Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse/Social Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 10-12-2010, 01:02 AM
OKMIMO OKMIMO is offline
Member
 
Join Date: Oct 2010
Posts: 9
Default How to edit a .dll file with IDA pro, help me?

Hi all,
I'm using IDA to edit a dll file, after change informations of this dll I don't know how to save them, example:
* Old dll file with function Tong:
PHP Code:
.text:10001005 Attributesthunk
.text:10001005
.text:10001005                 public Tong
.text:10001005 Tong            proc near
.text:10001005                 jmp     sub_10001010
.text:10001005 Tong            endp
........
.
text:10001010 Attributesbp-based frame
.text:10001010
.text:10001010 sub_10001010    proc near               CODE XREFTongj
.text:10001010
.text:10001010 var_40          byte ptr -40h
.text:10001010 arg_0           dword ptr  8
.text:10001010 arg_4           dword ptr  0Ch
.text:10001010
.text:10001010                 push    ebp
.text:10001011                 mov     ebpesp
.text:10001013                 sub     esp40h
.text:10001016                 push    ebx
.text:10001017                 push    esi
.text:10001018                 push    edi
.text:10001019                 lea     edi, [ebp+var_40]
.
text:1000101C                 mov     ecx10h
.text:10001021                 mov     eax0CCCCCCCCh
.text:10001026                 rep stosd
.text:10001028                 mov     eax, [ebp+arg_0]
.
text:1000102B                 sub     eax,[ebp+arg_4]
.
text:1000102E                 pop     edi
.text:1000102F                 pop     esi
.text:10001030                 pop     ebx
.text:10001031                 mov     espebp
.text:10001033                 pop     ebp
.text:10001034                 retn    8
.text:10001034 sub_10001010    endp 
* I changed function Tong to Hieu (with add to sub):

PHP Code:
.text:10001005 Attributesthunk
.text:10001005
.text:10001005                 public Hieu <-------Changed function name
.text:10001005 Hieu            proc near
.text:10001005                 jmp     sub_10001010
.text:10001005 Hieu            endp
........
.
text:10001010 Attributesbp-based frame
.text:10001010
.text:10001010 sub_10001010    proc near               CODE XREFHieuj
.text:10001010
.text:10001010 var_40          byte ptr -40h
.text:10001010 arg_0           dword ptr  8
.text:10001010 arg_4           dword ptr  0Ch
.text:10001010
.text:10001010                 push    ebp
.text:10001011                 mov     ebpesp
.text:10001013                 sub     esp40h
.text:10001016                 push    ebx
.text:10001017                 push    esi
.text:10001018                 push    edi
.text:10001019                 lea     edi, [ebp+var_40]
.
text:1000101C                 mov     ecx10h
.text:10001021                 mov     eax0CCCCCCCCh
.text:10001026                 rep stosd
.text:10001028                 mov     eax, [ebp+arg_0]
.
text:1000102B                 sub     eax,[ebp+arg_4]      <----Changed add to sub
.text:1000102E                 pop     edi
.text:1000102F                 pop     esi
.text:10001030                 pop     ebx
.text:10001031                 mov     espebp
.text:10001033                 pop     ebp
.text:10001034                 retn    8
.text:10001034 sub_10001010    endp 
Please help save the informations to a new dll file with function Hieu above. Which power of IDA can do this???....

Thank, regards.
Reply With Quote
  #2  
Old 10-12-2010, 08:51 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

You can't do that with IDA Any changes you make inside IDA stay inside IDA, it is for your info only. If you want to change the binary, use a hex editor.

Git
Reply With Quote
  #3  
Old 10-13-2010, 04:43 AM
OKMIMO OKMIMO is offline
Member
 
Join Date: Oct 2010
Posts: 9
Default

Thank Git, I have just used IDA and thinked that IDA can do this,... Hope you will help me other problems, thank again.
Reply With Quote
  #4  
Old 11-09-2010, 03:00 AM
walkermore walkermore is offline
Junior Member
 
Join Date: Nov 2010
Posts: 1
Default

Each time a description of the change, there are always lots of talk about it anywhere. These are not exempt. A statement usually find is the following: "I have to change versions almost immediately, so I do not get up to date I'll keep waiting target ..
Reply With Quote
  #5  
Old 11-09-2010, 06:54 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

You can edit IDA's database with the patch function but it does NOT change the Exe. Why bother to ask questions if you are not going to believe the answers you get?

Git
Reply With Quote
  #6  
Old 12-15-2010, 10:57 AM
OKMIMO OKMIMO is offline
Member
 
Join Date: Oct 2010
Posts: 9
Default

If you want those changes copied into exe then you can use OllyDbg, this tool is very usefull,... Have fun!

I like the IDA because its interface is friendly and it's using easy.

Regards,
Mimo
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.