{"id":13648356,"url":"https://github.com/keystone-engine/keypatch","last_synced_at":"2025-05-15T10:05:41.362Z","repository":{"id":40637061,"uuid":"64392573","full_name":"keystone-engine/keypatch","owner":"keystone-engine","description":"Multi-architecture assembler for IDA Pro. Powered by Keystone Engine.","archived":false,"fork":false,"pushed_at":"2024-09-06T01:42:20.000Z","size":3317,"stargazers_count":1609,"open_issues_count":42,"forks_count":363,"subscribers_count":58,"default_branch":"master","last_synced_at":"2025-04-11T23:01:44.948Z","etag":null,"topics":["arm","arm64","assembler","ida","ida-pro","idapro","keystone","mips","powerpc","reverse-engineering","security","sparc","x86","x86-64"],"latest_commit_sha":null,"homepage":"http://www.keystone-engine.org/keypatch","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/keystone-engine.png","metadata":{"files":{"readme":"README.md","changelog":"ChangeLog","contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS.TXT","dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-07-28T12:09:40.000Z","updated_at":"2025-04-11T09:33:40.000Z","dependencies_parsed_at":"2024-12-05T12:02:20.887Z","dependency_job_id":"525feacc-cf7f-43a7-aa96-02a3f69c1fa7","html_url":"https://github.com/keystone-engine/keypatch","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keystone-engine%2Fkeypatch","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keystone-engine%2Fkeypatch/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keystone-engine%2Fkeypatch/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keystone-engine%2Fkeypatch/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/keystone-engine","download_url":"https://codeload.github.com/keystone-engine/keypatch/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254319718,"owners_count":22051072,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["arm","arm64","assembler","ida","ida-pro","idapro","keystone","mips","powerpc","reverse-engineering","security","sparc","x86","x86-64"],"created_at":"2024-08-02T01:04:10.377Z","updated_at":"2025-05-15T10:05:36.312Z","avatar_url":"https://github.com/keystone-engine.png","language":"Python","readme":"Keypatch\n========\n\nKeypatch is [the award winning plugin](https://www.hex-rays.com/contests/2016/index.shtml) of [IDA Pro](https://www.hex-rays.com/products/ida/) for [Keystone Assembler Engine](http://keystone-engine.org).\n\nKeypatch consists of 3 tools inside.\n\n- **Patcher** \u0026 **Fill Range**: these allow you to type in assembly to directly patch your binary.\n- **Search**: this interactive tool let you search for assembly instructions in binary.\n\nSee [this quick tutorial](TUTORIAL.md) for how to use Keypatch, and [this slides](Keypatch-slides.pdf) for how it is implemented.\n\nKeypatch is confirmed to work on IDA Pro version 6.4, 6.5, 6.6, 6.8, 6.9, 6.95, 7.0, 7.5 but should work flawlessly on older versions.\nIf you find any issues, please [report](http://keystone-engine.org/contact).\n\n--------------------\n\n### 1. Why Keypatch?\n\nSometimes we want to patch the binary while analyzing it in IDA, but unfortunately the built-in asssembler of IDA Pro is not adequate.\n\n- This tool is not friendly and without many options that would make the life of reverser easier.\n- Only X86 assembler is available. Support for all other architectures is totally missing.\n- The X86 assembler is not in a good shape, either: it cannot understand many modern Intel instructions.\n\nKeypatch was developed to solve this problem. Thanks to the power of [Keystone](http://keystone-engine.org), our plugin offers some nice features.\n\n- Cross-architecture: support Arm, Arm64 (AArch64/Armv8), Hexagon, Mips, PowerPC, Sparc, SystemZ \u0026 X86 (include 16/32/64bit).\n- Cross-platform: work everywhere that IDA works, which is on Windows, MacOS, Linux.\n- Based on Python, so it is easy to install as no compilation is needed.\n- User-friendly: automatically add comments to patched code, and allow reverting (undo) modification.\n- Open source under GPL v2.\n\nKeypatch can be the missing piece in your toolset of reverse engineering.\n\n--------------\n\n### 2. Install\n\n- Install Keystone core \u0026 Python binding for Python 2.7 from [keystone-engine.org/download](http://keystone-engine.org/download). Or follow the steps in the [appendix section](#appendix-install-keystone-for-ida-pro).\n- Install Six module from pip because it is used by the keypatch.py: `pip install six`.\n- Copy file `keypatch.py` to IDA Plugin folder, then restart IDA Pro to use Keypatch.\n    - On Windows, the folder is at `C:\\Program Files (x86)\\IDA 6.9\\plugins`\n    - On MacOS, the folder is at `/Applications/IDA\\ Pro\\ 6.9/idaq.app/Contents/MacOS/plugins`\n    - On Linux, the folder may be at `/opt/IDA/plugins/`\n\n`NOTE`\n- On Windows, if you get an error message from IDA about \"fail to load the dynamic library\", then your machine may miss the VC++ runtime library. Fix that by downloading \u0026 installing it from https://www.microsoft.com/en-gb/download/details.aspx?id=40784\n- On other \\*nix platforms, the above error message means you do not have 32-bit Keystone installed yet. See [appendix section](#appendix-install-keystone-for-ida-pro) below for more instructions to fix this.\n\n\n------------\n\n### 3. Usage\n\n- For a quick tutorial, see [TUTORIAL.md](TUTORIAL.md). For a complete description of all of the features of Keypatch, keep reading.\n\n- To patch your binary, press hotkey `CTRL+ALT+K` inside IDA to open **Keypatch Patcher** dialog.\n    - The original assembly, encode \u0026 instruction size will be displayed in 3 controls at the top part of the form.\n    - Choose the syntax, type new assembly instruction in the `Assembly` box (you can use IDA symbols).\n    - Keypatch would *automatically* update the encoding in the `Encode` box while you are typing, without waiting for `ENTER` keystroke.\n        - Note that you can type IDA symbols, and the raw assembly will be displayed in the `Fixup` control.\n    - Press `ENTER` or click `Patch` to overwrite the current instruction with the new code, then *automatically* advance to the the next instruction.\n        - Note that when size of the new code is different from the original code, Keypatch can pad until the next instruction boundary with NOPs opcode, so the code flow is intact. Uncheck the choice `NOPs padding until next instruction boundary` if this is undesired.\n        - By default, Keypatch appends the modified instruction with the information of the original code (before being patched). Uncheck the choice `Save original instructions in IDA comment` to disable this feature.\n    - By default, the modification you made is only recorded in the IDA database. To apply these changes to the original binary (thus overwrite it), choose menu `Edit | Patch program | Apply patches to input file`.\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"screenshots/keypatch_patcher.png\" height=\"460\" /\u003e\n\u003c/p\u003e\n\n- To fill a range of code with an instruction, select the range, then either press hotkey `CTRL+ALT+K`, or choose menu `Edit | Keypatch | Fill Range`.\n    - In the `Assembly` box, you can either enter assembly code, or raw hexcode. Some examples of acceptable raw hexcode are `90`, `aa bb`, `0xAA, 0xBB`.\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"screenshots/keypatch_fillrange.png\" height=\"460\" /\u003e\n\u003c/p\u003e\n\n- To revert (undo) the last patching, choose menu `Edit | Keypatch | Undo last patching`.\n\n- To search for assembly instructions (without overwritting binary), open **Keypatch Search** from menu `Edit | Keypatch | Search`.\n    - Choose the architecture, address, endian mode \u0026 syntax, then type assembly instructions in the `Assembly` box.\n    - Keypatch would *automatically* update the encoding in the `Encode` box while you are typing, without waiting for `ENTER` keystroke.\n    - When you click `Search` button, Keypatch would look for all the occurences of the instructions, and show the result in a new form.\n\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"screenshots/keypatch_search.png\" height=\"360\" /\u003e\n\u003c/p\u003e\n\n- To check for new version of Keypatch, choose menu `Edit | Keypatch | Check for update`.\n\n- At any time, you can also access to all the above Keypatch functionalities just by right-click in IDA screen, and choose from the popup menu.\n\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"screenshots/keypatch_menupopup.png\" height=\"300\" /\u003e\n\u003c/p\u003e\n\n--------------\n\n### 4. Contact\n\nEmail keystone.engine@gmail.com for any questions.\n\nFor future update of Keypatch, follow our Twitter [@keystone_engine](https://twitter.com/keystone_engine) for announcement.\n\n----\n\n### Appendix. Install Keystone for IDA Pro\n\nWe all know that before IDA 7.0, IDA Pro's Python is 32-bit itself, so it can only loads 32-bit libraries. For this reason, we have to build \u0026 install Keystone 32-bit. However, since IDA 7.0 supports both 32-bit \u0026 64-bit, which means we also need to install a correct version of Keystone. Simply install from Pypi, with `pip` (32-bit), like followings:\n\n```shell\npip install keystone-engine\n```\n\nDone? Now go back to [section 2](#2-install) \u0026 install Keypatch for IDA Pro. Enjoy!\n","funding_links":[],"categories":["Python","\u003ca id=\"7d557bc3d677d206ef6c5a35ca8b3a14\"\u003e\u003c/a\u003e补丁\u0026\u0026Patch","Reverse Engine","使用"],"sub_categories":["\u003ca id=\"cf2efa7e3edb24975b92d2e26ca825d2\"\u003e\u003c/a\u003eROP","\u003ca id=\"7d557bc3d677d206ef6c5a35ca8b3a14\"\u003e\u003c/a\u003e补丁\u0026\u0026Patch"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeystone-engine%2Fkeypatch","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkeystone-engine%2Fkeypatch","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeystone-engine%2Fkeypatch/lists"}