Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   [NOOB QUESTION] how can i edit a function to return 1 in IDA pro? (https://forum.exetools.com/showthread.php?t=19911)

Mendax47 08-20-2021 23:24

[NOOB QUESTION] how can i edit a function to return 1 in IDA pro?
 
i have a function sub_B2A2D0 proc near which is very large... but this is a license check function and if the license is valid then the function will return 1.. so I want to edit the function to do only one thing which is return 1... opcode is C20100.. but when I apply the opcode the function disappear... how can I edit it....? i am very new in this stuff so need help... :3:confused:

sendersu 08-21-2021 02:14

IDA is not very suitable for binary editing/patching
I'm using for this purpose old good (I think best) hex editor - Hiew

for example, I have a simple routine: http://prntscr.com/1qdbek0
I want to patch it so it 'll return 1

I'm navigating to required address, pressing F3, then F2
and typing (wow) asm commands
like
xor eax, eax
inc eax
retn

here we go: http://prntscr.com/1qdbfu3

Stingered 08-21-2021 03:22

sendersu is correct. But take a look here:

https://resources.infosecinstitute.com/topic/applied-cracking-byte-patching-ida-pro/

and here:

https://github.com/keystone-engine/keypatch


Update:

In going back, for 32-bit patching, you will need to use PRE-7.0 version of IDA Pro for Keypatch to work properly (not compatible with v7.x) and 32bit python/keystone. For v7.x and later use 64bit python/keystone with Keypatch.py

Grab latest Keypath.py here:

https://raw.githubusercontent.com/keystone-engine/keypatch/master/keypatch.py

Stingered 08-22-2021 03:30

Disregard my last post (or just delete it, pls).

Ok, I got this working on 32bit and 64bit IDA Pro v7.2

1. Install Latest Python 2 Release - Python 2.7.18
From here:
https://www.python.org/downloads/windows/
Installer: python-2.7.18.amd64.msi
2. Once installed add c:\Python27 to your OS path.
3. Run cmd.exe as administrator
4. Goto c:\python27\scripts:
5. Run:
pip install keystone-engine --pree
then
pip install six
6. Save latest Keypatch.py from here:
https://raw.githubusercontent.com/keystone-engine/keypatch/master/keypatch.py
7. Copy to \program files\[your IDA Pro install DIR]\plugins
8. Load IDA Pro and check for "Ctrl-Alt-K", and check for errors.
9. Load test .EXE file, highlight a function and use ctrl-alt-k keystroke to load keyPatch
dialog.

That's it.

niculaita 08-22-2021 04:48

why not with 3.9.x?

sendersu 08-22-2021 05:53

because Python 2 never dies! (in fact it is dead and unsupported many years)... :(


https://www.python.org/dev/peps/pep-0404/


Official pronouncement
Rule number six: there is no official Python 2.8 release. There never will be an official Python 2.8 release. It is an ex-release. Python 2.7 is the end of the Python 2 line of development.

Upgrade path
The official upgrade path from Python 2.7 is to Python 3.

Stingered 08-22-2021 09:38

Quote:

Originally Posted by niculaita (Post 123626)
why not with 3.9.x?

Probably not an issue, I think just because when it was released that was the version?


All times are GMT +8. The time now is 15:45.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX