Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/0ffffffffh/Api-Break-for-x64dbg

x64dbg plugin to set breakpoints automatically to Win32/64 APIs
https://github.com/0ffffffffh/Api-Break-for-x64dbg

api breakpoint plugin reverse-engineering win32 win32api win64 x64dbg

Last synced: 4 months ago
JSON representation

x64dbg plugin to set breakpoints automatically to Win32/64 APIs

Host: GitHub
URL: https://github.com/0ffffffffh/Api-Break-for-x64dbg
Owner: 0ffffffffh
Created: 2017-01-23T01:02:46.000Z (over 7 years ago)
Default Branch: beta-development
Last Pushed: 2018-01-17T15:21:09.000Z (over 6 years ago)
Last Synced: 2024-01-17T12:30:03.943Z (6 months ago)
Topics: api, breakpoint, plugin, reverse-engineering, win32, win32api, win64, x64dbg
Language: C
Size: 572 KB
Stars: 159
Watchers: 20
Forks: 26
Open Issues: 2
Metadata Files:
- Readme: README.md

Lists

awesome-computer-science - code - [Api-Break-for-x64dbg](https://github.com/0ffffffffh/Api-Break-for-x64dbg) - x64dbg plugin to set breakpoints automatically to Win32/64 APIs (Reverse Engine)

README

        # Api Break for x64dbg

Api Break is a [x64dbg](http://www.x64dbg.com) plugin which is aimed to set breakpoints Win32/64 API calls easly. 

![ab1](https://raw.githubusercontent.com/0ffffffffh/0ffffffffh.github.io/master/apibreakaction.gif "Breakpoint on callers")

![ab2](https://user-images.githubusercontent.com/437161/34647882-eb65aadc-f39f-11e7-8c14-f1cc3254d0f0.png "Struct and API call mapper")

####**Features**

* API function entry breakpoint (AEB) 

* Breakpoint at API callers (BAC)

* Auto-populating modules and their API functions used by the process.

#### **API Function Entry Breakpoint (AEB)**

It can be useful when the code does obfuscated or indirect api calls or something similar conditions. This mode is automatically (naturally) handles all API calls for the entire module. Also, this mode gives an option to jump automatically to the API caller when the API entry breakpoint hit. It exposes the original caller using single step callstack backtracing.

#### **Breakpoint at API callers (BAC)**

In technically, this mode is much more flexible and customizable. It does scan dynamically for API calls in specified module or address range. For now, it scans only process's code range. But other features are planned for future development.

If you have any idea, let me know what ideas you have about it.

#####**In-Development features**

 - Dynamically loaded API detection which is made by using [GetProcAddress](https://msdn.microsoft.com/en-us/library/windows/desktop/ms683212%28v=vs.85%29.aspx) (*About 45% implemented*)

#####**Planning features**

 - User specified code range scan for **BAC**

 - User specified module scan for **BAC**

 - User option to listing all linked modules and APIs of process regardless of IAT.