Results 1 to 14 of 14

Thread: "Patch program" functions removed in IDA Pro?!?

  1. #1
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5

    "Patch program" functions removed in IDA Pro?!?

    I just noticed that the submenu called "Patch program" under the edit menu of IDA Pro is removed in version 4.21! These are the functions that e.g. let you enter your own assemly code into the file, and custom data bytes and so on.

    If I open the exact same database in version 4.17, those options are there as usual, but they're nowhere to be found in 4.21.

    I looked in the IDA help file and update notes, but couldn't find anything about it. They can't just have removed this, right?! It's a very handy feature, also for many other purposes that cracking.

    Does anyone have any idea whatsoever about how to access these functions in current versions?

    (and yes, I searched on this board too, and found nothing about it)

  2. #2
    _Servil_
    Guest
    greetings,

    don't know how it works. perhaps some editing of config files gets it back.

    h**p://www.datarescue.com/ubb/ultimatebb.php?ubb=get_topic;f=1;t=000343
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    To crash or not to crash
    Join Date
    Dec 2001
    Posts
    120
    You can edit the config file to get it back...

  4. #4
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Yep, I found it after reading on their support board, thanks!

    But it's still a bit ominous that they have removed it like that I think, and also they give pretty evasive answers to people who ask about it on their board, so I'm not sure what's up with that.

    I really hope they don't remove it completely in a future update, that would be really stupid. It's a really useful feature.

  5. #5
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Ok, in the recent versions it seems to be even worse. You can still get those menu items back the same way (see below), but now when I try to produce a diff file after having done my patch, the diff file always turns out blank anyway!? (I normally make the patch inside IDA, then produce a diff file, and then feed this diff file to a special patcher I have written, which takes these diff files as input)

    Has anyone else experienced this problem? Any solutions or suggestions to what might be the problem?

    And also, for documentation purposes, here is the procedure to get the patch menu items back, discussed in the posts above:

    1.
    Open the file "idagui.cfg" for editing.
    2.
    Search for the term "DISPLAY_PATCH_SUBMENU".
    3.
    If it exists, change its value to "YES" instead of "NO", and if it doesn't exist, add the following line to the file:
    DISPLAY_PATCH_SUBMENU = YES
    Btw, is there a smarter way to export a patch you have made inside IDA, than the one I describe above? If I remember correctly, the "Create exe file" did not include my patches when I tried earlier...

  6. #6
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Ok, I found some discussions about it here:

    http://www.datarescue.com/ubb/ultimatebb.php?ubb=get_topic;f=1;t=000498

    http://www.datarescue.com/ubb/ultimatebb.php?ubb=get_topic;f=1;t=000547

    and it actually seems to be a bug in IDA 4.5.

    The problem is that I cannot find that plugin they are talking about in that thread, and my IDA license expired before 4.6 was released, so I cannot check myself if is has been fixed in that one (it's not certain though, because those bastards are being so incredibly reluctant to touch anything that's related to the patch function due to the "bad things" it can hypothetically be used for, even if it involves fixing a bug in their own program it seems).

    Could anyone who has access to a (legal) copy of IDA 4.6x check if this problem is resolved in that version?

  7. #7

    IDA patch

    The "Patch program" option DOES exist under the "Edit" menu in IDA 4.6.0. It has three choices:

    Change Byte
    Change Word
    Assemble

    All three have ellipses (...)

    I've never used it, so I don't know how well it works.

    Sarge

  8. #8
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Do you mean that these items are present in the edit menu without having to edit the config file in version 4.6?

    And could you maybe just try to patch one or a few bytes in the middle of the code segment of some random disassembled file in IDA, then save your IDA database, and then use the "Create DIF file" from the "Produce" item of the "File" menu, and see if the produced file turns out empty or not? That would be really great, if you have a few minutes to spare.

  9. #9
    Umm..Yes and No.

    If you run IDA, without specifying a target program, you will get the Patch menu option. If you later load a target, or start IDA with a target, you will NOT get the Patch menu.

    The reason has to do with the way IDA starts. When IDA loads, it reads the IDA config script. At this point, the Patch option is enabled. When IDA loads a target (either thru the File menu or as parts of its Command line), it again reads the config script. This double read is necessary for IDA to both set itself up, and to set up the disassembler for the appropriate processor. After that, it reads the USER config script. That script has the command that causes the Patch option to be turned off; that's why you have to edit it.

    Once the Patch option is enabled for usage with a target file, you can then patch a program. I chose a simple 2-byte jump command, and used the Patch/Word option to simply reverse the two bytes with each other. Then, using the Dif command, produced a small text file with the ".dif" extension. Opening the file in Notepad showed three lines; the first was the obligatory "...created by IDA..." announcement, followed by two lines of a before/after description.

    As an FYI, I don't believe I had to do a database Save inbetween.

    Hope this helps.

    Sarge

  10. #10
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Ok, thanks for the confirmation! I'm glad to hear they fixed that bug in 4.6.

    When I do the exact same thing in 4.5, I also get a dif-file containing three lines, but rather as follows (i.e. containing no data about the patch):

    This difference file is created by The Interactive Disassembler

    target.exe

  11. #11

    IDA patch update

    One minor correction:
    The second cfg IDA reads is the IDA GUI config file; the USER config file (if it exists), is third.

    If I get a chance, I will try the same thing in 4.5.

    Sarge
    Last edited by sarge; August 21st, 2004 at 13:53.

  12. #12
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    That would be great, to rule out any possible differences in our procedures.

  13. #13

    IDA Patch

    My 4.5 "fails" in the same manner your does.

    Sarge

  14. #14
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Ok, excellent to have that settled once and for all, thanks!

Similar Threads

  1. Replies: 1
    Last Post: December 14th, 2007, 13:35
  2. Replies: 0
    Last Post: October 19th, 2007, 20:49
  3. Manually "analysing" functions
    By Noopsie in forum OllyDbg Support Forums
    Replies: 3
    Last Post: July 31st, 2006, 13:43
  4. "Cleanest" way to add DLL functions? Looking for an imports editor.
    By Six Black Roses in forum Tools of Our Trade (TOT) Messageboard
    Replies: 1
    Last Post: January 17th, 2004, 18:32
  5. "OutLine-Patch Studio" for ASSp.
    By evaluator in forum Malware Analysis and Unpacking Forum
    Replies: 12
    Last Post: May 18th, 2002, 18:10

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •