HexPatch is a binary patcher and editor with terminal user interface (TUI), it's capable of disassembling instructions and assembling patches. It supports a variety of architectures and file formats. Also, it can edit remote files via SSH.
If you already have the requirements installed, you only need to run the following command:
cargo install hex-patch
On NetBSD, a package is available from the official repositories. To install it, simply run:
pkgin install hexpatch
If you prefer to build from source:
cd /usr/pkgsrc/devel/hexpatch
make install
On Arch Linux, a package is available from the official repositories:
pacman -S hexpatch
Clone the repository
git clone https://github.com/Etto48/HexPatch.git
cd HexPatch
Build and install
cargo install --path .
In order to connect via SSH, you can use the following command:
hex-patch --ssh <user>@<host>[:<port>] [--password <password>] [additional arguments]
If you don't specify a password, the client must be set up with keypair authentication and you must have a key in your ~/.ssh
directory.
Keys are searched in the following order:
- id_rsa
- id_ed25519
- id_ecdsa
- id_dsa
The first key found will be used.
The following file formats are supported by default:
- Coff
- CoffBig
- Elf32
- Elf64
- MachO32
- MachO64
- Pe32
- Pe64
- Xcoff32
- Xcoff64
Other file formats can be added with plugins.
The following architectures are supported:
- Aarch64
- Aarch64_Ilp32
- Arm
- I386
- X86_64
- X86_64_X32
- Mips
- Mips64
- PowerPc
- PowerPc64
- Riscv32
- Riscv64
- S390x
- Sparc64
Read the settings documentation for more information.
HexPatch supports plugins written in Lua.
Plugins must be placed in the plugins
directory in hex-patch's configuration directory.
A different plugins directory can be specified with the --plugins
flag.
You can find more information about the Plugin Lua API here.
-
Jump to address Jump to a virtual address with
v0x
or to a file offset with0x
. You can also jump to symbols and sections.
- Some key combinations may not work as expected, notably
SHIFT + ENTER
on VSCode terminal. Please refer to this issue for more information. Unfortunately, this behavior is out of my control. - If you try to write an invalid relative jump instruction with more than one register (e.g.
jmp [rip+rax]
) in X86 architectures the program will crash. This problem depends on thekeystone-engine
crate, and it's out of my control.
Thanks to Lorenzo Colombini for the instruction highlighting.