https://github.com/x64dbg/x64dbgpy/
x64dbgpy 是一个插件,可以使用 python 脚本自动化调试过程
需要下载的文件看这里: https://github.com/x64dbg/x64dbgpy/releases
大部分函数都可以在 x64dbg/release/x32/plugins/x64dbgpy/x64dbgpy/pluginsdk/x64dbg.py 找到
简单脚本
简单脚本2
简单脚本3
函数在 x64dbg.py 里,scriptapi.pyd 也可以用,但写代码时提示不友好
函数名可以整个文件夹搜,这样比较快
如果出错了,调试器里还有 python 交互窗口,在里面 import 试一下
建议在 x64dbg\release\x32\plugins\x64dbgpy 文件夹里写脚本,这样不会出现引用错误,整个文件夹在 vscode 打开,写脚本和搜索api都很方便
想引用label.py中的函数
from x64dbgpy.pluginsdk import label
2020/8/15
from x64dbgpy.pluginsdk import x64dbg
from x64dbgpy.pluginsdk import memory
x64dbg.SetBreakpoint(0x00401235)
x64dbg.Run()
name = memory.Read(0x00406930, 0xFF)
print('name: {}'.format(name))
from x64dbgpy.pluginsdk import x64dbg
from x64dbgpy.pluginsdk import memory
x64dbg.SetBreakpoint(0x00401235)
x64dbg.Run()
name = memory.Read(0x00406930, 0xFF)
print('name: {}'.format(name))
from x64dbgpy.pluginsdk import x64dbg
x64dbg.SetBreakpoint(0x0040133B)
x64dbg.SetBreakpoint(0x004013A6)
x64dbg.Run()
serial = ''
for i in range(10):
dl = x64dbg.GetDL()
serial += chr(dl)
x64dbg.SetBL(dl)
x64dbg.Run()
print(serial)
x64dbg.Run()
from x64dbgpy.pluginsdk import x64dbg
x64dbg.SetBreakpoint(0x0040133B)
x64dbg.SetBreakpoint(0x004013A6)
x64dbg.Run()
serial = ''
for i in range(10):
dl = x64dbg.GetDL()
serial += chr(dl)
x64dbg.SetBL(dl)
x64dbg.Run()
print(serial)
x64dbg.Run()
from x64dbgpy.pluginsdk import x64dbg
from x64dbgpy.pluginsdk import memory
def get_ansi_str(addr):
final_str = ''
i = 0
while True:
c = memory.Read(addr+i, 1)
if c == '\x00':
break
final_str += c
i += 1
return final_str
def get_wide_str(addr):
final_str = ''
i = 0
while True:
c = memory.Read(addr+i, 2)
if c == '\x00\x00':
break
final_str += c
i += 2
return final_str
x64dbg.DbgScriptCmdExec('bp kernelbase.CreateFileW')
while True:
x64dbg.Run()
rcx = x64dbg.GetRCX()
create_file_path = get_wide_str(rcx).replace('\x00', '')
if 'encrypted.bin' in create_file_path:
break
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
