x64dbg 配置插件SDK开发环境

x64dbg 是一款开源的应用层反汇编调试器,旨在对没有源代码的可执行文件进行恶意软件分析和逆向工程,同时 x64dbg 还允许用户开发插件来扩展功能,插件开发环境的配置非常简单,如下将简单介绍x64dbg是如何配置开发环境以及如何开发插件的。

默认情况下当你下载好x64dbg时,在pluginsdk目录下都会包含lib库,这个库可以直接引用到项目内的。

插件库的引入也很简单,在vs中只需要配置include引用,以及lib库位置即可,x64dbglib库的配置异常简单。

引入后,我们去官方下载好插件模板文件:https://github.com/x64dbg/PluginTemplate

此处为了开发方便,我做了精简化,你可以直接使用我的方法来新建文件,建出来的文件只有两个非常简洁。

首先在头文件部分新建一个pluginmain.h 并增加PLUGIN_NAME替换成自己项目的名字。

#pragma once  // Plugin information #define PLUGIN_NAME "LySharkBlog" #define PLUGIN_VERSION 1  #include "pluginsdk/bridgemain.h" #include "pluginsdk/_plugins.h"  #include "pluginsdk/_scriptapi_argument.h" #include "pluginsdk/_scriptapi_assembler.h" #include "pluginsdk/_scriptapi_bookmark.h" #include "pluginsdk/_scriptapi_comment.h" #include "pluginsdk/_scriptapi_debug.h" #include "pluginsdk/_scriptapi_flag.h" #include "pluginsdk/_scriptapi_function.h" #include "pluginsdk/_scriptapi_gui.h" #include "pluginsdk/_scriptapi_label.h" #include "pluginsdk/_scriptapi_memory.h" #include "pluginsdk/_scriptapi_misc.h" #include "pluginsdk/_scriptapi_module.h" #include "pluginsdk/_scriptapi_pattern.h" #include "pluginsdk/_scriptapi_register.h" #include "pluginsdk/_scriptapi_stack.h" #include "pluginsdk/_scriptapi_symbol.h"  #include "pluginsdk/DeviceNameResolver/DeviceNameResolver.h" #include "pluginsdk/jansson/jansson.h" #include "pluginsdk/lz4/lz4file.h" #include "pluginsdk/TitanEngine/TitanEngine.h" #include "pluginsdk/XEDParse/XEDParse.h"  #ifdef _WIN64 #pragma comment(lib, "pluginsdk/x64dbg.lib") #pragma comment(lib, "pluginsdk/x64bridge.lib") #pragma comment(lib, "pluginsdk/DeviceNameResolver/DeviceNameResolver_x64.lib") #pragma comment(lib, "pluginsdk/jansson/jansson_x64.lib") #pragma comment(lib, "pluginsdk/lz4/lz4_x64.lib") #pragma comment(lib, "pluginsdk/TitanEngine/TitanEngine_x64.lib") #pragma comment(lib, "pluginsdk/XEDParse/XEDParse_x64.lib") #else #pragma comment(lib, "pluginsdk/x32dbg.lib") #pragma comment(lib, "pluginsdk/x32bridge.lib") #pragma comment(lib, "pluginsdk/DeviceNameResolver/DeviceNameResolver_x86.lib") #pragma comment(lib, "pluginsdk/jansson/jansson_x86.lib") #pragma comment(lib, "pluginsdk/lz4/lz4_x86.lib") #pragma comment(lib, "pluginsdk/TitanEngine/TitanEngine_x86.lib") #pragma comment(lib, "pluginsdk/XEDParse/XEDParse_x86.lib") #endif //_WIN64  #define Cmd(x) DbgCmdExecDirect(x) #define Eval(x) DbgValFromString(x) #define dprintf(x, ...) _plugin_logprintf("[" PLUGIN_NAME "] " x, __VA_ARGS__) #define dputs(x) _plugin_logprintf("[" PLUGIN_NAME "] %s/n", x) #define PLUG_EXPORT extern "C" __declspec(dllexport)  //superglobal variables extern int pluginHandle; extern HWND hwndDlg; extern int hMenu; extern int hMenuDisasm; extern int hMenuDump; extern int hMenuStack;  //functions bool pluginInit(PLUG_INITSTRUCT* initStruct); void pluginStop(); void pluginSetup(); 

其次新建一个实现文件pluginmain.cpp并写入以下代码,多数情况下我为了方便调试会使用这段代码,当我们点击菜单时会触发菜单功能,以此可以快速测试特定函数是否正常。

#include "pluginmain.h" #include <Windows.h> #include <process.h>  int pluginHandle; HWND hwndDlg; int hMenu; int hMenuDisasm; int hMenuDump; int hMenuStack;  // 导出函数 extern "C" __declspec(dllexport) void CBMENUENTRY(CBTYPE cbType, PLUG_CB_MENUENTRY* info); extern "C" __declspec(dllexport) void plugsetup(PLUG_SETUPSTRUCT* setupStruct); extern "C" __declspec(dllexport) bool pluginit(PLUG_INITSTRUCT* initStruct);  // 在这里初始化插件数据。 bool pluginInit(PLUG_INITSTRUCT* initStruct) {  // 返回false以取消加载插件。  return true; }  // 在此处取消初始化插件数据。 void pluginStop() { }  // 在这里做GUI/菜单相关的事情。 void pluginSetup() { }  // 菜单被点击回调 void CBMENUENTRY(CBTYPE cbType, PLUG_CB_MENUENTRY* info) {  // 此菜单用于实现功能,并测试   for (int x = 0; x < 100; x++)  {   _plugin_logprint("hello lyshark");  } }  PLUG_EXPORT bool pluginit(PLUG_INITSTRUCT* initStruct) {  initStruct->pluginVersion = PLUGIN_VERSION;  initStruct->sdkVersion = PLUG_SDKVERSION;  strncpy_s(initStruct->pluginName, PLUGIN_NAME, _TRUNCATE);  pluginHandle = initStruct->pluginHandle;   // 插件初始化  initStruct->sdkVersion = PLUG_SDKVERSION;  initStruct->pluginVersion = 1;  const char *name = "CheckME -->";  memset(initStruct->pluginName, 0, 128);  memcpy(initStruct->pluginName, name, strlen(name));   return pluginInit(initStruct); }  PLUG_EXPORT bool plugstop() {  pluginStop();  return true; }  PLUG_EXPORT void plugsetup(PLUG_SETUPSTRUCT* setupStruct) {  hwndDlg = setupStruct->hwndDlg;  hMenu = setupStruct->hMenu;  hMenuDisasm = setupStruct->hMenuDisasm;  hMenuDump = setupStruct->hMenuDump;  hMenuStack = setupStruct->hMenuStack;   // 增加二级菜单  char sub_menu[] = { "PowerBy LyShark" };  _plugin_menuaddentry(setupStruct->hMenu, 2, sub_menu);   pluginSetup(); } 

编译这段代码,然后我们将其放入到x64dbg目录下的plugins目录,然后运行程序,点击checkme即可测试我们的功能了。

商匡云商
Logo
注册新帐户
对比商品
  • 合计 (0)
对比
0
购物车