IDA Python Instruction Modification and Adding

939 views

Skip to first unread message

Dick W

unread,

May 31, 2009, 11:06:07 PM5/31/09

to idapython

I'm attempting to do some analysis and program rewriting using IDA as
my disassembler. I've already created a python script to go through
the different segments via the functions, and then step through the
instructions, but what I need to be able to do is change instructions
and also add instructions.

I know that there is functionality for creating a new segment, but can
I add a new segment to the pe file after the rest of the segments, and
if so, how can I add specific instructions to it?

Also, is there a way to tell idapython to overwrite one or more
instructions with something else and then reanalyze?

If either of these is possible, I'd much appreciate some advice on how
to do them. Thanks a lot.

Gergely Erdelyi

unread,

Jun 2, 2009, 12:38:37 PM6/2/09

to idap...@googlegroups.com

Hello,

On Mon, Jun 1, 2009 at 6:06 AM, Dick W <dickd...@gmail.com> wrote:
> I'm attempting to do some analysis and program rewriting using IDA as
> my disassembler. I've already created a python script to go through
> the different segments via the functions, and then step through the
> instructions, but what I need to be able to do is change instructions
> and also add instructions.
>
> I know that there is functionality for creating a new segment, but can
> I add a new segment to the pe file after the rest of the segments, and
> if so, how can I add specific instructions to it?

This is how I would go about doing that:

------8<---------8<---------8<----------
import idaapi

segaddr = 0x100000
code = [
"mov eax, 1",
"xor ebx, ebx",
"push eax",
]

# Create a new segment
print SegCreate(segaddr, segaddr+0x1000, 0, 1, 0, 0)
print SegRename(segaddr, ".myseg")
# Patch in the instructions line-by-line
ea = segaddr
for line in code:
idaapi.assemble(ea, 0, 0, True, line)
ea += MakeCode(ea)
------8<---------8<---------8<----------

> Also, is there a way to tell idapython to overwrite one or more
> instructions with something else and then reanalyze?

You can use assemble() and PatchByte() in conjunction with MakeCode()
to update the disassembly according to the new bytes.

> If either of these is possible, I'd much appreciate some advice on how
> to do them. Thanks a lot.

The code above should work fine with version 1.1.92 from

http://code.google.com/p/idapython/downloads/list

Cheers,

Gergo

Reply all

Reply to author

Forward

0 new messages