0

I have just started using IDA Pro ( trial version). I am trying to De-compile a binary ARM file using IDA Pro ;Is it possible to add an entirely new function to the binary and also is it possible to change the name of an existing function?

I was looking at making the newly added function as the new entry point and rename the old entry point to something else.Also I want to use CLI and not the GUI.

Thanks SrcKode

srcKode
  • 53
  • 1
  • 1
  • 8
  • StackOverflow is a programming Q&A, is this a programming question? You may try also http://superuser.com/ – sinelaw Apr 27 '12 at 18:01

2 Answers2

0

IDA is a disassembler, it's not an executable editor. Renaming a function in the disassembly won't affect the input file. You will have to use some other means of modifying your file.

Igor Skochinsky
  • 24,629
  • 2
  • 72
  • 109
  • 1
    IDA has an option to patch a program and output a dif file, using which the assemb'y can be saved with the modifications.We may have to run some other utility to patch it though.ButI read that the latest version of PRO has the in-built capability of saving the changes from the IDE itself.My question is,is there a way to find the entry point automatically to rename/change it and also add a new function(without worrying about the offsets etc). – srcKode May 02 '12 at 04:27
0

Ida may not be the best way to do this, but you can try.

  1. Rename a function - ida gets the function name from the binary's symbol/import/export table or debug symbols. To rename the function, you'll have to parse the binary format (maybe using python cle or angr), and then change it.

  2. Adding a function - you will nees probably to compile your function first, extract it for its complied binary (using ida or objdump), and put it somewhere in the binary.

  3. To replace the enrty point - there is no such function called 'entry', thats just the name ida gives to the addreaa of entry_point in the PE/ELF format. To replace the entrypoint, all you have to do is change the address of the entry_point field (located in ..optional header for PE, and in Elf header for ELF.

  4. On windows, you can use idat.exe / idat64.exe (located in ida install directory) But don't do it. I have never seen anyone using ida cli. And I'm prettry sure good hackers just use the GUI, its much better.

789
  • 718
  • 1
  • 10
  • 30