PDA

View Full Version : How to edit a .dll file with IDA pro, help me?

OKMIMO
10-12-2010, 01:02 AM
Hi all,
I'm using IDA to edit a dll file, after change informations of this dll I don't know how to save them, example:
* Old dll file with function Tong:
.text:10001005 ; Attributes: thunk
.text:10001005
.text:10001005 public Tong
.text:10001005 Tong proc near
.text:10001005 jmp sub_10001010
.text:10001005 Tong endp
........
.text:10001010 ; Attributes: bp-based frame
.text:10001010
.text:10001010 sub_10001010 proc near ; CODE XREF: Tongj
.text:10001010
.text:10001010 var_40 = byte ptr -40h
.text:10001010 arg_0 = dword ptr 8
.text:10001010 arg_4 = dword ptr 0Ch
.text:10001010
.text:10001010 push ebp
.text:10001011 mov ebp, esp
.text:10001013 sub esp, 40h
.text:10001016 push ebx
.text:10001017 push esi
.text:10001018 push edi
.text:10001019 lea edi, [ebp+var_40]
.text:1000101C mov ecx, 10h
.text:10001021 mov eax, 0CCCCCCCCh
.text:10001026 rep stosd
.text:10001028 mov eax, [ebp+arg_0]
.text:1000102B sub eax,[ebp+arg_4]
.text:1000102E pop edi
.text:1000102F pop esi
.text:10001030 pop ebx
.text:10001031 mov esp, ebp
.text:10001033 pop ebp
.text:10001034 retn 8
.text:10001034 sub_10001010 endp

* I changed function Tong to Hieu (with add to sub):

.text:10001005 ; Attributes: thunk
.text:10001005
.text:10001005 public Hieu <-------Changed function name
.text:10001005 Hieu proc near
.text:10001005 jmp sub_10001010
.text:10001005 Hieu endp
........
.text:10001010 ; Attributes: bp-based frame
.text:10001010
.text:10001010 sub_10001010 proc near ; CODE XREF: Hieuj
.text:10001010
.text:10001010 var_40 = byte ptr -40h
.text:10001010 arg_0 = dword ptr 8
.text:10001010 arg_4 = dword ptr 0Ch
.text:10001010
.text:10001010 push ebp
.text:10001011 mov ebp, esp
.text:10001013 sub esp, 40h
.text:10001016 push ebx
.text:10001017 push esi
.text:10001018 push edi
.text:10001019 lea edi, [ebp+var_40]
.text:1000101C mov ecx, 10h
.text:10001021 mov eax, 0CCCCCCCCh
.text:10001026 rep stosd
.text:10001028 mov eax, [ebp+arg_0]
.text:1000102B sub eax,[ebp+arg_4] <----Changed add to sub
.text:1000102E pop edi
.text:1000102F pop esi
.text:10001030 pop ebx
.text:10001031 mov esp, ebp
.text:10001033 pop ebp
.text:10001034 retn 8
.text:10001034 sub_10001010 endp

Please help save the informations to a new dll file with function Hieu above. Which power of IDA can do this???....

Thank, regards.
Git
10-12-2010, 08:51 AM
You can't do that with IDA :) Any changes you make inside IDA stay inside IDA, it is for your info only. If you want to change the binary, use a hex editor.

Git
OKMIMO
10-13-2010, 04:43 AM
Thank Git, I have just used IDA and thinked that IDA can do this,... Hope you will help me other problems, thank again.
walkermore
11-09-2010, 03:00 AM
Each time a description of the change, there are always lots of talk about it anywhere. These are not exempt. A statement usually find is the following: "I have to change versions almost immediately, so I do not get up to date I'll keep waiting target ..
Git
11-09-2010, 06:54 AM
You can edit IDA's database with the patch function but it does NOT change the Exe. Why bother to ask questions if you are not going to believe the answers you get?

Git
OKMIMO
12-15-2010, 10:57 AM
If you want those changes copied into exe then you can use OllyDbg, this tool is very usefull,... Have fun!

I like the IDA because its interface is friendly and it's using easy.

Regards,
Mimo