 28 | ret ; return -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## x64dbg Demonstration 2 | 3 | ### Overview 4 | A series of easy software examples to demonstrate the use of x64dbg. 5 | 6 | - assem_series: Simple "Hello World!" samples to show the similarities between what is written in Assembly Code versus what is seen in x64dbg 7 | - main_series: Small grouping of samples to show how DLLs are loaded and how DLLs are seen (and dumped) in x64dbg 8 | - func_0x01: Example of using Ghidra side-by-side to assist in naming function is x64dbg 9 | - crackme_series: Ten crackme challenges from Shogun Labs to test x64dbg skills 10 | 11 | ### Repository 12 | - https://github.com/stryker2k2/dbg-demo 13 | 14 | ### Programs 15 | - https://code.visualstudio.com 16 | - https://x64dbg.com 17 | - https://ghidra-sre.org 18 | - https://mingw-w64.org 19 | 20 | ### DLL Creation and DLL Injection Resources 21 | - https://www.ired.team/offensive-security/code-injection-process-injection/process-injection 22 | - https://www.ired.team/offensive-security/code-injection-process-injection/dll-injection 23 | - https://blog.didierstevens.com/2017/09/08/quickpost-dlldemo/ 24 | - http://blog.opensecurityresearch.com/2013/01/windows-dll-injection-basics.html 25 | 26 | 27 | ### CrackMe Challenges 28 | - https://www.shogunlab.com/blog/2019/04/12/here-be-dragons-ghidra-0.html 29 | - https://youtu.be/6p5Qviusskk 30 | - https://youtu.be/Eu9YC1Jq1Do -------------------------------------------------------------------------------- /assem/assem_0x01.asm: -------------------------------------------------------------------------------- 1 | ; name: asm_0x01.asm 2 | ; target: linux 3 | 4 | global _start 5 | 6 | section .text: 7 | 8 | _start: 9 | ; Write HelloWorld to stdout 10 | mov eax, 0x4 ; use the 'write' syscall 11 | mov ebx, 1 ; use stdout as the fd 12 | mov ecx, message ; use message as buf 13 | mov edx, message_length ; provide message length 14 | int 0x80 ; interrupt with syscall (aka do syscall) 15 | 16 | ; Exit program 17 | mov eax, 0x1 ; use the 'exit' syscall 18 | mov ebx, 0 ; return 0 for success 19 | int 0x80 ; interrupt with syscall (aka do syscall) 20 | 21 | section .data: 22 | message: db "Hello World!", 0xA ; 0xA = "\n" 23 | message_length equ $-message 24 | 25 | ; Notes: 26 | ; - Find 'write' and 'exit' syscalls in "unistd_32.h" by running 27 | ; "locate unistd_32.h" in a terminal 28 | ; - Find write usage by running "man 2 write" 29 | ; usage: ssize_t write(int fd, const void *buf, size_t count); 30 | ; - Registers 31 | ; eax: syscall (and return value) 32 | ; ebx: int fd 33 | ; ecx: const void *buf 34 | ; edx: size_t count 35 | ; - Compile with nasm for Linux 36 | ; nasm -f elf32 -o ./assembly/assem_0x01.o ./assembly/assem_0x01.asm 37 | ; ld -m elf_i386 -o ./output/assem_0x01 ./assembly/assem_0x01.o -------------------------------------------------------------------------------- /main/func_0x00.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | // #define LOG_PRINT(fmt, ...) do { 7 | // printf(fmt, ##__VA_ARGS__); 8 | // } while(0) 9 | #define LOG_PRINT(fmt, ...) do {printf(fmt, ##__VA_ARGS__);} while(0) 10 | 11 | int stringToDouble(char* date) 12 | { 13 | double day; 14 | double year; 15 | char* month; 16 | 17 | if (!date) 18 | { 19 | date = "01 JAN"; 20 | } 21 | 22 | /* Convert date (08 March) to... 23 | day = 01 24 | month = JAN */ 25 | day = strtod(date, &month); 26 | LOG_PRINT("[*] strtod for day is: %d\n", (int)day); 27 | LOG_PRINT("[*] strtod for month is: %s\n", month); 28 | 29 | LOG_PRINT("[*] The MMM-DD of conversion of \"%s\" is:%s %d\n", 30 | date, month, (int)day); 31 | 32 | return 0; 33 | } 34 | 35 | int main(int argv, char* argc[]) 36 | { 37 | if (argv != 2) 38 | { 39 | LOG_PRINT("[*] Usage: func_0x00.exe \"DD MMM\"\n"); 40 | } 41 | 42 | else 43 | { 44 | double num; 45 | stringToDouble(argc[1]); 46 | } 47 | 48 | return 0; 49 | } 50 | 51 | // Windows: 52 | // x86_64-w64-mingw32-gcc -o ./output/func_0x01.exe ./main/func_0x00.c 53 | // c:/> func_0x00.exe "26 MAR" 54 | 55 | // Linux 56 | // gcc -o ./output/func_0x00 ./main/func_0x00.c 57 | // ~$ .func_0x00.exe "26 March" 58 | 59 | // Optional Windows Compilation: 60 | // x86_64-w64-mingw32-gcc -Os -fno-toplevel-reorder -fpack-struct=8 -fPIC -fPIE -Iwindows -D_WIN32_WINNT=0x600 -D__USE_MINGW_ANSI_STDIO=0 -o ./output/func_0x00.exe ./main/func_0x00.c --------------------------------------------------------------------------------