Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Adding patches via plugin

HellSpider
HellSpider
in x64dbg

Featured Replies

Posted

Heya,

I'm migrating over to x32dbg from olly 2.01. I wrote a plugin to aid me in decryption of certain internal strings of certain files.

I use the code below as an example: 

unsigned char* data = new unsigned char[len];
if(DbgMemRead(sel.start, data, len))
{
	decrypt_data(data, len);
	DbgMemWrite(sel.start, data, len);
	_plugin_logprintf("[" PLUGIN_NAME "] Region decrypted");
}
delete[] data;

When I click on my menu to decrypt the currently selected region the result is completely fine.
However, the issue is that x32dbg does not recognize the edited memory as being modified (like you would get using Ctrl+E).
This means I see a blank screen in the patches dialog.

Am I using the wrong function to write the data ( DbgMemWrite() ) or is there a feature/button/something to scan the memory for edits to get them visible in the patch dialog?

Edited by HellSpider

    • Like 1

    There is a _mempatch function in _DbgFunctions: https://github.com/x64dbg/x64dbg/blob/24972c02783404d51343e9f8fcc94ac6cf12a60d/src/dbg/_dbgfunctions.cpp#L81 that calls MemPatch that might work and register the patch to the PatchList (which is enumerated and shown in the Patch Dialog)

    I think this is available vis the DbgFunctions structure: https://github.com/x64dbg/x64dbg/blob/24972c02783404d51343e9f8fcc94ac6cf12a60d/src/dbg/_dbgfunctions.cpp#L353

    As far as I'm aware these are considered internal functions, but have been here for a while, but cant guarantee that they wont be moved or refactored to some other way of doing the same, but might not be available externally to developers in future - might have to check with @mrexodia to see what is likely

     

    Edited by fearless
    add @ properly

    • Like 3
    • Author
    17 hours ago, fearless said:

    There is a _mempatch function in _DbgFunctions: https://github.com/x64dbg/x64dbg/blob/24972c02783404d51343e9f8fcc94ac6cf12a60d/src/dbg/_dbgfunctions.cpp#L81 that calls MemPatch that might work and register the patch to the PatchList (which is enumerated and shown in the Patch Dialog)

    I think this is available vis the DbgFunctions structure: https://github.com/x64dbg/x64dbg/blob/24972c02783404d51343e9f8fcc94ac6cf12a60d/src/dbg/_dbgfunctions.cpp#L353

    As far as I'm aware these are considered internal functions, but have been here for a while, but cant guarantee that they wont be moved or refactored to some other way of doing the same, but might not be available externally to developers in future - might have to check with @mrexodia to see what is likely

     

    Alright, had a go at this again this morning. Using MemPatch() from the DBGFUNCTIONS structure seems to do the trick. 

    unsigned char* data = new unsigned char[len];
if(DbgMemRead(sel.start, data, len))
{
	decrypt_data(data, len);
	DbgFunctions()->MemPatch(sel.start, data, len);
	_plugin_logprintf("[" PLUGIN_NAME "] Region decrypted");
}
delete[] data;

    Thanks for the tips.

     

    • Like 2

    Your welcome. Feel free to join the x64dbg telegram group as well: http://telegram.x64dbg.com/

     

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.