{"id":13611455,"url":"https://github.com/gaasedelen/patching","last_synced_at":"2025-05-15T02:06:03.310Z","repository":{"id":51794152,"uuid":"457646734","full_name":"gaasedelen/patching","owner":"gaasedelen","description":"An Interactive Binary Patching Plugin for IDA Pro","archived":false,"fork":false,"pushed_at":"2024-11-24T19:12:32.000Z","size":1632,"stargazers_count":988,"open_issues_count":8,"forks_count":118,"subscribers_count":28,"default_branch":"main","last_synced_at":"2025-04-14T00:57:35.733Z","etag":null,"topics":["hexrays","ida","ida-pro","idapython","patching","reverse-engineering"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gaasedelen.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-02-10T05:44:39.000Z","updated_at":"2025-04-13T18:54:28.000Z","dependencies_parsed_at":"2024-11-07T18:35:19.278Z","dependency_job_id":"661bb33c-4962-45f2-b6e3-6af406a16aee","html_url":"https://github.com/gaasedelen/patching","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gaasedelen%2Fpatching","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gaasedelen%2Fpatching/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gaasedelen%2Fpatching/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gaasedelen%2Fpatching/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gaasedelen","download_url":"https://codeload.github.com/gaasedelen/patching/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254259370,"owners_count":22040819,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hexrays","ida","ida-pro","idapython","patching","reverse-engineering"],"created_at":"2024-08-01T19:01:55.547Z","updated_at":"2025-05-15T02:06:03.282Z","avatar_url":"https://github.com/gaasedelen.png","language":"Python","readme":"# Patching - Interactive Binary Patching for IDA Pro\n\n\u003cp align=\"center\"\u003e\u003cimg alt=\"Patching Plugin\" src=\"screenshots/title.png\"/\u003e\u003c/p\u003e\n\n## Overview\n\nPatching assembly code to change the behavior of an existing program is not uncommon in malware analysis, software reverse engineering, and broader domains of security research. This project extends the popular [IDA Pro](https://www.hex-rays.com/products/ida/) disassembler to create a more robust interactive binary patching workflow designed for rapid iteration.\n\nThis project is currently powered by a minor [fork](https://github.com/gaasedelen/keystone) of the ubiquitous [Keystone Engine](https://github.com/keystone-engine/keystone), supporting x86/x64 and Arm/Arm64 patching with plans to enable the remaining Keystone architectures in a future release.\n\nSpecial thanks to [Hex-Rays](https://hex-rays.com/) for supporting the development of this plugin.\n\n## Releases\n\n* v0.2 -- Important bugfixes, IDA 9 compatibility\n* v0.1 -- Initial release\n\n# Installation\n\nThis plugin requires IDA 7.6 and Python 3. It supports Windows, Linux, and macOS.\n\n*Please note, older versions of IDA (8.2 and below) are [not compatible](https://hex-rays.com/products/ida/news/8_2sp1/) with Python 3.11 and above.*\n\n## Easy Install\n\nRun the following line in the IDA console to automatically install the plugin:\n\n### Windows / Linux\n\n```python\nimport urllib.request as r; exec(r.urlopen('https://github.com/gaasedelen/patching/raw/main/install.py').read())\n```\n\n### macOS\n\n```python\nimport urllib.request as r; exec(r.urlopen('https://github.com/gaasedelen/patching/raw/main/install.py', cafile='/etc/ssl/cert.pem').read())\n```\n\n## Manual Install\n\nAlternatively, the plugin can be manually installed by downloading the distributable plugin package for your respective platform from the [releases](https://github.com/gaasedelen/patching/releases) page and unzipping it to your plugins folder.\n\nIt is __*strongly*__ recommended you install this plugin into IDA's user plugin directory:\n\n```python\nimport ida_diskio, os; print(os.path.join(ida_diskio.get_user_idadir(), \"plugins\"))\n```\n\n# Usage\n\nThe patching plugin will automatically load for supported architectures (x86/x64/Arm/Arm64) and inject relevant patching actions into the right click context menu of the IDA disassembly views:\n\n\u003cp align=\"center\"\u003e\u003cimg alt=\"Patching plugin right click context menu\" src=\"screenshots/usage.gif\"/\u003e\u003c/p\u003e\n\nA complete listing of the contextual patching actions are described in the following sections.\n\n## Assemble\n\nThe main patching dialog can be launched via the Assemble action in the right click context menu. It simulates a basic IDA disassembly view that can be used to edit one or several instructions in rapid succession.\n\n\u003cp align=\"center\"\u003e\u003cimg alt=\"The interactive patching dialog\" src=\"screenshots/assemble.gif\"/\u003e\u003c/p\u003e\n\nThe assembly line is an editable field that can be used to modify instructions in real-time. Pressing enter will commit (patch) the entered instruction into the database.\n\nYour current location (a.k.a your cursor) will always be highlighted in green. Instructions that will be clobbered as a result of your patch / edit will be highlighted in red prior to committing the patch.\n\n\u003cp align=\"center\"\u003e\u003cimg alt=\"Additional instructions that will be clobbered by a patch show up as red\" src=\"screenshots/clobber.png\"/\u003e\u003c/p\u003e\n\nFinally, the `UP` and `DOWN` arrow keys can be used while still focused on the editable assembly text field to quickly move the cursor up and down the disassembly view without using the mouse.\n\n## NOP\n\nThe most common patching action is to NOP out one or more instructions. For this reason, the NOP action will always be visible in the right click menu for quick access.\n\n\u003cp align=\"center\"\u003e\u003cimg alt=\"Right click NOP instruction\" src=\"screenshots/nop.gif\"/\u003e\u003c/p\u003e\n\nIndividual instructions can be NOP'ed, as well as a selected range of instructions.\n\n## Force Conditional Jump\n\nForcing a conditional jump to always execute a 'good' path is another common patching action. The plugin will only show this action when right clicking a conditional jump instruction.\n\n\u003cp align=\"center\"\u003e\u003cimg alt=\"Forcing a conditional jump\" src=\"screenshots/forcejump.gif\"/\u003e\u003c/p\u003e\n\nIf you *never* want a conditional jump to be taken, you can just NOP it instead!\n\n## Save \u0026 Quick Apply\n\nPatches can be saved (applied) to a selected executable via the patching submenu at any time. The quick-apply action makes it even faster to save subsequent patches using the same settings. \n\n\u003cp align=\"center\"\u003e\u003cimg alt=\"Applying patches to the original executable\" src=\"screenshots/save.gif\"/\u003e\u003c/p\u003e\n\nThe plugin will also make an active effort to retain a backup (`.bak`) of the original executable which it uses to 'cleanly' apply the current set of database patches during each save. \n\n## Revert Patch\n\nFinally, if you are ever unhappy with a patch you can simply right click patched (yellow) blocks of instructions to revert them to their original value.\n\n\u003cp align=\"center\"\u003e\u003cimg alt=\"Reverting patches\" src=\"screenshots/revert.gif\"/\u003e\u003c/p\u003e\n\nWhile it is 'easy' to revert bytes back to their original value, it can be 'hard' to restore analysis to its previous state. Reverting a patch may *occasionally* require additional human fixups. \n\n# Known Bugs\n\n* Further improve ARM / ARM64 / THUMB correctness\n* Define 'better' behavior for cpp::like::symbols(...) / IDBs (very sketchy right now)\n* Adding / Updating / Modifying / Showing / Warning about Relocation Entries??\n* Handle renamed registers (like against dwarf annotated idb)?\n* A number of new instructions (circa 2017 and later) are not supported by Keystone\n* A few problematic instruction encodings by Keystone\n\n# Future Work\n\nTime and motivation permitting, future work may include:\n\n* Enable the remaining major architectures supported by Keystone:\n  * PPC32 / PPC64 / MIPS32 / MIPS64 / SPARC / SystemZ\n* Multi instruction assembly (eg. `xor eax, eax; ret;`)\n* Multi line assembly (eg. shellcode / asm labels)\n* Interactive byte / data / string editing\n* Symbol hinting / auto-complete / fuzzy-matching\n* Syntax highlighting the editable assembly line\n* Better hinting of errors, syntax issues, etc\n* NOP / Force Jump from Hex-Rays view (sounds easy, but probably pretty hard!)\n* radio button toggle between 'pretty print' mode vs 'raw' mode? or display both?\n  ```\n  Pretty:  mov     [rsp+48h+dwCreationDisposition], 3\n     Raw:  mov     [rsp+20h], 3\n  ```\n\nI welcome external contributions, issues, and feature requests. Please make any pull requests to the `develop` branch of this repository if you would like them to be considered for a future release.\n\n# Authors\n\n* Markus Gaasedelen ([@gaasedelen](https://twitter.com/gaasedelen))\n","funding_links":[],"categories":["Python"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgaasedelen%2Fpatching","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgaasedelen%2Fpatching","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgaasedelen%2Fpatching/lists"}