Posted May 19, 20178 yr Heya, I'm migrating over to x32dbg from olly 2.01. I wrote a plugin to aid me in decryption of certain internal strings of certain files. I use the code below as an example: unsigned char* data = new unsigned char[len]; if(DbgMemRead(sel.start, data, len)) { decrypt_data(data, len); DbgMemWrite(sel.start, data, len); _plugin_logprintf("[" PLUGIN_NAME "] Region decrypted"); } delete[] data; When I click on my menu to decrypt the currently selected region the result is completely fine. However, the issue is that x32dbg does not recognize the edited memory as being modified (like you would get using Ctrl+E). This means I see a blank screen in the patches dialog. Am I using the wrong function to write the data ( DbgMemWrite() ) or is there a feature/button/something to scan the memory for edits to get them visible in the patch dialog? Edited May 20, 20178 yr by HellSpider
May 19, 20178 yr There is a _mempatch function in _DbgFunctions: https://github.com/x64dbg/x64dbg/blob/24972c02783404d51343e9f8fcc94ac6cf12a60d/src/dbg/_dbgfunctions.cpp#L81 that calls MemPatch that might work and register the patch to the PatchList (which is enumerated and shown in the Patch Dialog) I think this is available vis the DbgFunctions structure: https://github.com/x64dbg/x64dbg/blob/24972c02783404d51343e9f8fcc94ac6cf12a60d/src/dbg/_dbgfunctions.cpp#L353 As far as I'm aware these are considered internal functions, but have been here for a while, but cant guarantee that they wont be moved or refactored to some other way of doing the same, but might not be available externally to developers in future - might have to check with @mrexodia to see what is likely Edited May 19, 20178 yr by fearless add @ properly
May 20, 20178 yr Author 17 hours ago, fearless said: There is a _mempatch function in _DbgFunctions: https://github.com/x64dbg/x64dbg/blob/24972c02783404d51343e9f8fcc94ac6cf12a60d/src/dbg/_dbgfunctions.cpp#L81 that calls MemPatch that might work and register the patch to the PatchList (which is enumerated and shown in the Patch Dialog) I think this is available vis the DbgFunctions structure: https://github.com/x64dbg/x64dbg/blob/24972c02783404d51343e9f8fcc94ac6cf12a60d/src/dbg/_dbgfunctions.cpp#L353 As far as I'm aware these are considered internal functions, but have been here for a while, but cant guarantee that they wont be moved or refactored to some other way of doing the same, but might not be available externally to developers in future - might have to check with @mrexodia to see what is likely Alright, had a go at this again this morning. Using MemPatch() from the DBGFUNCTIONS structure seems to do the trick. unsigned char* data = new unsigned char[len]; if(DbgMemRead(sel.start, data, len)) { decrypt_data(data, len); DbgFunctions()->MemPatch(sel.start, data, len); _plugin_logprintf("[" PLUGIN_NAME "] Region decrypted"); } delete[] data; Thanks for the tips.
May 20, 20178 yr Your welcome. Feel free to join the x64dbg telegram group as well: http://telegram.x64dbg.com/
Create an account or sign in to comment