No description, website, or topics provided.
Switch branches/tags
Nothing to show
Clone or download
javier
javier doc
Latest commit 0640e1b Mar 2, 2017
Permalink
Failed to load latest commit information.
PluginTemplate First Release Mar 1, 2017
bin/x32 First Release Mar 1, 2017
doc First Release Mar 1, 2017
LICENSE First Release Mar 1, 2017
PluginTemplate.sdf First Release Mar 1, 2017
README.md doc Mar 1, 2017
cndsteroids.sdf First Release Mar 1, 2017
cndsteroids.sln First Release Mar 1, 2017
templatefiles.txt First Release Mar 1, 2017

README.md

cndSteroids

Plugin template for x64dbg that allow the possibility to set breakpoints when a memory zone has a particular text.

Installation

Grab the latest release and copy to the x32dbg's plugin floder.

How it works?

The plugin creates the command setString, this command asociate the string with a number, later the number will identify the string in another commands

alt tag

For our test we set the registers as follow:

alt tag

We have "TestString" in the stack pointer

Now we have the expression function cndsteroids.ismystring() that receives a debugge's memory address, and returns true or false if has the text.

alt tag

As you can see, the address has our string, so returns true:

alt tag

This feature could be used in a bpcnd, to stop is a especific argument of a syscall, for example:

alt tag

and the debugger pauses in

alt tag

You can find unicode or ansi strings depends on the second argument of cndsteroids.ismystring ($ANSI or $UNICODE)

By the way, the strings are dinamicly allocated by the plugin, so if you want free it you have available the command delString that receives the identifier number of the string and deallocate it.