关于ida pro的牛逼插件keypatch

最新推荐文章于 2025-06-28 13:20:12 发布

转载最新推荐文章于 2025-06-28 13:20:12 发布 · 9.6k 阅读

逆向工程专栏收录该内容

13 篇文章

订阅专栏

本文介绍了一款名为KeyPatch的强大IDA Pro插件，该插件能够帮助用户轻松地在多种CPU架构上（包括ARM和ARM64）进行二进制文件的修改。KeyPatch基于Python编写，易于安装且无需编译，并支持Windows、MacOS和Linux等主流平台。文章还详细介绍了其安装过程及使用方法。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

关于ida pro的牛逼插件keypatch

通常ida在修改二进制文件，自带的edit->patch program->assemble 可以修改x86, x64 但是不能修改arm, arm64，移动端逆向该怎么办？
这里写图片描述

之前arm下可以使用ida-patcher http://thesprawl.org/projects/ida-patcher/ 这个插件，但是必须知道arm指令对应的机器码，使用还是有点麻烦.
如图：

ida-patcher 菜单:

ida-patcher 菜单

ida-patcher patch:

ida-patcher patch2]

edit selection:

ida-patcher patch3]

今天介绍的这个神器插件keypatch
Keypatch is confirmed to work on IDA Pro version 6.4, 6.6, 6.8, 6.9, 6.95

https://github.com/keystone-engine/keypatch

支持的CPU架构: 
support Arm, Arm64 (AArch64/Armv8), Hexagon, Mips, PowerPC, Sparc, SystemZ & X86 (include 16/32/64bit).

支持的平台: 
work everywhere that IDA works, which is on Windows, MacOS, Linux.

Based on Python, so it is easy to install as no compilation is needed.
 1
2
3
4
5
6
7
 1
2
3
4
5
6
7

keypatch底层依赖keystone-engine

安装keystone-engine

For Windows
It is easiest to just download & install Python 2.7 module for Windows from http://www.keystone-engine.org/download. Be sure to get the 32-bit version, regardless of your Windows edition.

If you prefer to compile from source, just use MSVC 32-bit & follow the instructions in Windows documentation to build keystone.dll. After that, install Python module as in Python documentation. Then copy keystone.dll to the directory of Keystone Python module.

For osx
sudo pip install keystone-engine

安装keypatch
https://github.com/keystone-engine/keypatch.git

将 keypatch.py 复制到 /Applications/IDA\ Pro\ 6.95/idaq.app/Contents/MacOS/plugins

重新打开ida