6

I have an instructions defined from address+1 onward and a byte at address. I'd like to undefine the instructions from address+1 onward and redefine them from address using MakeCode or something similar.

So far I have not found any functions to undefine instructions. Any pointers on where I should be looking?

  • 6
    MakeUnkn() (see http://www.offensivecomputing.net/papers/IDAPythonIntro.pdf page 48) is probably what you're looking for. – Guntram Blohm Sep 26 '14 at 10:05
  • In versions > 7.4 of IDA some functions have been moved (https://hex-rays.com/products/ida/support/ida74_idapython_no_bc695_porting_guide.shtml). The MakeUnkn function has been moved/renamed to ida_bytes.del_items – user3238415 Jul 20 '21 at 10:00

1 Answers1

5

Here is a POC from some code I wrote a while back. 

def fixTheJmpCalls():
    # kind of slow to loop through all the functions and instructions but it works 
    # flaw: only defined functions will be traversed.this. 
    for funcea in Functions( SegStart( here() ), SegEnd( here() ) ):
        for eai in FuncItems(funcea):
            if GetMnem(eai) == "jmp" or GetMnem(eai) == "call":
                if GetDisasm(eai)[-2:-1] == "+" and GetDisasm(eai)[-1:].isdigit():
                    print "Broken Instruction: %X"%eai, GetDisasm(eai)
                    code_addr = GetOperandValue(eai, 0) 
                    fix_addr = code_addr -1 
                    MakeUnkn(fix_addr,1)
                    MakeCode(code_addr)
alexanderh
  • 1,062
  • 8
  • 14