1个不稳定版本
| 0.1.0 | 2024年3月4日 |
|---|
#24 in #二进制文件
8KB
134 代码行
fabricbin
使用IDA签名和YAML中定义的替换字节修补二进制文件。
安装
cargo install --git https://github.com/makindotcc/fabricbin
用法
- 修改config.yaml(任何文件名)
fabricbin config.yaml(任何文件名,默认使用"config.yaml")- 输入文件将被替换为
示例配置
# input file
input_file: './chrome/118.0.5993.71/chrome.dll'
# Optional output file path. If not defined then input file is used and
# backup file (of input file) with suffix ".bak" is created.
output_file: './chrome/118.0.5993.71/chrome.dll'
# Apply following patches to input file
patch:
# Following patch will replace FIRST occurrence of "sig".
# Example data before:
# Before: 53 48 83 EC 00 48 8B 22 33 44 55...
# After: 48 C7 C0 00 00 00 00 C3 33 44 55...
- name: 'blink::Navigator::webdriver' # optional, exists for "docs"/debugging purposes (when signature is not found)
# IDA style signature to be replaced with bytes from field 'with'
sig: '53 48 83 EC ? 48 8B ? ? ? ? ? 48 ? ? 48 ? ? ? 28 B3 01 80 3D ? ? ? ? 00 74 ? 48 8b ? ? ?'
# New byte list that will replace the bytes in the signature
with:
- '48 c7 c0 00 00 00 00' # mov rax, 0x00
- 'c3' # ret
# optional offset relative to first signature byte
# In this example our "with" (48 c7...) will be replaced at index of sig first byte (0x53 0x48 0x83...)
with_offset: 0
依赖项
~4–6MB
~113K SLoC