x64dbg plugin in delphi

[remek002]

I recently started playing with the Delphi language and decided to create a little x64dbg plugin that will add a calculator and a notepad in x64dbg.

Since @quygia128 made x64_dbg-PluginSDK and the CleanupEx plugin, I decided to go with x64_dbg-PluginSDK.

Due to the fact that x64_dbg-PluginSDK lacks a few functions, because the last update was in 2014 and for this reason there were some functions missing in the code, e.g. you cannot add icons, menu in disassembly, HexDump etc...

I tried to compile the plugin with DELPHI x96dbg Plugins SDK, but the plugin does not work, i.e. x64dbg crashed.

Then I decided to update x64_dbg-PluginSDK and add the missing functions, now the plugin works fine and maybe it will be useful to someone.

MoreTool.zip

Edited July 21, 2022 by remek002

[mrexodia]

Just so you know, there is already a notepad built in ^^

[remek002]

Yes, I know it's in x64dbg.

The Plugin Example is for a beginner to programming like me, and there are certainly a lot of bugs in bridgemain.pas, _plugins.pas, but a simple plugin works 🙂

Thank You mrexodia for Your work and for creating x64dbg.

Regards.

[remek002]

Ok, I found some bugs in bridgemain.pa and _plugins.pas which I fixed.

Now it uses x32dbg.dll and x64dbg.dll, previously it used x32_dbg.dll and x64_dbg.dll which generated an entry point not found error and now it should work and I hope that more useful plugins will be created🙂

_plugin.zip

Edited July 21, 2022 by remek002

[remek002]

I updated DELPHI-x96dbg-Plugins-SDK if someone needs it.

I removed _plugins_type.pas, because it generated an error in the x64 version, and since almost everything is based on _plugins.pas, _plugins_type.pas was an unnecessary unit.

On 7/21/2022 at 7:32 AM, mrexodia said:

Just so you know, there is already a notepad built in ^^

I have a question for you mrexodia. Is it possible to make such an x64dbg Jumper?

I mean is it worth trying to do and will it work the same as in ollydbg?

Because if not, there is no need to deal with the code...

 

DELPHI-x96dbg-Plugins-SDK-update_23.07.2022.zip

TitanEngine.pas

Edited July 24, 2022 by remek002

[remek002]

Since I can't edit posts, I'll write and dig up the thread. I managed to put together JumperX64dbg in Delphi just for fun, which works but still has a lot of bugs, maybe someone will develop it and convince the creator of x64dbg to give more modification options, maybe not as much as in ollydbg but at least a little more than adding to the menu and new tabs

By the way, I have updated the plugin SDK a bit, and the updated SDK and source code for the JumperX64dbg plugin are in the attachment

Edit:

Add Spoiler

Spoiler

===================================
README - JumperX64dbg Plugin v0.0.2
===================================

Changelog v2:
-------------
**Added**
  + Added functionality to refresh the menu items from the INI file.
  + Added functionality to open the INI file directly from the menu.
  + Added a check to prevent duplicate API names from being added to the list.

**Fixed**
  - Enhanced memory management and pointer checks to prevent potential crash dumps related to improper pointer usage.
  - Fixed various minor bugs to improve overall stability and performance.

Description:
-------------
The JumperX64dbg plugin helps you quickly jump to important addresses or API functions in a program you are debugging.

Features:
---------
1. **Return to OEP:**
   - Jump directly to the Original Entry Point (OEP) of the main module.

2. **Add Address to Jumper:**
   - Save the current address or API name.

3. **INI File Management:**
  - The plugin automatically saves the addresses and API names you add in an INI file. API names are saved as is, 
    while addresses are saved separately under the specific name of the program you're debugging to avoid unnecessary 
    loading when debugging a different program.

How It Works:
-------------
- **Addresses:** 
  - Saved as Relative Virtual Addresses (RVA) to ensure that they can be correctly jumped to after reloading the program, 
    even if the base address of the module changes.

- **API Names:** 
  - Saved as their names, not as addresses, so you can easily recognize and jump to them.

- **Program-Specific INI File:**
  - The plugin creates an INI file named after the program you're debugging to store your saved addresses and API names.

- **Separate Sections for Addresses and APIs:**
  - The INI file keeps program addresses and API names in different sections but displays them together in the menu for easy access.

Managing Entries:
-----------------
- **Removing Entries:**
  - To remove an entry, hold down the **Ctrl** key and click on the address or API entry in the menu.
  - You will be asked to confirm the deletion. 
  - The x64dbg debugger doesn't distinguish between right and left mouse clicks and treats them both the same.

Credits:
--------
- The plugin idea is: LCF-AT 
- The author of the OllyDbg v1.10 plugin is: kao <kao.was.here@gmail.com>
- Check out the page where it all started: https://forum.tuts4you.com/topic/35230-little-plugin-request
- The author of the x64dbg plugin is: remek002

 

 

 

Edited August 13 by remek002

[remek002]

Ok, I have slightly improved the JumperX64dbg plugin and added some improvements, maybe it will be useful to someone🙃

Changelog: JumperX64dbg v2:
-------------------------------
**Added**
  + Added functionality to refresh the menu items from the INI file.
  + Added functionality to open the INI file directly from the menu.
  + Added a check to prevent duplicate API names from being added to the list.

**Fixed**
  - Enhanced memory management and pointer checks to prevent potential crash dumps related to improper pointer usage.
  - Fixed various minor bugs to improve overall stability and performance.

JumperX64dbg_v0.0.2.7z