-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathplugin.cpp
More file actions
99 lines (81 loc) · 3.21 KB
/
Copy pathplugin.cpp
File metadata and controls
99 lines (81 loc) · 3.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
#include "plugin.h"
// Examples: https://github.com/x64dbg/x64dbg/wiki/Plugins
// References:
// - https://help.x64dbg.com/en/latest/developers/plugins/index.html
// - https://x64dbg.com/blog/2016/10/04/architecture-of-x64dbg.html
// - https://x64dbg.com/blog/2016/10/20/threading-model.html
// - https://x64dbg.com/blog/2016/07/30/x64dbg-plugin-sdk.html
// Command use the same signature as main in C
// argv[0] contains the full command, after that are the arguments
// NOTE: arguments are separated by a COMMA (not space like WinDbg)
static bool cbExampleCommand(int argc, char** argv)
{
if (argc < 3)
{
dputs("Usage: " PLUGIN_NAME "expr1, expr2");
// Return false to indicate failure (used for scripting)
return false;
}
// Helper function for parsing expressions
// Reference: https://help.x64dbg.com/en/latest/introduction/Expressions.html
auto parseExpr = [](const char* expression, duint& value)
{
bool success = false;
value = DbgEval(expression, &success);
if (!success)
dprintf("Invalid expression '%s'\n", expression);
return success;
};
duint a = 0;
if (!parseExpr(argv[1], a))
return false;
duint b = 0;
if (!parseExpr(argv[2], b))
return false;
// NOTE: Look at x64dbg-sdk/pluginsdk/bridgemain.h for a list of available functions.
// The Script:: namespace and DbgFunctions()->... are also good to check out.
// Do something meaningful with the arguments
duint result = a + b;
dprintf("$result = 0x%p + 0x%p = 0x%p\n", a, b, result);
// The $result variable can be used for scripts
DbgValToString("$result", result);
return true;
}
// Initialize your plugin data here.
bool pluginInit(PLUG_INITSTRUCT* initStruct)
{
dprintf("pluginInit(pluginHandle: %d)\n", pluginHandle);
_plugin_registercommand(pluginHandle, PLUGIN_NAME, [](int argc, char* argv[])
{
auto eax = DbgEval("eax");
auto ebx = DbgEval("ebx");
auto ecx = DbgEval("ecx");
auto edx = DbgEval("edx");
auto esi = DbgEval("esi");
auto edi = DbgEval("edi");
auto ebp = DbgEval("ebp");
auto esp = DbgEval("esp");
auto eip = DbgEval("eip");
dprintf("EAX=0x%08X EBX=0x%08X ECX=0x%08X EDX=0x%08X\n", eax, ebx, ecx, edx);
dprintf("ESI=0x%08X EDI=0x%08X EBP=0x%08X ESP=0x%08X\n", esi, edi, ebp, esp);
return true;
}, true);
return true; //Return false to cancel loading the plugin.
}
// Deinitialize your plugin data here.
// NOTE: you are responsible for gracefully closing your GUI
// This function is not executed on the GUI thread, so you might need
// to use WaitForSingleObject or similar to wait for everything to close.
void pluginStop()
{
// Prefix of the functions to call here: _plugin_unregister
dprintf("pluginStop(pluginHandle: %d)\n", pluginHandle);
}
// Do GUI/Menu related things here.
// This code runs on the GUI thread: GetCurrentThreadId() == GuiGetMainThreadId()
// You can get the HWND using GuiGetWindowHandle()
void pluginSetup()
{
// Prefix of the functions to call here: _plugin_menu
dprintf("pluginSetup(pluginHandle: %d)\n", pluginHandle);
}