Add Patch Address bytecode #57
Conversation
src/ida_pro_mcp/mcp-plugin.py
Outdated
| @@ -915,7 +932,7 @@ def set_function_prototype( | |||
| raise IDAError(f"Failed to apply type") | |||
| refresh_decompiler_ctext(func.start_ea) | |||
| except Exception as e: | |||
| raise IDAError(f"Failed to parse prototype string: {prototype}") | |||
| raise IDAError(f"Failed to parse prototype string: {prototype}") | |||
src/ida_pro_mcp/mcp-plugin.py
Outdated
| bytecode: Annotated[str, "Array of bytecode to patch the instruction with"], | ||
| ) -> str: | ||
| """Patch Address Assemble""" | ||
| ea = int(address, 16) |
There was a problem hiding this comment.
Use parse_address like the other functions
src/ida_pro_mcp/mcp-plugin.py
Outdated
| @idawrite | ||
| def patch_address_bytecode( | ||
| address: Annotated[str, "Address of the instruction to patch"], | ||
| bytecode: Annotated[str, "Array of bytecode to patch the instruction with"], |
There was a problem hiding this comment.
The term bytecode is probably not the most descriptive. Better to write something like: Array of hex bytes (separated with spaces) to patch. Example: 11 22 33 44
src/ida_pro_mcp/mcp-plugin.py
Outdated
| @jsonrpc | ||
| @idawrite | ||
| def patch_address_bytecode( | ||
| address: Annotated[str, "Address of the instruction to patch"], |
There was a problem hiding this comment.
This address has nothing to do with instructions.
|
From watching the video it looks like this relies on the LLM to automagically generate instruction bytes. I am a bit hesitant to merge functionality like this, because it is prone to hallucinations. You would have to use another MCP to assemble using keystone and get the bytes that way. |
|
I'm not entirely sure if this project would want to introduce external libraries like Keystone for implementation, which is why I directly used bytecode as input. Initially, I was looking into whether IDApython had an interface to achieve this functionality, but I only found methods for patching by inputting bytecode. |
|
No, the IDA plugin should not have any dependencies. I think it should be part of #54 as Another option is to add keystone as a dependency to the MCP server itself, but I’m not the biggest fan of that either. Will think about it and get back to you! In the meantime I suggest you code up a simple keystone-mcp, I can link it in the readme. |
|
could you use or
|
|
Thanks @williballenthin, I edited it to |
I notice that it can't patch the assembly, so I add it.
It can be used to deobfuscate some simple obfuscate, like the sample in
Apr.22.2025.mp4