From 0adfe970129c0238944783d8d30e8942edd9359a Mon Sep 17 00:00:00 2001 From: Seliaste Date: Mon, 23 Mar 2026 15:40:23 +0100 Subject: [PATCH] fixed some printing stuff --- iat.py | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/iat.py b/iat.py index de99567..f0c17a4 100644 --- a/iat.py +++ b/iat.py @@ -18,21 +18,12 @@ def get_used_functions_from_dll(dllname,calls): return res def patch_call_to_new_IAT_entry(pe: lief.PE.Binary, call: dict[str,str], rva: int): - print(call) instruction_offset = int(call["adress"],16)-0x1000000 # We can manually patch the instruction here: FF 15 08 10 00 01 represents `call [0x01001080]` - # print(hex(rva)) pe.patch_address(instruction_offset, [0xFF,0x15,int(hex(rva)[4:6],16),int(hex(rva)[2:4],16),0x00,0x01], lief.Binary.VA_TYPES.RVA) - print([0xFF,0x15,hex(rva)[4:6],hex(rva)[2:4],0x00,0x01]) - # section.content[instruction_offset_from_section+0] = 0xFF - # section.content[instruction_offset_from_section+1] = 0x15 - # section.content[instruction_offset_from_section+2] = int(hex(rva)[:2],16) - # section.content[instruction_offset_from_section+3] = int(hex(rva)[:-2],16) - # section.content[instruction_offset_from_section+4] = 0x00 # TODO: Un-hardcode this! - # section.content[instruction_offset_from_section+5] = 0x01 def patch_calls_to_new_IAT(pe: lief.PE.Binary, imp: lief.PE.Import, entry:lief.PE.ImportEntry, rva: int): - print(f"{imp.name}!{entry.name}: 0x{rva:010x}") + # print(f"{imp.name}!{entry.name}: 0x{rva:010x}") for call in filter(lambda x : x["name"] == f"{imp.name.upper()}!{entry.name}" ,calls): patch_call_to_new_IAT_entry(pe,call,rva) @@ -70,3 +61,4 @@ config = lief.PE.Builder.config_t() config.imports = True # allows the config of the writer to write a new IAT config.resolved_iat_cbk = patch_calls_to_new_IAT # callback after the IAT has been written pe.write("patched.exe", config) +print("Wrote the patched executable as patched.exe") \ No newline at end of file