Attacking Common Applications - Attacking Thick Client Applications

JahBless · May 19, 2023, 11:52am

Hello, anyone who finished this exercise can give me some help.

This has been the most frustrating exercise yet, I don’t even understand the concept or what I am doing.

I did all the steps.

After dumping the file from x64dbg.exe and running string64.exe on it, this is my output:

Screenshot from 2023-05-19 12-46-53

Running de4dot.exe:
Screenshot from 2023-05-19 12-47-49

Pretty sure i did every step correctly. If not i suppose i would not find the map with a size of 0000000000003000 with a type of MAP and protection set to -RW--. I think! Like i said i have no idea what I am doing in this exercise.

Thanks!

JahBless · May 19, 2023, 3:17pm

SOLVED IT!

My error was i forgot to restart the x64dbg.exe application after changing the preferences.

Your file dumped file must have this name: restart-service_00000000001F0000.bin

krellkrypto · May 30, 2023, 4:36pm

How were you able to get the memory dump to be slow enough? it is updating every one second for me so I cant click on it when it zooms by?

raaven · May 31, 2023, 11:38pm

After making changes in x64dbg Preferences, restart the application