Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 08-20-2021, 23:24
Mendax47's Avatar
Mendax47 Mendax47 is offline
Family
 
Join Date: Jun 2016
Location: Earth..
Posts: 211
Rept. Given: 39
Rept. Rcvd 8 Times in 7 Posts
Thanks Given: 699
Thanks Rcvd at 256 Times in 100 Posts
Mendax47 Reputation: 8
Exclamation [NOOB QUESTION] how can i edit a function to return 1 in IDA pro?

i have a function sub_B2A2D0 proc near which is very large... but this is a license check function and if the license is valid then the function will return 1.. so I want to edit the function to do only one thing which is return 1... opcode is C20100.. but when I apply the opcode the function disappear... how can I edit it....? i am very new in this stuff so need help... :3
Reply With Quote
  #2  
Old 08-21-2021, 02:14
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 1,086
Rept. Given: 333
Rept. Rcvd 225 Times in 117 Posts
Thanks Given: 244
Thanks Rcvd at 524 Times in 291 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
IDA is not very suitable for binary editing/patching
I'm using for this purpose old good (I think best) hex editor - Hiew

for example, I have a simple routine: http://prntscr.com/1qdbek0
I want to patch it so it 'll return 1

I'm navigating to required address, pressing F3, then F2
and typing (wow) asm commands
like
xor eax, eax
inc eax
retn

here we go: http://prntscr.com/1qdbfu3
Reply With Quote
The Following 2 Users Say Thank You to sendersu For This Useful Post:
ivanov (08-21-2021), Mendax47 (08-21-2021)
  #3  
Old 08-21-2021, 03:22
Stingered Stingered is offline
Banned User
 
Join Date: Dec 2017
Posts: 257
Rept. Given: 0
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 296
Thanks Rcvd at 181 Times in 90 Posts
Stingered Reputation: 3
sendersu is correct. But take a look here:

https://resources.infosecinstitute.com/topic/applied-cracking-byte-patching-ida-pro/

and here:

https://github.com/keystone-engine/keypatch


Update:

In going back, for 32-bit patching, you will need to use PRE-7.0 version of IDA Pro for Keypatch to work properly (not compatible with v7.x) and 32bit python/keystone. For v7.x and later use 64bit python/keystone with Keypatch.py

Grab latest Keypath.py here:

https://raw.githubusercontent.com/keystone-engine/keypatch/master/keypatch.py

Last edited by Stingered; 08-22-2021 at 02:27.
Reply With Quote
The Following User Says Thank You to Stingered For This Useful Post:
Mendax47 (08-21-2021)
  #4  
Old 08-22-2021, 03:30
Stingered Stingered is offline
Banned User
 
Join Date: Dec 2017
Posts: 257
Rept. Given: 0
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 296
Thanks Rcvd at 181 Times in 90 Posts
Stingered Reputation: 3
Disregard my last post (or just delete it, pls).

Ok, I got this working on 32bit and 64bit IDA Pro v7.2

1. Install Latest Python 2 Release - Python 2.7.18
From here:
https://www.python.org/downloads/windows/
Installer: python-2.7.18.amd64.msi
2. Once installed add c:\Python27 to your OS path.
3. Run cmd.exe as administrator
4. Goto c:\python27\scripts:
5. Run:
pip install keystone-engine --pree
then
pip install six
6. Save latest Keypatch.py from here:
https://raw.githubusercontent.com/keystone-engine/keypatch/master/keypatch.py
7. Copy to \program files\[your IDA Pro install DIR]\plugins
8. Load IDA Pro and check for "Ctrl-Alt-K", and check for errors.
9. Load test .EXE file, highlight a function and use ctrl-alt-k keystroke to load keyPatch
dialog.

That's it.

Last edited by Stingered; 08-22-2021 at 03:31. Reason: update
Reply With Quote
The Following 2 Users Say Thank You to Stingered For This Useful Post:
Mendax47 (08-22-2021), niculaita (08-22-2021)
  #5  
Old 08-22-2021, 04:48
niculaita's Avatar
niculaita niculaita is offline
Family
 
Join Date: Jun 2011
Location: here
Posts: 1,346
Rept. Given: 950
Rept. Rcvd 89 Times in 61 Posts
Thanks Given: 4,414
Thanks Rcvd at 481 Times in 340 Posts
niculaita Reputation: 89
why not with 3.9.x?
__________________
Decode and Conquer
Reply With Quote
  #6  
Old 08-22-2021, 05:53
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 1,086
Rept. Given: 333
Rept. Rcvd 225 Times in 117 Posts
Thanks Given: 244
Thanks Rcvd at 524 Times in 291 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
because Python 2 never dies! (in fact it is dead and unsupported many years)...


https://www.python.org/dev/peps/pep-0404/


Official pronouncement
Rule number six: there is no official Python 2.8 release. There never will be an official Python 2.8 release. It is an ex-release. Python 2.7 is the end of the Python 2 line of development.

Upgrade path
The official upgrade path from Python 2.7 is to Python 3.
Reply With Quote
The Following 2 Users Say Thank You to sendersu For This Useful Post:
Mendax47 (08-22-2021), Stingered (08-22-2021)
  #7  
Old 08-22-2021, 09:38
Stingered Stingered is offline
Banned User
 
Join Date: Dec 2017
Posts: 257
Rept. Given: 0
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 296
Thanks Rcvd at 181 Times in 90 Posts
Stingered Reputation: 3
Quote:
Originally Posted by niculaita View Post
why not with 3.9.x?
Probably not an issue, I think just because when it was released that was the version?
Reply With Quote
The Following User Says Thank You to Stingered For This Useful Post:
niculaita (08-22-2021)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Noob Question on Debugging DLL psgama General Discussion 15 10-11-2015 12:00
Question on IDA's Edit|Patch program? boya General Discussion 2 10-23-2004 01:36
Probably a noob question.. Thom- General Discussion 9 03-05-2004 21:41


All times are GMT +8. The time now is 10:22.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )