OpenRCE

📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Topic created on: September 3, 2007 23:00 CDT by jaffersathik2010 .

Hi All,

I am using IDA pro 5.0. I want to edit some opcodes when I am in debugging mode, Is it possible ?

If yes, please give me some tips about how to do it.

Note: Since the application on which I am working uses code compression and encryption techniques, I am getting the correct code during the execution time only.

I welcome your help

Thanks,
Jaffer

jms		September 3, 2007 23:01.51 CDT
Well I would really use Olly or Immunity Debugger to do dynamic analysis, I find that the IDA debugging interface is a bit clunky. In ID or Olly its as simple as highlighting the line and hitting the spacebar to assemble. You can also just right-click on a register and change its value directly as well.

jaffersathik2010		September 3, 2007 23:12.13 CDT
Hi JMS, Thanks for your Rocket fast reply. I will try any of the one and let you know --Jaffer

tnagareshwar		September 4, 2007 00:04.39 CDT
As far as I know, IDA does not allow you to change the opcodes during disassembling. That will be make it really good if it allows editing the opcodes or assembly as in Olly. Iifak, any comments ?

jaffersathik2010		September 4, 2007 01:51.00 CDT
Hi tnagareshwar, Thanks for your input. I guess you are from Chennai, T.nagar Am I correct ? :-) --Jaffer

ZaiRoN		September 4, 2007 07:41.28 CDT
> tnagareshwar: As far as I know, IDA does not allow you to change the opcodes during disassembling You can patch the code. You only have to enable the 'Patch program' item menu. It should be disable, change a line inside idagui.cfg: "DISPLAY_PATCH_SUBMENU = YES"

tnagareshwar		September 4, 2007 10:12.27 CDT
Thanks ZaiRon...I just enabled it. IDA is providing the feature and then hiding it :) Jaffer, I am not from T.nagar, though from my name it appears so :)) Well, I have never observed it..good ..!

jaffersathik2010		September 4, 2007 21:39.14 CDT
Hi tnagareshwar, Please make me clear. In your previous post, you have mentioned that it is providing the feature and HIDING it?! Hiding it means.... IDA will not allow us to edit the value even after enabling the option in idagui.cfg file? ZaiRon: Thanks a lot. --Jaffer

tnagareshwar		September 5, 2007 00:31.28 CDT
jaffer, sorry for confusion. I am wondering why IDA is not showing this 'Patch Program' menu item ( Its hidden by default). This seems to me something like cheat code in the games. However once you enable this menu item, you can edit the opcodes as mentioned by ZaiRon.

Note: Registration is required to post to the forums.

There are 31,328 total registered users.

Recently Created Topics
[help] Unpacking VMP...	Mar/12
Reverse Engineering ...	Jul/06
let 'IDAPython' impo...	Sep/24
set 'IDAPython' as t...	Sep/24
GuessType return une...	Sep/20
About retrieving the...	Sep/07
How to find specific...	Aug/15
How to get data depe...	Jul/07
Identify RVA data in...	May/06
Question about memor...	Dec/12

Recent Forum Posts
Finding the procedur...	rolEYder
Question about debbu...	rolEYder
Identify RVA data in...	sohlow
let 'IDAPython' impo...	sohlow
How to find specific...	hackgreti
Problem with ollydbg	sh3dow
How can I write olly...	sh3dow
New LoadMAP plugin v...	mefisto...
Intel pin in loaded ...	djnemo
OOP_RE tool available?	Bl4ckm4n

Recent Blog Entries
	halsten	Mar/14
Breaking IonCUBE VM
	oleavr	Oct/24
Anatomy of a code tracer
	hasherezade	Sep/24
IAT Patcher - new tool for ...
	oleavr	Aug/27
CryptoShark: code tracer ba...
	oleavr	Jun/25
Build a debugger in 5 minutes
More ...

Recent Blog Comments
	nieo on:	Mar/22
IAT Patcher - new tool for ...
	djnemo on:	Nov/17
Kernel debugger vs user mod...
	acel on:	Nov/14
Kernel debugger vs user mod...
	pedram on:	Dec/21
frida.github.io: scriptable...
	capadleman on:	Jun/19
Using NtCreateThreadEx for ...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit