TODO: Description
Compilation currently requires a nightly Rust compiler. (This will change in the future.) The easiest way to install Rust is via Rustup.
Starting pbd is then simply a matter of running cargo run -- input.exe. The -- denotes that
further arguments are passed to pbd instead of cargo.
If a more permanent install is desired, you can run cargo install which installs pbd to Cargo's
install directory (which should be in your $PATH).
Patterns to be search for are defined in a json file. This defaults to pattern_database.json.
Each entry contains the pattern and the corresponding replacement which are both just lists of
assembly instructions. These instructions may use three types of variables:
$len:namewhich must be at the start of the instruction and refers to the length of the current instruction in bytes$num:namewhich refers to any number$reg:namewhich refers to any general-purpose register (currently: rbx, rcx, rdx, rbp, rsp, rsi, rdi and the corresponding 32-bit variants)
- Only
x86_64is supported. - Only one number variable per instruction is allowed.
- Multi-pass is not implemented yet.
These are some limitations which can be removed without too much work:
- Only Windows PE executables can be used as input.
- Consider stuff from this talk
Licensed under either of
- Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.