Search code examples
assemblyarmida

IDA Pro: How to modify a function to always return true?

Iam newbie at reverse engineering, i am try to fix with ida pro but i have no idea how i willd o this. Here is the routine. Can anyone explain what I need to modify to make it return TRUE

.text:0000000000006D30 ; =============== S U B R O U T I N E =======================================
.text:0000000000006D30
.text:0000000000006D30
.text:0000000000006D30                 public IsFeatureEnabled
.text:0000000000006D30 IsFeatureEnabled proc near              ; DATA XREF: LOAD:0000000000001228↑o
.text:0000000000006D30 ; __unwind {
.text:0000000000006D30                 test    rdi, rdi
.text:0000000000006D33                 jz      short loc_6D50
.text:0000000000006D35                 sub     rsp, 8
.text:0000000000006D39                 add     rdi, 8
.text:0000000000006D3D                 call    sub_AFE0
.text:0000000000006D42                 add     rsp, 8
.text:0000000000006D46                 movzx   eax, al
.text:0000000000006D49                 retn
.text:0000000000006D49 ; ---------------------------------------------------------------------------
.text:0000000000006D4A                 align 10h
.text:0000000000006D50
.text:0000000000006D50 loc_6D50:                               ; CODE XREF: IsFeatureEnabled+3↑j
.text:0000000000006D50                 xor     eax, eax
.text:0000000000006D52                 retn
.text:0000000000006D52 ; } // starts at 6D30
.text:0000000000006D52 IsFeatureEnabled endp
.text:0000000000006D52
.text:0000000000006D52 ; ---------------------------------------------------------------------------
Solution

  • Set the cursor on the 0000000000006D30 line (begining of the IsFeatureEnabled function). Right click - "Synchronise with" -> "Hex View" should be checked.

    Open Hex-View window, press F2, type 33 C0 40 C3

    That means the following:

       xor eax, eax ; 33 C0
   inc eax ; 40
   retn ; C3

    If you want to save this in a file, do the following.

    Copy 10-20 bytes around your patch and find hex string (e.g. "50 DE 64 11 ...") in a hex editor (WinHex, 010 Editor, Frhed, etc.), make sure enough bytes are copied and only one sequence is found, replace original bytes of the function with patched bytes. Try to execute your patched version. Sometimes it's a bit harder due to the relocations. But this is a next level.

    P.S. I don't support software piracy. So, do this in the education purpose only!