Questions tagged [patching]
Patching is the process of adding or deleting code from an executable file in order to modify its functioning.
142 questions
0
votes
1
answer
288
views
Why after patching (x32dbg/OllyDbg) a simple binary, executed triggers UAC and launches new shell window instead of running on present as original?
I am modifying and testing a very basic Windows executable made by me (using an old 32 bit gcc[MinGW] compiler and an up-to-date Windows 11), to start doing very basic reversing from a program ...
- 133
3
votes
1
answer
412
views
How does Play integrity api assures Genuine app binary
I discovered that we can use the Play integrity api instead of safetynet now to assure the integrity off an app that is running. I am wondering if people have a way of bypassing the "Genuine app ...
- 31
0
votes
0
answers
56
views
X64dbg question
I got a program that I try to patch. Normally you get a message box or something to get at the right point in program. But this program behaves else. It opens, then you can type in your license number ...
- 1
1
vote
1
answer
121
views
Need Help Figuring out Multi-byte (in-memory) byte replacement using ida script (idc)
"I am trying to create a simple IDC script for IDA 7.7, which takes a known memory address (in the format 0x00000000), a string of replacement bytes (either in the format ffffffff or ff ff ff ff, ...
- 13
2
votes
0
answers
63
views
How does Windows Updates determine if the patches are compatible?
I am looking into Microsoft Windows updates, and how they are applied, after extracting the .msu file, we get some .cab files with patches (in PA30 format), and informations on the file attributes, ...
- 161
1
vote
0
answers
30
views
How can I create a patch to insert a menu into an executable file which does not have a menu? [duplicate]
I need help writing a patch that inserts a menu into an application which does not have one. When I an executable file in a resource editor, I found the menu and I saved the file again and it doesn't ...
- 31
1
vote
0
answers
106
views
Patched Mac application throws "Invalid value of (null) for entitlement" when running it
I have patched a specific application that I downloaded from the app store but when I ran the executable, it gave me a signal kill 9. I also reverted back the change I made, but the same error was ...
1
vote
1
answer
148
views
Under what circumstances relative to instr rip+offsets to .rdata data may not match?
I have a 100Mb binary file, in which I need to find and patch specific bytes in a function. When disassembled in IDA, this function is the only thing that ever references on unique ASCII string via ...
- 53
0
votes
2
answers
420
views
Hex editing an IP address of a different length
I am performing some Windows malware research on a rogue AV software called SpySheriff (password: infected). I want to edit the IP address within the PE (.exe) file to change it to my honeypot IP ...
- 195
1
vote
2
answers
687
views
Changing the jne to je instruction causes program to generate error
I'm trying to change the instruction from jne to je
I've change an instruction
75 0c jne [some_location]
75 0c is a 2 jump instruction.
So, I've a chaged it to from 75 0c to 74 0c which is ...
- 63
2
votes
1
answer
251
views
ApplyPatches to input file via IDC
Anybody know, how via IDC scripts applying patching for input file (i mean context menu: "Edit - Patch program - Apply patches to input file"). I viewed entire idc.idc and didn't see desired ...
5
votes
0
answers
612
views
Patching Jar File (2022)
Currently reversing a .jar program recreationally, and I understand the workflow proposed here:
https://www.netspi.com/blog/technical/thick-application-penetration-testing/patching-java-executables-...
- 51
1
vote
1
answer
489
views
Binary diff + patching across versions
What are the current options for binary patching which works across different versions of the binary?
E.g. we created a binary patch for a specific version of a binary and want to apply that patch to ...
- 61
0
votes
2
answers
191
views
How to calculate the value needed to branch two points in IDA pro?
I need to find how to get the value to make a branch between two points in IDA Pro, but I can’t figure it out. For more context: the instructions I’m following says “Calculate the value needed to do a ...
1
vote
1
answer
168
views
Inserting two digits into binary per Hex - without making EXE corrupt
I dont have much knowledge with assemblers. I beg ur pardon in advance.
I need to change an IP address in a win-binary (Net) where the IP its hard-coded.
Just changing the IP with an Hex Editor would ...
- 13
1
vote
0
answers
673
views
How to patch C# binary?
I have C# binary. I was able to use dnSpy to decompile it, and analyze. The binary was obfuscated with xenocode obfuscator.
I figured out that I can directly manipulate IL instructions if I just find ...
- 111
1
vote
1
answer
8k
views
Bypass USB key activation of a software
(The software is Chinese and contains malware. I do not know if I could upload it here, so temporarily, please let me describe it)
I am asked by a spa store to "do something" to make a ...
- 11
0
votes
1
answer
397
views
Calling MessageBoxW x64 confused about pointer
OK, I am very new to x64dbg. I used to use OllyDbg a lot and I'm having some problems with this.
I just made a customized version of MS-PAINT for practice by changing a few things like the default ...
- 101
0
votes
1
answer
159
views
ARM7 32-bit Branch Offset Calculator
I need to patch an arm7 program by replacing this fopen function by another function.
.text:00018D68 52 D7 FF EB BL fopen
...
.plt:0000EAB8 ; FILE *fopen(const ...
- 13
3
votes
1
answer
213
views
Construct a number from 0-999.9 using 5 data bytes of a MIDI SysEx message
I'm sending MIDI messages to a proprietary turntable that has an LCD screen on it. The normal software sends out updates via MIDI SysEx to display the current tempo on the LCD. The MIDI is being ...
- 33
0
votes
1
answer
579
views
How can I mod the built-in software of my digital piano?
I'm curious if anyone has any insight on how I can manipulate or mod the code for the built-in software of a digital piano (specifically the Kawai ES8 - or really any digital piano with a display ...
2
votes
1
answer
468
views
Hiding a file in a Windows operating system
I am trying to understand how to hide a file in windows as a way to learn about win api and malware analysis.
What I am trying to do is to make a file "disappear" via some kind of manipulation. But I ...
- 21
1
vote
1
answer
129
views
Executable code in the same location differs in memory and on disk
I'm trying to inject code to change the byte value of a CMP in an executable from 0 to 2 at runtime, in order to effectively no-op a boolean comparison as part of an effort to insert my own behavior. ...
- 21
0
votes
1
answer
818
views
Patch Arm binary with Ida
In Ida I can patch binary that run on x86 , but not binary that run on Arm.
How can I simply patch binary , change assembly(not only hex) and save to new binary file
- 1
1
vote
0
answers
310
views
How to hook eval function in node.js
As the eval() function of JavaScript is an evil, I want to hook or monkey-patch eval() function of JavaScript in node.js. I want to intercept all arguments passed in eval() function. Please guide me ...
- 111