## A simple Script that fixes in correct JMPs or Calls in IDA from ## text:00402832 cmp eax, 1 ## text:00402835 jnz short loc_402839 ## text:00402837 jmp short near ptr loc_402839+1 ; <- bad ## text:00402839 ; --------------------------------------------------------------------------- ## text:00402839 ## text:00402839 loc_402839: ; CODE XREF: sub_402810+25 j ## text:00402839 ; sub_402810+27 j ## text:00402839 psubsb mm4, qword ptr [ecx-0Ch] ## text:00402839 ; --------------------------------------------------------------------------- ## text:0040283D db 0FFh ## text:0040283E db 0FFh ## ## to ## ## text:00402832 cmp eax, 1 ## text:00402835 jnz short near ptr unk_402839 ## text:00402837 jmp short loc_40283A ; <- good ## text:00402837 ; --------------------------------------------------------------------------- ## text:00402839 unk_402839 db 0Fh ; CODE XREF: sub_402810+25 j ## text:0040283A ; --------------------------------------------------------------------------- ## text:0040283A ## text:0040283A loc_40283A: ; CODE XREF: sub_402810+27 j ## text:0040283A call sub_401CA0 ## text:0040283F popa ## created by <alexander><dot><hanel><at><gmail<dot><com> def fixTheJmpCalls(): # kind of slow to loop through all the functions and instructions but it works # flaw: only defined functions will be traversed. I'm workong on solving this. for funcea in Functions( SegStart( here() ), SegEnd( here() ) ): for eai in FuncItems(funcea): if GetMnem(eai) == "jmp" or GetMnem(eai) == "call": if GetDisasm(eai)[-2:-1] == "+" and GetDisasm(eai)[-1:].isdigit(): print "Broken Instruction: %X"%eai, GetDisasm(eai) code_addr = GetOperandValue(eai, 0) fix_addr = code_addr -1 MakeUnkn(fix_addr,1) MakeCode(code_addr) fixTheJmpCalls()
Fixing Incorrect JMP+1 or Call+1 in IDA
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment