Flag: Tornado! Hurricane!

 Forums >>  IDA Pro  >>  IDB to EXE

Topic created on: September 27, 2007 23:33 CDT by Psimitar .

IDA Pro is the only program that has let me effect the .exe that I want, its just that I can't find an output file of ASM, INC, LST, MAP to reassemble the exe file with the changes I've made. I've tried MASM and TASM and they can't read the file. Since I could make an html format, and possibly make it to .exe, should I go for it? Thanks for your time!

  Soul12     September 28, 2007 07:51.25 CDT
IDA generates a DB using its own format .. in order to get a output file in text format you should look under File->Produce file and select the output you want :) or press alt+f10 to create a file .. i hope this helps you ..as im not 100% sure i understand fully what you wrote

  Psimitar   September 28, 2007 13:48.04 CDT
> Soul12: IDA generates a DB using its own format .. in order to get a output file in text format you should look under File->Produce file and select the output you want :) or press alt+f10 to create a file .. i hope this helps you ..as im not 100% sure i understand fully what you wrote

Well, I'm making changes to an .exe file in IDA Pro after converting it to .idb. I want to reassemble the .exe file after making those changes, its just that I've tried converting it into ASM and then try to make it into .exe from there. Doesn't work. IDA Pro refuses to make an .exe file from the decompiled code saying the format isn't supported yet has the entry for it. So I'm trying to reassemble it from .idb and I need a program that can recompile the .exe from one of the other output files. Trouble is, MASM and TASM can't recompile the ASM to EXE they crash.

  PSUJobu     October 4, 2007 13:45.15 CDT
The "produce an .exe" functionality was only for DOS executables, IIRC. IDA is a great tool, but is not suitable for re-generating an executable (e.g., from the disassembly).

Your best bet would be to write an IDC script that looks for patched bytes (GetByte() vs. GetOriginalByte()) and use that information to generate some sort of (proprietary) binary diff format that could then be applied to the original EXE.

  RolfRolles     October 14, 2007 23:16.31 CDT
IDA supports what PSUJobu said natively:  do File->Produce file->Create .DIF file.  This won't generate a new executable, but will generate a difference file that allows you to patch the existing one, which is presumably good enough.

  PSUJobu     October 15, 2007 05:51.02 CDT
> RolfRolles: IDA supports what PSUJobu said natively:  do File->Produce file->Create .DIF file.  This won\'t generate a new executable, but will generate a difference file that allows you to patch the existing one, which is presumably good enough.

Thanks for the tip, Rolf! I'm amazed that even after years of daily use, I still find new features in IDA! That makes two this week! ;-)

  nezumi     October 15, 2007 09:11.31 CDT
don't forget about CRC - after patching type: "editdin.exe your-program.exe /RELEASE", where exitbin.exe is the M$ tool coming with M$ VS and other M$ products.

don't forget about signing.
don't forget about fixups (by the way, IDA warns you if you try to patch relocations).

I wrote a set of articles, explaining how to produce asm file and how to translate it. but... I have no English version yet.

in most cases you need asm file allowing you make significant changes, not only silly bit-hacking. IDA can produce an asm-file, but IDA does it in very strange manner, giving you a broken file and you have to fix many errors to run file without crash.

  darko     October 15, 2007 11:49.23 CDT
IDB to EXE can be done via IDC pe_scripts

http://www.datarescue.com/idabase/freefiles/pe_scripts.zip

pe_write creates exe file from original or modified IDA database.

Darko

  nezumi     October 15, 2007 12:38.30 CDT
yes, this is very powerful and useful script kit. just imagine: you have unpacked program with IDA and want to write it to PE-file, guess what you should do? well, use this kit and have fun!

  picarda805   November 11, 2007 09:20.14 CST
> darko: IDB to EXE can be done via IDC pe_scripts
>
> http://www.datarescue.com/idabase/freefiles/pe_scripts.zip
>
> pe_write creates exe file from original or modified IDA database.
>
> Darko


That program says the header section is not first section


please help

  neox   November 12, 2007 01:09.59 CST
hi,
pe_write.idc expects pe_sections.idc to be run first.
running pe_sections.idc would populate many info expected by pe_write.idc

neox.

  trufae   November 13, 2007 04:31.39 CST
Try luck with this oneliner:

auto i;auto fd;fd=fopen("dumped.exe","w");for(i=MinEA();i<MaxEA();i++)fputc(Byte(i),fd);fclose(fd);

  xiaogozaijiao     December 11, 2007 08:14.18 CST
> trufae: Try luck with this oneliner:
>
> auto i;auto fd;fd=fopen(\"dumped.exe\",\"w\");for(i=MinEA();i<MaxEA();i++)fputc(Byte(i),fd);fclose(fd);

This will lost MZ, PE, Data-directory, Section info,so i think if you haven't used any other special method (ex:pe_sections.idc ) to save thos info,then you would't got the intact exe file

  NeOXQuiCk     December 17, 2007 20:54.49 CST
try black-eye plugin it makes changes into exe it you patch or modify idb

Note: Registration is required to post to the forums.

There are 30,781 total registered users.


Recently Created Topics
How to produce separ...
Sep/20
How to decompile a f...
Sep/16
How to trap mouse cl...
Sep/03
Intel pin in loaded ...
Jun/27
Going to do today wi...
Jun/27
how to create delphi...
Jun/27
enabling menu in a s...
Jun/18
How to get the Image...
Jun/17
OllyDBG Process Term...
Apr/28
Reversing opcode
Apr/24


Recent Forum Posts
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n
OOP_RE tool available?
van7hu
Should binaries be n...
Kolisar
Problem with ollydbg
nullx42
!findtrampoline Immu...
skycrack
looking for a softwa...
raxen
Documenting reversed...
raxen
.orpc section what's...
mbin
Pydbg load() issue
phreak


Recent Blog Entries
hasherezade
Sep/24
IAT Patcher - new tool for ...

oleavr
Aug/27
CryptoShark: code tracer ba...

oleavr
Jun/25
Build a debugger in 5 minutes

oleavr
Apr/17
frida.re 1.2.0 is out, with...

gareebnavas
Jan/21
Android Malware Analysis

More ...


Recent Blog Comments
pedram on:
Dec/21
frida.github.io: scriptable...

capadleman on:
Jun/19
Using NtCreateThreadEx for ...

newlulu on:
Jun/10
Branch tracing and LBR acce...

newlulu on:
Jun/10
Advanced debugging techniques

newlulu on:
Jun/10
2 anti-trace mechanisms spe...

More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit