Flag: Tornado!
Hurricane!
|
|
Topic created on: September 27, 2007 23:33 CDT by Psimitar  .
IDA Pro is the only program that has let me effect the .exe that I want, its just that I can't find an output file of ASM, INC, LST, MAP to reassemble the exe file with the changes I've made. I've tried MASM and TASM and they can't read the file. Since I could make an html format, and possibly make it to .exe, should I go for it? Thanks for your time!
|
IDA generates a DB using its own format .. in order to get a output file in text format you should look under File->Produce file and select the output you want :) or press alt+f10 to create a file .. i hope this helps you ..as im not 100% sure i understand fully what you wrote
|
> Soul12: IDA generates a DB using its own format .. in order to get a output file in text format you should look under File->Produce file and select the output you want :) or press alt+f10 to create a file .. i hope this helps you ..as im not 100% sure i understand fully what you wrote
Well, I'm making changes to an .exe file in IDA Pro after converting it to .idb. I want to reassemble the .exe file after making those changes, its just that I've tried converting it into ASM and then try to make it into .exe from there. Doesn't work. IDA Pro refuses to make an .exe file from the decompiled code saying the format isn't supported yet has the entry for it. So I'm trying to reassemble it from .idb and I need a program that can recompile the .exe from one of the other output files. Trouble is, MASM and TASM can't recompile the ASM to EXE they crash.
|
The "produce an .exe" functionality was only for DOS executables, IIRC. IDA is a great tool, but is not suitable for re-generating an executable (e.g., from the disassembly).
Your best bet would be to write an IDC script that looks for patched bytes (GetByte() vs. GetOriginalByte()) and use that information to generate some sort of (proprietary) binary diff format that could then be applied to the original EXE.
|
|
IDA supports what PSUJobu said natively: do File->Produce file->Create .DIF file. This won't generate a new executable, but will generate a difference file that allows you to patch the existing one, which is presumably good enough.
|
> RolfRolles: IDA supports what PSUJobu said natively: do File->Produce file->Create .DIF file. This won\'t generate a new executable, but will generate a difference file that allows you to patch the existing one, which is presumably good enough.
Thanks for the tip, Rolf! I'm amazed that even after years of daily use, I still find new features in IDA! That makes two this week! ;-)
|
don't forget about CRC - after patching type: "editdin.exe your-program.exe /RELEASE", where exitbin.exe is the M$ tool coming with M$ VS and other M$ products.
don't forget about signing.
don't forget about fixups (by the way, IDA warns you if you try to patch relocations).
I wrote a set of articles, explaining how to produce asm file and how to translate it. but... I have no English version yet.
in most cases you need asm file allowing you make significant changes, not only silly bit-hacking. IDA can produce an asm-file, but IDA does it in very strange manner, giving you a broken file and you have to fix many errors to run file without crash.
|
IDB to EXE can be done via IDC pe_scripts
http://www.datarescue.com/idabase/freefiles/pe_scripts.zip
pe_write creates exe file from original or modified IDA database.
Darko
|
|
yes, this is very powerful and useful script kit. just imagine: you have unpacked program with IDA and want to write it to PE-file, guess what you should do? well, use this kit and have fun!
|
> darko: IDB to EXE can be done via IDC pe_scripts
>
> http://www.datarescue.com/idabase/freefiles/pe_scripts.zip
>
> pe_write creates exe file from original or modified IDA database.
>
> Darko
That program says the header section is not first section
please help
|
hi,
pe_write.idc expects pe_sections.idc to be run first.
running pe_sections.idc would populate many info expected by pe_write.idc
neox.
|
Try luck with this oneliner:
auto i;auto fd;fd=fopen("dumped.exe","w");for(i=MinEA();i<MaxEA();i++)fputc(Byte(i),fd);fclose(fd);
|
> trufae: Try luck with this oneliner:
>
> auto i;auto fd;fd=fopen(\"dumped.exe\",\"w\");for(i=MinEA();i<MaxEA();i++)fputc(Byte(i),fd);fclose(fd);
This will lost MZ, PE, Data-directory, Section info,so i think if you haven't used any other special method (ex:pe_sections.idc ) to save thos info,then you would't got the intact exe file
|
|
try black-eye plugin it makes changes into exe it you patch or modify idb
|
Note: Registration is required to post to the forums.
|
|
|
|
There are 31,313 total registered users.
|
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}