-
x64dbg 配置插件SDK开发环境
x64dbg 是一款开源的应用层反汇编调试器,旨在对没有源代码的可执行文件进行恶意软件分析和逆向工程,同时 x64dbg 还允许用户开发插件来扩展功能,插件开发环境的配置非常简单,如下将简单介绍x64dbg是如何配置开发环境以及如何开发插件的。
默认情况下当你下载好
x64dbg时,在pluginsdk目录下都会包含lib库,这个库可以直接引用到项目内的。
插件库的引入也很简单,在vs中只需要配置
include引用,以及lib库位置即可,x64dbglib库的配置异常简单。
引入后,我们去官方下载好插件模板文件https://github.com/x64dbg/PluginTemplate
https://github.com/x64dbg/PluginTemplate此处为了开发方便,我做了精简化,你可以直接使用我的方法来新建文件,建出来的文件只有两个非常简洁。
首先在头文件部分新建一个
pluginmain.h并增加PLUGIN_NAME替换成自己项目的名字。- #pragma once
- // Plugin information
- #define PLUGIN_NAME "LySharkBlog"
- #define PLUGIN_VERSION 1
- #include "pluginsdk/bridgemain.h"
- #include "pluginsdk/_plugins.h"
- #include "pluginsdk/_scriptapi_argument.h"
- #include "pluginsdk/_scriptapi_assembler.h"
- #include "pluginsdk/_scriptapi_bookmark.h"
- #include "pluginsdk/_scriptapi_comment.h"
- #include "pluginsdk/_scriptapi_debug.h"
- #include "pluginsdk/_scriptapi_flag.h"
- #include "pluginsdk/_scriptapi_function.h"
- #include "pluginsdk/_scriptapi_gui.h"
- #include "pluginsdk/_scriptapi_label.h"
- #include "pluginsdk/_scriptapi_memory.h"
- #include "pluginsdk/_scriptapi_misc.h"
- #include "pluginsdk/_scriptapi_module.h"
- #include "pluginsdk/_scriptapi_pattern.h"
- #include "pluginsdk/_scriptapi_register.h"
- #include "pluginsdk/_scriptapi_stack.h"
- #include "pluginsdk/_scriptapi_symbol.h"
- #include "pluginsdk/DeviceNameResolver/DeviceNameResolver.h"
- #include "pluginsdk/jansson/jansson.h"
- #include "pluginsdk/lz4/lz4file.h"
- #include "pluginsdk/TitanEngine/TitanEngine.h"
- #include "pluginsdk/XEDParse/XEDParse.h"
- #ifdef _WIN64
- #pragma comment(lib, "pluginsdk/x64dbg.lib")
- #pragma comment(lib, "pluginsdk/x64bridge.lib")
- #pragma comment(lib, "pluginsdk/DeviceNameResolver/DeviceNameResolver_x64.lib")
- #pragma comment(lib, "pluginsdk/jansson/jansson_x64.lib")
- #pragma comment(lib, "pluginsdk/lz4/lz4_x64.lib")
- #pragma comment(lib, "pluginsdk/TitanEngine/TitanEngine_x64.lib")
- #pragma comment(lib, "pluginsdk/XEDParse/XEDParse_x64.lib")
- #else
- #pragma comment(lib, "pluginsdk/x32dbg.lib")
- #pragma comment(lib, "pluginsdk/x32bridge.lib")
- #pragma comment(lib, "pluginsdk/DeviceNameResolver/DeviceNameResolver_x86.lib")
- #pragma comment(lib, "pluginsdk/jansson/jansson_x86.lib")
- #pragma comment(lib, "pluginsdk/lz4/lz4_x86.lib")
- #pragma comment(lib, "pluginsdk/TitanEngine/TitanEngine_x86.lib")
- #pragma comment(lib, "pluginsdk/XEDParse/XEDParse_x86.lib")
- #endif //_WIN64
- #define Cmd(x) DbgCmdExecDirect(x)
- #define Eval(x) DbgValFromString(x)
- #define dprintf(x, ...) _plugin_logprintf("[" PLUGIN_NAME "] " x, __VA_ARGS__)
- #define dputs(x) _plugin_logprintf("[" PLUGIN_NAME "] %s\n", x)
- #define PLUG_EXPORT extern "C" __declspec(dllexport)
- //superglobal variables
- extern int pluginHandle;
- extern HWND hwndDlg;
- extern int hMenu;
- extern int hMenuDisasm;
- extern int hMenuDump;
- extern int hMenuStack;
- //functions
- bool pluginInit(PLUG_INITSTRUCT* initStruct);
- void pluginStop();
- void pluginSetup();
其次新建一个实现文件
pluginmain.cpp并写入以下代码,多数情况下我为了方便调试会使用这段代码,当我们点击菜单时会触发菜单功能,以此可以快速测试特定函数是否正常。- #include "pluginmain.h"
- #include
- #include
- int pluginHandle;
- HWND hwndDlg;
- int hMenu;
- int hMenuDisasm;
- int hMenuDump;
- int hMenuStack;
- // 导出函数
- extern "C" __declspec(dllexport) void CBMENUENTRY(CBTYPE cbType, PLUG_CB_MENUENTRY* info);
- extern "C" __declspec(dllexport) void plugsetup(PLUG_SETUPSTRUCT* setupStruct);
- extern "C" __declspec(dllexport) bool pluginit(PLUG_INITSTRUCT* initStruct);
- // 在这里初始化插件数据。
- bool pluginInit(PLUG_INITSTRUCT* initStruct)
- {
- // 返回false以取消加载插件。
- return true;
- }
- // 在此处取消初始化插件数据。
- void pluginStop()
- {
- }
- // 在这里做GUI/菜单相关的事情。
- void pluginSetup()
- {
- }
- // 菜单被点击回调
- void CBMENUENTRY(CBTYPE cbType, PLUG_CB_MENUENTRY* info)
- {
- // 此菜单用于实现功能,并测试
- for (int x = 0; x < 100; x++)
- {
- _plugin_logprint("hello lyshark");
- }
- }
- PLUG_EXPORT bool pluginit(PLUG_INITSTRUCT* initStruct)
- {
- initStruct->pluginVersion = PLUGIN_VERSION;
- initStruct->sdkVersion = PLUG_SDKVERSION;
- strncpy_s(initStruct->pluginName, PLUGIN_NAME, _TRUNCATE);
- pluginHandle = initStruct->pluginHandle;
- // 插件初始化
- initStruct->sdkVersion = PLUG_SDKVERSION;
- initStruct->pluginVersion = 1;
- const char *name = "CheckME -->";
- memset(initStruct->pluginName, 0, 128);
- memcpy(initStruct->pluginName, name, strlen(name));
- return pluginInit(initStruct);
- }
- PLUG_EXPORT bool plugstop()
- {
- pluginStop();
- return true;
- }
- PLUG_EXPORT void plugsetup(PLUG_SETUPSTRUCT* setupStruct)
- {
- hwndDlg = setupStruct->hwndDlg;
- hMenu = setupStruct->hMenu;
- hMenuDisasm = setupStruct->hMenuDisasm;
- hMenuDump = setupStruct->hMenuDump;
- hMenuStack = setupStruct->hMenuStack;
- // 增加二级菜单
- char sub_menu[] = { "PowerBy LyShark" };
- _plugin_menuaddentry(setupStruct->hMenu, 2, sub_menu);
- pluginSetup();
- }
编译这段代码,然后我们将其放入到
x64dbg目录下的plugins目录,然后运行程序,点击checkme即可测试我们的功能了。
-
相关阅读:
CSS calc() 使用指南
WSDM‘22推荐系统论文梳理
计算机网络二:应用层
Linux常用初级指令介绍和使用
操作系统专项练习
PhotoShop批量压缩图片
图论相关内容
ASP.NET第四章 Response、Request和Server对象
***杨辉三角_yyds_LeetCode_python***
rhcsa学习3 文件
- 原文地址:https://blog.csdn.net/lyshark_csdn/article/details/126670381
