Closed quangnh89 closed 8 years ago
Your "Fill with NOPs" is x86-specific code. Please make sure that "Fill with NOPs" context menu is only registered on supported arch (x86).
Thanks for reviewing my work. I have fixed this issue and committed code.
this is nice, but to be consistent with existing features, there are still some works to do:
see related screenshots here https://twitter.com/keystone_engine/status/764847048344477696
This looks usefull. What about make it support any arch? (Like ARM.)
@balika011 Thank for your advice. I will make it support any arch. I think the feature which re-analyzes automatically after patching makes me slow-down. "reanalyse" option is needed.
def patch_code(self, address, assembly, syntax, padding, save_origcode, reanalyze = True, orig_asm = None, patch_data = None):
global patch_info
# ........
if reanalyze:
# ask IDA to re-analyze the patched area
idaapi.analyze_area(address, orig_func_end)
# try to fix IDA function re-analyze issue after patching
idaapi.func_setend(address, orig_func_end)
Reanalyzing should be a must, but not a choice. This is what we are already doing with the current patcher.
I'm analyzing a malware obfuscated by some tools and analysis of IDA always fails to detect address of the end of functions. I can send you this sample for further information.
In that case, we can still go ahead patch ing, but do not reanalyze code. But we should log this issue, and warn user on what happened (using Warning() popup message, for example).
If you have a better idea, lets discuss here.
merged into the "test" branch at https://github.com/keystone-engine/keypatch/tree/test will merge into "master" when it is ready, thanks.
please send future pull requests for the "test" branch.
This feature is very similar to OllyDbg.