Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jkoppel/reprogram

Patch binaries at load-time
https://github.com/jkoppel/reprogram

Last synced: about 1 month ago
JSON representation

Patch binaries at load-time

Host: GitHub
URL: https://github.com/jkoppel/reprogram
Owner: jkoppel
Created: 2011-12-23T06:16:06.000Z (almost 13 years ago)
Default Branch: master
Last Pushed: 2011-12-27T04:37:15.000Z (almost 13 years ago)
Last Synced: 2024-02-12T16:13:47.719Z (9 months ago)
Language: C++
Homepage:
Size: 1000 KB
Stars: 19
Watchers: 4
Forks: 5
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

##What is it

- A plugin for IDA Pro 6.1 and higher (and lower?)
- A way of making almost-arbitrary changes to an executable when run under a debugger -- even changes that don't fit
- A portmanteau of "reverse-engineering" and "reprogram"

##Installation

Drag the compiled plugin into the IDA "plugins" directory

##Usage

1. Select the region of code you wish to replace, and run REProgram from the Plugins menu or press Alt+F2.
2.In the prompt that pops up, enter the (possibly empty) code that you wish to run instead of the
selected code.
3. To return the region to normal, place your cursor anywhere
within the reprogrammed region and run the plugin again.

A list of all reprogrammed regions is available under the View menu.

##What's Possible

REProgram has two modes of working. If the assembly you type in is not
larger than the original selection, it will behave essentially the same as
if you patched the original executable. When you run the program in the
debugger, REProgram will replace the code in the selection with the
provided code, and fill in any remaining space with NOPs. As a bonus,
using REProgram to modify data segments also works in this case.

If the assembly you type in is larger than the original selection, when
control reaches a reprogrammed region, REProgram will place as many
instructions in the region as it can, and run control through that space
over and over until all the desired instructions have been executed
control passes outside of the region. In this case, jumps to the inside of
the reprogrammed region are not guaranteed to work, although jumps from
the region to the outside are. Note that, as REProgram uses breakpoints to
implement this behavior, focus will return to IDA every time a region
reprogrammed in this manner is hit; minimizing IDA is recommended.

##What's Not

Only x86 is supported. REProgram uses IDA's onboard assembler, and suffers
from all its shortcomings. One workaround is to use the db directive to
specify an instruction in raw machine language

REProgram cannot handle the case where there is an instruction larger than
the reprogrammed region it is meant to fit in; this can typically be
overcome just be widening the region to include adjacent instructions and
adding them to the reprogramming code.

##History

REProgram is a successor to nopper, which simulated nopping out code using breakpoints. nopper (and some nifty screenshots) are available at http://code.google.com/p/nopper/

REProgram was entered in the 2011 Hex-Rays Plugin Contest: http://www.hex-rays.com/contests/2011/index.shtml