On Mon, 9 Jan 2012 15:46:45 -0200 Rafael de Oliveira Costa <[email protected]> wrote:
> When I use -w flag to open a program in read-write mode and use 'wa' > or 'wx' to write an instruction, it will change current instructions > and this don't solve my problem because I don't want to change > instructions, I just want to add instructions without change its > funcionality How about using a short jump (2 byte) to redirect the execution flow to a region with enough nops for a near (3 byte) or far (5 byte) jump, then jump to the added code in the .data section and finally jump back to where you left the .text section? Of course that still means replacing 2 bytes from the original function with the jump and then nopping the rest of the original instruction. However jmp doesn't change any flags or registers so you'd just have to provide the original instruction in your added code before jumping back to the original function. [...] ; function with nops at it's end ret nop nop nop nop nop [...] ; function to patch is here push ebp mov ebp, esp ; some code mov eax, 4; replace this with jmp -8 test eax, eax ; more code ret This would become: [...] ; your added functionality mov eax, 4; the replaced code from original func jmp dword $where_you_branched [...] ; function with nops at it's end ret jmp dword $where_added_code_is [...] ; function to patch is here push ebp mov ebp, esp ; some code jmp -8 nop nop nop test eax, eax; JUMP HERE! ; more code ret I haven't tested this approach, but I'm quite confident that it'll work as intended ;)
signature.asc
Description: PGP signature
_______________________________________________ radare mailing list [email protected] http://lists.nopcode.org/listinfo.cgi/radare-nopcode.org
