-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathmain.c
202 lines (193 loc) · 4.65 KB
/
main.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include "grepline.h"
#define OS_HEXLINE 16
#define OS_NEWLINE 1
#ifdef _WIN32
# define READ "rb"
# define WRITE "wb"
# ifndef _CRT_SECURE_NO_WARNINGS
# define _CRT_SECURE_NO_WARNINGS
# endif /*_CRT_SECURE_NO_WARNINGS*/
# elif linux
# define READ "r"
# define WRITE "w"
# else
# error Unknown system.
#endif /*_WIN32*/
void help(char * exe)
{
printf("IDA .dif patcher\nUsage: %s .dif output\n\t.dif - path to a .dif file to use\n\toutput - output file\n", exe);
}
int8_t CheckIDAVersion(FILE * DifFile)
{
int8_t result = 0;
size_t len = 0;
char * line = NULL;
grepline(&line, &len, DifFile);
printf("STATS: %i\n", len-OS_HEXLINE);
if(!strncmp(line,"This difference file has been created by IDA Pro",len-OS_HEXLINE) && 33 == len-OS_HEXLINE)
{
result = 6; /*IDA 6*/
}
else
{
if(!strncmp(line, "This difference file is created by The Interactive Disassembler",len-OS_HEXLINE) && 48 == len-OS_HEXLINE)
{
result = 5; /*IDA 5*/
}
}
free(line);
return result;
}
int8_t CheckNewline(FILE * DifFile)
{
int8_t result = 1;
size_t len = 0;
char * line = NULL;
grepline(&line, &len, DifFile);
if(len != OS_NEWLINE)
{
result = 0; /*This is not an empty line*/
}
free(line);
return result;
}
void ReadFileName(FILE * DifFile, char ** BinaryFileName)
{
size_t len = 0;
char * line = NULL;
grepline(&line,&len,DifFile);
len = len - OS_NEWLINE;
*BinaryFileName = malloc(len+1);
memset(*BinaryFileName,0,len+1);
memcpy(*BinaryFileName,line,len);
free(line);
}
void IDADifPatch(FILE * DifFile, FILE * Binary, FILE * NewFile)
{
char OffsetString[9];
uint32_t OffsetTarget = 0;
uint32_t OffsetCurrent = 0;
size_t len = 0;
char * line = NULL;
uint8_t New = 0;
uint8_t Old = 0;
int Buffer = 0;
grepline(&line,&len,DifFile);
while(!feof(DifFile) && len == OS_HEXLINE)
{
/* Getting target offset */
memset(OffsetString,0,9);
memcpy(OffsetString,line,8);
OffsetTarget = strtoul(OffsetString,NULL,16);
printf("PATCH: @%s : ", OffsetString);
/* Preparing old and new byte */
memset(OffsetString,0,3);
memcpy(OffsetString,line+10,2);
Old = (uint8_t)strtol(OffsetString,NULL,16);
memset(OffsetString,0,3);
memcpy(OffsetString,line+13,2);
New = (uint8_t)strtol(OffsetString,NULL,16);
/* Filling space before target offset */
while(OffsetCurrent < OffsetTarget)
{
fputc(fgetc(Binary),NewFile);
++OffsetCurrent;
}
/* Patching a byte */
printf("%X->%X\n", Old, New);
Buffer = fgetc(Binary);
/* Checking if we found an expected byte */
if(Buffer != Old)
{
printf("WARNING: @%X : expected %X : got %X\n", OffsetTarget, Old, Buffer);
}
fputc(New,NewFile);
++OffsetCurrent;
grepline(&line, &len, DifFile);
}
free(line);
/* Done reading difference file. Filling the rest of the binary */
while(!feof(Binary))
{
Buffer = fgetc(Binary);
if(Buffer != EOF)
{
fputc(Buffer,NewFile);
}
}
puts("PATCH: Finished!");
}
int main(int argc, char *argv[])
{
FILE * DifFile;
FILE * NewFile;
FILE * Binary;
char * BinaryFileName = NULL;
int8_t IDAVersion = 0;
int8_t IDAnewline = 0;
/* Did we forget arguments? */
if(argc != 3)
{
help(argv[0]);
exit(1);
}
/* We can't work on empty files */
DifFile = fopen(argv[1], "r");
if(DifFile == NULL)
{
puts("ERROR: empty file");
fclose(DifFile);
exit(1);
}
else
{
puts("OK: File opened");
}
/* Let's check if this is an actual IDA difference file */
IDAVersion = CheckIDAVersion(DifFile);
if(IDAVersion != 5 && IDAVersion != 6)
{
puts("WARNING: Unsupported disassembler detected. Proceed with caution.");
}
else
{
printf("OK: IDA %i recognized and hopefully not a spoof. Cross your fingers.\n",IDAVersion);
}
/* IDA difference files have 2nd line empty */
IDAnewline = CheckNewline(DifFile);
if(!IDAnewline)
{
puts("ERROR: Failed newline check. Aborting patch.");
fclose(DifFile);
exit(1);
}
/* If we haven't failed this far, we have to extract the binary name and open it */
ReadFileName(DifFile,&BinaryFileName);
Binary = fopen(BinaryFileName,READ);
/* Let's check if this isn't a dummy */
if(Binary == NULL)
{
printf("ERROR: Original file doesn't exist.\nINFO: ORIG %s\n",BinaryFileName);
free(BinaryFileName);
fclose(Binary);
fclose(DifFile);
exit(1);
}
/* Finally, let's create a new file to write to.
* NOTE: file with the same name will be overwritten without patcher giving prior notice! */
NewFile = fopen(argv[2],WRITE);
/* Declare some stuff */
printf("DIF\tORIG\tOUT\n%s\t%s\t%s\n",argv[1],BinaryFileName,argv[2]);
free(BinaryFileName);
/* Ready, set, patch! */
IDADifPatch(DifFile,Binary,NewFile);
/* Cleaning up */
fclose(DifFile);
fclose(Binary);
fclose(NewFile);
return 0;
}