#1
|
||||
|
||||
[NOOB QUESTION] how can i edit a function to return 1 in IDA pro?
i have a function sub_B2A2D0 proc near which is very large... but this is a license check function and if the license is valid then the function will return 1.. so I want to edit the function to do only one thing which is return 1... opcode is C20100.. but when I apply the opcode the function disappear... how can I edit it....? i am very new in this stuff so need help... :3
|
#2
|
|||
|
|||
IDA is not very suitable for binary editing/patching
I'm using for this purpose old good (I think best) hex editor - Hiew for example, I have a simple routine: http://prntscr.com/1qdbek0 I want to patch it so it 'll return 1 I'm navigating to required address, pressing F3, then F2 and typing (wow) asm commands like xor eax, eax inc eax retn here we go: http://prntscr.com/1qdbfu3 |
#3
|
|||
|
|||
sendersu is correct. But take a look here:
https://resources.infosecinstitute.com/topic/applied-cracking-byte-patching-ida-pro/ and here: https://github.com/keystone-engine/keypatch Update: In going back, for 32-bit patching, you will need to use PRE-7.0 version of IDA Pro for Keypatch to work properly (not compatible with v7.x) and 32bit python/keystone. For v7.x and later use 64bit python/keystone with Keypatch.py Grab latest Keypath.py here: https://raw.githubusercontent.com/keystone-engine/keypatch/master/keypatch.py Last edited by Stingered; 08-22-2021 at 02:27. |
The Following User Says Thank You to Stingered For This Useful Post: | ||
Mendax47 (08-21-2021) |
#4
|
|||
|
|||
Disregard my last post (or just delete it, pls).
Ok, I got this working on 32bit and 64bit IDA Pro v7.2 1. Install Latest Python 2 Release - Python 2.7.18 From here: https://www.python.org/downloads/windows/ Installer: python-2.7.18.amd64.msi 2. Once installed add c:\Python27 to your OS path. 3. Run cmd.exe as administrator 4. Goto c:\python27\scripts: 5. Run: pip install keystone-engine --pree then pip install six 6. Save latest Keypatch.py from here: https://raw.githubusercontent.com/keystone-engine/keypatch/master/keypatch.py 7. Copy to \program files\[your IDA Pro install DIR]\plugins 8. Load IDA Pro and check for "Ctrl-Alt-K", and check for errors. 9. Load test .EXE file, highlight a function and use ctrl-alt-k keystroke to load keyPatch dialog. That's it. Last edited by Stingered; 08-22-2021 at 03:31. Reason: update |
#5
|
||||
|
||||
why not with 3.9.x?
__________________
Decode and Conquer |
#6
|
|||
|
|||
because Python 2 never dies! (in fact it is dead and unsupported many years)...
https://www.python.org/dev/peps/pep-0404/ Official pronouncement Rule number six: there is no official Python 2.8 release. There never will be an official Python 2.8 release. It is an ex-release. Python 2.7 is the end of the Python 2 line of development. Upgrade path The official upgrade path from Python 2.7 is to Python 3. |
#7
|
|||
|
|||
Probably not an issue, I think just because when it was released that was the version?
|
The Following User Says Thank You to Stingered For This Useful Post: | ||
niculaita (08-22-2021) |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Noob Question on Debugging DLL | psgama | General Discussion | 15 | 10-11-2015 12:00 |
Question on IDA's Edit|Patch program? | boya | General Discussion | 2 | 10-23-2004 01:36 |
Probably a noob question.. | Thom- | General Discussion | 9 | 03-05-2004 21:41 |