Created
February 18, 2025 21:51
-
-
Save mahmoudimus/6362552f03db78e75aaf9468ff19b9f6 to your computer and use it in GitHub Desktop.
Program for using IDA's .dif files to patch binaries
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # from https://reverseengineering.stackexchange.com/a/11835/13408 | |
| # ported to python3 and IDA 8.0+ by Mahmoud Abdelkader | |
| import idaapi | |
| import ida_bytes | |
| import ida_kernwin | |
| def apply_dif_file(dif_file_name): | |
| print("Applying " + dif_file_name + " to database.") | |
| with open(dif_file_name, "r") as f: | |
| for line in f: | |
| if ":" not in line: | |
| continue | |
| splitted = line.split() | |
| off_in_file = splitted[0].replace(":", "") | |
| initial_byte = splitted[1] | |
| new_byte = splitted[2] | |
| # Converting offset to integer and then to the effective address | |
| offset = int(off_in_file, 16) | |
| ea = idaapi.get_fileregion_ea(offset) | |
| # Converting new byte from hex to integer | |
| new_byte_num = int(new_byte, 16) | |
| log = ("Patching 0x" + initial_byte + " to 0x" + new_byte + | |
| " at 0x%X (ea 0x%X)..." % (offset, ea)) | |
| current_byte = ida_bytes.get_db_byte(ea) | |
| if current_byte == new_byte_num: | |
| print(log + " Already patched") | |
| continue | |
| elif current_byte != int(initial_byte, 16): | |
| print(log + " Wrong byte 0x%X detected, aborting!!!" % current_byte) | |
| return | |
| print(log) | |
| ida_bytes.patch_byte(ea, new_byte_num) | |
| print("Done patching") | |
| def apply_dif(): | |
| dif_path = ida_kernwin.ask_file(0, "*.dif", "Select .dif file") | |
| if dif_path is None: | |
| print("No file selected") | |
| return | |
| apply_dif_file(dif_path) | |
| apply_dif() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment