Jump to content
zhuk

How to edit a binary file?

Recommended Posts

The question from beginner in this branch 🙂

I have researched one dll file (it is unmanaged c/c++) using IDA and found the function IsRegistered().

It seems it returns 0 when it is trial or 1 if it was registered . I need to fix this function: it should return 1 always.

Ok, I see it in IDA in disassembled code but the question is: how to fix the binary? What tool to use?

 

Share this post


Link to post

In my opinion: use a hex tool like HxD or x64dbg. in other ways I think Ghidra is good.

Share this post


Link to post

I think you need to understand the assembly code for that function, watch which registers it changes when it returns 1 or 0 to the caller

usually MOV EAX, 1 and RET

put a BP on that function, when it's called, edit the first instruction of its code to get the correct result in the registers

and then return to the caller, you can use x64dbg to apply patches to the file.

Share this post


Link to post
45 minutes ago, Kurapica said:

I think you need to understand the assembly code for that function, watch which registers it changes when it returns 1 or 0 to the caller

usually MOV EAX, 1 and RET

put a BP on that function, when it's called, edit the first instruction of its code to get the correct result in the registers

and then return to the caller, you can use x64dbg to apply patches to the file.

 

I am learning the x86 asm.  The functions has some conditional branches but finally to it seems mov eax, 0 or 1.

Ok

Share this post


Link to post

IMHO, for fast patching is definitely best Hiew.

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now

×
×
  • Create New...