R0 CREW

Ida pro change local variable with given string?

hi all i have an local variable called name is version and value is info.version, i want to replace this value eg “5555”
i think here is the this variable value line

.text:0000000000006BCC                 mov     [rsp+0B8h+var_B8], rdx

its enouhg replace [rsp+0B8h+var_B8] this with “5555” hex ?
how can i replace this value with given string ?

Full part of subroutine

.text:0000000000006B80 ; =============== S U B R O U T I N E =======================================
.text:0000000000006B80
.text:0000000000006B80
.text:0000000000006B80                 public GetResponseAll
.text:0000000000006B80 GetResponseAll proc near         ; DATA XREF: LOAD:0000000000001108↑o
.text:0000000000006B80
.text:0000000000006B80 var_B8          = qword ptr -0B8h
.text:0000000000006B80 var_B0          = qword ptr -0B0h
.text:0000000000006B80 var_A8          = qword ptr -0A8h
.text:0000000000006B80 var_A0          = qword ptr -0A0h
.text:0000000000006B80 var_98          = byte ptr -98h
.text:0000000000006B80 var_97          = byte ptr -97h
.text:0000000000006B80 var_96          = word ptr -96h
.text:0000000000006B80 var_90          = qword ptr -90h
.text:0000000000006B80 var_88          = qword ptr -88h
.text:0000000000006B80 var_80          = qword ptr -80h
.text:0000000000006B80 var_78          = qword ptr -78h
.text:0000000000006B80 var_70          = qword ptr -70h
.text:0000000000006B80 var_68          = qword ptr -68h
.text:0000000000006B80 var_60          = qword ptr -60h
.text:0000000000006B80 var_58          = qword ptr -58h
.text:0000000000006B80 var_50          = qword ptr -50h
.text:0000000000006B80 var_48          = dword ptr -48h
.text:0000000000006B80 var_44          = dword ptr -44h
.text:0000000000006B80 var_40          = qword ptr -40h
.text:0000000000006B80 var_38          = qword ptr -38h
.text:0000000000006B80 var_30          = dword ptr -30h
.text:0000000000006B80 var_28          = qword ptr -28h
.text:0000000000006B80
.text:0000000000006B80 ; __unwind {
.text:0000000000006B80                 test    rdi, rdi
.text:0000000000006B83                 jz      loc_6D10
.text:0000000000006B89                 test    rsi, rsi
.text:0000000000006B8C                 jz      loc_6D10
.text:0000000000006B92                 push    r12
.text:0000000000006B94                 push    rbp
.text:0000000000006B95                 lea     rbp, [rdi+8]
.text:0000000000006B99                 push    rbx
.text:0000000000006B9A                 mov     rbx, rdi
.text:0000000000006B9D                 mov     r12, rsi
.text:0000000000006BA0                 mov     rdi, rbp
.text:0000000000006BA3                 sub     rsp, 0A0h
.text:0000000000006BAA                 call    sub_B150
.text:0000000000006BAF                 test    rax, rax
.text:0000000000006BB2                 jz      loc_6D18
.text:0000000000006BB8                 mov     rdx, [rax+8]
.text:0000000000006BBC                 mov     rcx, [rax+28h]
.text:0000000000006BC0                 mov     rdi, rbp
.text:0000000000006BC3                 mov     rbx, [rax+30h]
.text:0000000000006BC7                 mov     [rsp+0B8h+var_B0], rcx
.text:0000000000006BCC                 mov     [rsp+0B8h+var_B8], rdx
.text:0000000000006BD0                 mov     [rsp+0B8h+var_A8], rbx
.text:0000000000006BD5                 mov     rdx, [rax]
.text:0000000000006BD8                 lea     rbx, qword_22F4A0
.text:0000000000006BDF                 mov     [rsp+0B8h+var_A0], rdx
.text:0000000000006BE4                 movzx   edx, byte ptr [rax+38h]
.text:0000000000006BE8                 mov     rsi, [rbx]
.text:0000000000006BEB                 mov     [rsp+0B8h+var_98], dl
.text:0000000000006BEF                 movzx   edx, byte ptr [rax+39h]
.text:0000000000006BF3                 mov     [rsp+0B8h+var_97], dl
.text:0000000000006BF7                 movzx   edx, word ptr [rax+3Ah]
.text:0000000000006BFB                 mov     [rsp+0B8h+var_96], dx
.text:0000000000006C00                 mov     rdx, [rax+40h]
.text:0000000000006C04                 mov     [rsp+0B8h+var_90], rdx
.text:0000000000006C09                 mov     rdx, [rax+60h]
.text:0000000000006C0D                 mov     [rsp+0B8h+var_88], rdx
.text:0000000000006C12                 mov     rdx, [rax+80h]
.text:0000000000006C19                 mov     [rsp+0B8h+var_80], rdx
.text:0000000000006C1E                 mov     rdx, [rax+0A0h]
.text:0000000000006C25                 mov     [rsp+0B8h+var_78], rdx
.text:0000000000006C2A                 mov     rdx, [rax+0C0h]
.text:0000000000006C31                 mov     [rsp+0B8h+var_70], rdx
.text:0000000000006C36                 mov     rdx, [rax+0E0h]
.text:0000000000006C3D                 mov     [rsp+0B8h+var_68], rdx
.text:0000000000006C42                 mov     rdx, [rax+100h]
.text:0000000000006C49                 mov     rax, [rax+120h]
.text:0000000000006C50                 mov     [rsp+0B8h+var_60], rdx
.text:0000000000006C55                 mov     [rsp+0B8h+var_58], rax
.text:0000000000006C5A                 call    sub_AB00
.text:0000000000006C5F                 mov     rsi, [rbx]
.text:0000000000006C62                 mov     rdi, rbp
.text:0000000000006C65                 mov     edx, 9
.text:0000000000006C6A                 mov     [rsp+0B8h+var_50], rax
.text:0000000000006C6F                 call    sub_B010
.text:0000000000006C74                 mov     [rsp+0B8h+var_48], eax
.text:0000000000006C78                 lea     rax, qword_22F498
.text:0000000000006C7F                 mov     edx, 8
.text:0000000000006C84                 mov     rdi, rbp
.text:0000000000006C87                 mov     rsi, [rax]
.text:0000000000006C8A                 call    sub_B010
.text:0000000000006C8F                 mov     [rsp+0B8h+var_44], eax
.text:0000000000006C93                 lea     rax, unk_22F488
.text:0000000000006C9A                 mov     rdi, rbp
.text:0000000000006C9D                 mov     rsi, [rax]
.text:0000000000006CA0                 call    sub_AB00
.text:0000000000006CA5                 mov     [rsp+0B8h+var_40], rax
.text:0000000000006CAA                 lea     rax, unk_22F480
.text:0000000000006CB1                 mov     rdi, rbp
.text:0000000000006CB4                 mov     rsi, [rax]
.text:0000000000006CB7                 call    sub_AB00
.text:0000000000006CBC                 mov     [rsp+0B8h+var_38], rax
.text:0000000000006CC4                 lea     rax, unk_22F490
.text:0000000000006CCB                 mov     edx, 4
.text:0000000000006CD0                 mov     rdi, rbp
.text:0000000000006CD3                 mov     rsi, [rax]
.text:0000000000006CD6                 call    sub_B010
.text:0000000000006CDB                 mov     rdi, rbp
.text:0000000000006CDE                 mov     [rsp+0B8h+var_30], eax
.text:0000000000006CE5                 call    sub_AAD0
.text:0000000000006CEA                 mov     rdi, rsp
.text:0000000000006CED                 mov     [rsp+0B8h+var_28], rax
.text:0000000000006CF5                 call    r12
.text:0000000000006CF8                 add     rsp, 0A0h
.text:0000000000006CFF                 mov     eax, 1
.text:0000000000006D04                 pop     rbx
.text:0000000000006D05                 pop     rbp
.text:0000000000006D06                 pop     r12
.text:0000000000006D08                 retn
.text:0000000000006D08 ; ---------------------------------------------------------------------------
.text:0000000000006D09                 align 10h
.text:0000000000006D10
.text:0000000000006D10 loc_6D10:                               ; CODE XREF: GetResponseAll+3↑j
.text:0000000000006D10                                         ; GetResponseAll+C↑j
.text:0000000000006D10                 xor     eax, eax
.text:0000000000006D12                 retn
.text:0000000000006D12 ; ---------------------------------------------------------------------------
.text:0000000000006D13                 align 8
.text:0000000000006D18
.text:0000000000006D18 loc_6D18:                               ; CODE XREF: GetResponseAll+32↑j
.text:0000000000006D18                 mov     dword ptr [rbx+2A0h], 5
.text:0000000000006D22                 add     rsp, 0A0h
.text:0000000000006D29                 pop     rbx
.text:0000000000006D2A                 pop     rbp
.text:0000000000006D2B                 pop     r12
.text:0000000000006D2D                 retn
.text:0000000000006D2D ; } // starts at 6B80
.text:0000000000006D2D GetResponseAll endp
.text:0000000000006D2D
.text:0000000000006D2D ; ---------------------------------------------------------------------------
.text:0000000000006D2E                 align 10h
.text:0000000000006D30

You need something like that. Replace this instrucitons:

.text:0000000000006BCC                 mov     [rsp+0B8h+var_B8], rdx
.text:0000000000006BD0                 mov     [rsp+0B8h+var_A8], rbx

With:

.text:0000000000006BCC                 JMP 0x44332211
.text:0000000000006BD1                 NOP
.text:0000000000006BD2                 NOP
.text:0000000000006BD3                 NOP

Where the 0x44332211 is relative addr to some space in the code section that is not used by anyone. The space must be large enough to fit your code.

Here is an example of code that could be placed in the space.

.text:0000000001000000                 0x35, 0x35, 0x35, 0x35, 0x35, 0x00  ; (STRING: "5555\0")
.text:0000000001000006  <==            LEA RDX, [0x1000000]  ; The first jump must jump here.
.text:000000000100000E                 mov [rsp+0B8h+var_B8], rdx
.text:0000000001000012                 mov [rsp+0B8h+var_A8], rbx
.text:0000000001000016                 JMP 0xFFFF9449

Where the “JMP 0xFFFF9445” instruction is jump back to addr 0x06bd1 in my example.

i am really new with reverse engineering. i am try to learn.
first i select .text:0000000000006BCC and i follwo edit -> patch program-> Assemble
i enter to box JMP 0x44332211 error says Invalid operand

If you do not understand what to do, you need to create a “paid” request.

The topic is closed.