Solved IDA 1491 error when I attach a process

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

Pedroma34

Newbie
Full Member
Apr 20, 2016
32
688
2
How long you been coding/hacking?
2 years maybe
I've tried all debuggers and I get errors in all of them when I attach to a process. When I use LocalWindows debugger, I get 1491 error, and when I try other debuggers it says "Could not initialize WinDbg." Anyone knows what's the problem here? Note that when I open IDA-64bit I don't get this error, but I can't use Hex-Ray plugin in 64-bit.
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,372
78,998
2,414
Fixed it!

IDA 7.0 Error 1491 Patch

Debugger Setup

First open Ida\cff\ida.cfg & search for "DBGTOOLS" and set that line to this:
C++:
DBGTOOLS = "C:\\Program Files (x86)\\Windows Kits\\10\\Debuggers\\x64";
Or where ever your dbgeng.dll file is located

Download the attachment
Backup the 3 files
Extract it to Ida\plugins\

Now you can debug anything in IDA Pro using the Locals Windows Debugger or Windbg Debugger on both x86 and x64.

How it works
Computerline already patched the first 2 files, I patched the third

This is what it looks like before you patch it:
1602540802119.png

The red area is where error 1491 gets trapped and handled after a comparison fails. So what I did was just NOP the entire area in the RED box, essentially changing execution flow down the BLUE arrow.
 

Attachments

HereToHack

Meme Tier VIP
Dank Tier Donator
Apr 28, 2019
230
3,303
25
could be the process you're trying to attach to has anti-debug protection have you tried other processes?
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,372
78,998
2,414
IDA Pro Error 1491

A description of the problem & a solution to the problem is here:
Exetools - View Single Post - IDA Pro error 1491, any fix?

But the download which contains the patched files is not compatible with my version of IDA 7.

If you open win32_user.dll and search for "4d 85 db 74 1c" you will find:
1602362853069.png


which is:

1602364897403.png


5d3 = error 1491

You can patch this conditional jmp:
cmp r11, 2
jb short loc_15EC43C5

turn the jb into a JMP by overwriting it with EB

But sadly the error triggers somewhere else which I was unable to find, I was unable to patch it myself :( Maybe someone else can figure it out
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods