I just noticed that the submenu called "Patch program" under the edit menu of IDA Pro is removed in version 4.21! These are the functions that e.g. let you enter your own assemly code into the file, and custom data bytes and so on.

If I open the exact same database in version 4.17, those options are there as usual, but they're nowhere to be found in 4.21.

I looked in the IDA help file and update notes, but couldn't find anything about it. They can't just have removed this, right?! It's a very handy feature, also for many other purposes that cracking.

Does anyone have any idea whatsoever about how to access these functions in current versions?

(and yes, I searched on this board too, and found nothing about it)

greetings,

don't know how it works. perhaps some editing of config files gets it back.

h**p://www.datarescue.com/ubb/ultimatebb.php?ubb=get_topic;f=1;t=000343

You can edit the config file to get it back...

Yep, I found it after reading on their support board, thanks!

But it's still a bit ominous that they have removed it like that I think, and also they give pretty evasive answers to people who ask about it on their board, so I'm not sure what's up with that.

I really hope they don't remove it completely in a future update, that would be really stupid. It's a really useful feature.

Ok, in the recent versions it seems to be even worse. You can still get those menu items back the same way (see below), but now when I try to produce a diff file after having done my patch, the diff file always turns out blank anyway!? (I normally make the patch inside IDA, then produce a diff file, and then feed this diff file to a special patcher I have written, which takes these diff files as input)

Has anyone else experienced this problem? Any solutions or suggestions to what might be the problem?

And also, for documentation purposes, here is the procedure to get the patch menu items back, discussed in the posts above:

1.
Open the file "idagui.cfg" for editing.
2.
Search for the term "DISPLAY_PATCH_SUBMENU".
3.
If it exists, change its value to "YES" instead of "NO", and if it doesn't exist, add the following line to the file:


Btw, is there a smarter way to export a patch you have made inside IDA, than the one I describe above? If I remember correctly, the "Create exe file" did not include my patches when I tried earlier...

Ok, I found some discussions about it here:

http://www.datarescue.com/ubb/ultimatebb.php?ubb=get_topic;f=1;t=000498

http://www.datarescue.com/ubb/ultimatebb.php?ubb=get_topic;f=1;t=000547

and it actually seems to be a bug in IDA 4.5.

The problem is that I cannot find that plugin they are talking about in that thread, and my IDA license expired before 4.6 was released, so I cannot check myself if is has been fixed in that one (it's not certain though, because those bastards are being so incredibly reluctant to touch anything that's related to the patch function due to the "bad things" it can hypothetically be used for, even if it involves fixing a bug in their own program it seems).

Could anyone who has access to a (legal) copy of IDA 4.6x check if this problem is resolved in that version?

The "Patch program" option DOES exist under the "Edit" menu in IDA 4.6.0. It has three choices:

Change Byte
Change Word
Assemble

All three have ellipses (...)

I've never used it, so I don't know how well it works.

Sarge

Do you mean that these items are present in the edit menu without having to edit the config file in version 4.6?

And could you maybe just try to patch one or a few bytes in the middle of the code segment of some random disassembled file in IDA, then save your IDA database, and then use the "Create DIF file" from the "Produce" item of the "File" menu, and see if the produced file turns out empty or not? That would be really great, if you have a few minutes to spare.

Umm..Yes and No.

If you run IDA, without specifying a target program, you will get the Patch menu option. If you later load a target, or start IDA with a target, you will NOT get the Patch menu.

The reason has to do with the way IDA starts. When IDA loads, it reads the IDA config script. At this point, the Patch option is enabled. When IDA loads a target (either thru the File menu or as parts of its Command line), it again reads the config script. This double read is necessary for IDA to both set itself up, and to set up the disassembler for the appropriate processor. After that, it reads the USER config script. That script has the command that causes the Patch option to be turned off; that's why you have to edit it.

Once the Patch option is enabled for usage with a target file, you can then patch a program. I chose a simple 2-byte jump command, and used the Patch/Word option to simply reverse the two bytes with each other. Then, using the Dif command, produced a small text file with the ".dif" extension. Opening the file in Notepad showed three lines; the first was the obligatory "...created by IDA..." announcement, followed by two lines of a before/after description.

As an FYI, I don't believe I had to do a database Save inbetween.

Hope this helps.

Sarge

Ok, thanks for the confirmation! I'm glad to hear they fixed that bug in 4.6.

When I do the exact same thing in 4.5, I also get a dif-file containing three lines, but rather as follows (i.e. containing no data about the patch):

One minor correction:
The second cfg IDA reads is the IDA GUI config file; the USER config file (if it exists), is third.

If I get a chance, I will try the same thing in 4.5.

Sarge

That would be great, to rule out any possible differences in our procedures.

My 4.5 "fails" in the same manner your does.

Sarge

Ok, excellent to have that settled once and for all, thanks!