BaymaxTools is a feature code extraction and search plug-in for x64dbg debugger. The main functions are:
parsing assembly instructions and extracting corresponding feature codes according to user's settings. 2;
process memory can be quickly searched for feature code entries (6 to 10 times faster than ordinary memory search tools) ;
better parsing of the memory space of the process being debugged (better than x64dbg), including parsing shadowDll, and more convenient memory search by type;
support for searching assembly instructions, and compiled instructions can be converted to feature code for searching;
support for searching for strings (UNICODE\ASCII\UTF-8);
can search for VM-protected instructions;
Update: Baymax toOls for x64dbg v1.9 2023.08.20
Optimize the search algorithm, faster speed!
Add the module list refresh function in the search window, if there is any change in process memory data or modules, you can refresh it and search again.
The search window supports the search of assembly instructions. 3.1> Input values will be treated as hexadecimal (without '0x' prefix or 'h' suffix). 3.2>The first line selected in the assembly window will be used as the starting address for instruction compilation 3.3>Due to different compilation modes, ModR/M (default engine) can be checked if the result is not as expected. 3.4>You can search the result of compiling assembly instructions into feature codes in the settings.
the search window supports the search of strings, can be set to not match the case, the default option at the same time to search for strings of UNICODE \ ASCII \ UTF-8 three kinds of encoding.
right-click menu to search for shelled tools (themida, vmprotect, obsidium, enigma ...) VM-protected code can be parsed for cross-section commands. 5.1>Parsing list of code segments belonging to the original program contains entry addresses of code suspected to be protected by VM. Fix some bugs
