search

keystone-engine / keypatch

Multi-architecture assembler for IDA Pro. Powered by Keystone Engine.
http://www.keystone-engine.org/keypatch
GNU General Public License v2.0
1.49k stars 355 forks source link

64-bit fixup is losing high bits of address #35

Open n-o-o-n opened 6 years ago

n-o-o-n commented 6 years ago

Steps to reproduce:

  1. Open a 64-bit application in IDA 7.0, for example, firefox.exe.
  2. At the beginning of 'main()' function try to patch 'jmp main'. The dialog would show: 
    Assembly: jmp main
- Fixup:  jmp 0x40001090
- Encode: ...

    if you replace it with jmp 0x140001090, then it works.

aquynh commented 6 years ago

Can you fix this with a pull req?

n-o-o-n commented 6 years ago

I don't really know how to fix it. All I know is that when address goes to ida_resolve(), it is a correct 64-bit address. Then it goes to

                (t, v) = idaapi.get_name_value(address, sym)

and v is only 32-bits LSB of address.

n-o-o-n commented 6 years ago

Please see commit b8b0f79.