search

keystone-engine / keypatch

Multi-architecture assembler for IDA Pro. Powered by Keystone Engine.
http://www.keystone-engine.org/keypatch
GNU General Public License v2.0
1.47k stars 355 forks source link

keypatch plugin doesn't work #79

Closed KulaGGin closed 3 years ago

KulaGGin commented 3 years ago

Hey guys, can't make keypatch plugin to work in IDA.

I have IDA Pro 7.2 and I'm on Windows 10 x64 1709 version.

I have Python 2.7.18 64-bit version installed in C:\Python27. Python27 and Scripts folders are added to the Path environment variable.

I started reading second section Install, where it immediately sends me to the appendix.

We all know that before IDA 7.0, IDA Pro's Python is 32-bit itself, so it can only loads 32-bit libraries. For this reason, we have to build & install Keystone 32-bit. However, since IDA 7.0 supports both 32-bit & 64-bit, which means we also need to install a correct version of Keystone. Simply install from Pypi, with pip (32-bit), like followings:

pip install keystone-engine

So I did that: image

keystone and keystonne_engine are in the site-packages folder: image

Looks alright.

Then it says I should get back to second section.

On Windows, if you get an error message from IDA about "fail to load the dynamic library", then your machine may miss the VC++ runtime library. Fix that by downloading & installing it from https://www.microsoft.com/en-gb/download/details.aspx?id=40784

I do have VC++ 2013 Redistributables installed: x86 and x64 versions. It only asked me to repair or uninstall the versions when I downloaded and started the .exe's.

Copy file keypatch.py to IDA Plugin folder, then restart IDA Pro to use Keypatch. On Windows, the folder is at C:\Program Files (x86)\IDA 6.9\plugins

I cloned this repository and copied keypatch.py from the default branch to my \...IDA 7.2\plugins folder: image

After I run x64 or x86 version of IDA, I'm supposed to get this keypatch submenu as I understand: image

But I don't get it: image

Here's the log from one of the launches I did on some crackme kata(x86 version of IDA): https://pastebin.com/3VFB0h4a

Then when I try to run x64 version of IDA: https://pastebin.com/MwivFgXp

I also tried to install x86 Python 27 but then it was throwing an error "DLL load failed: %1 is not a valid Win32 application" when I start IDA x86. Here's the log: https://pastebin.com/yPmNqehL

What to do from here? Any help is appreciated, thanks.

KulaGGin commented 3 years ago

I fixed it by installing six module: pip install six.

It didn't say I have to anywhere in the instructions. After reading related issues here on github and reading logs I finally found that six module was missing and decided to install it, and it fixed my issue.

So I have Windows x64, Python 2.7 x64, IDA 7.2(which has only 64-bit executables from what I saw) and I installed keystone from pip, installed six module from pip and copied last keypatch.py file from the github repo into IDA\Plugins folder.