
I'd like to edit the first instruction and change it to jmp 100h (give or take a few bytes) the mov edi,edi takes 2 bytes and the jmp 100h takes 5 bytes (correct me if im wrong)

I edit the machine code to jmp 100h and add a nop to round it to 6 bytes.

.text:08048DD5                 mov     edi, edi
.text:08048DD7                 mov     edi, edi
.text:08048DD9                 mov     edi, edi
.text:08048DDB                 mov     edi, edi
.text:08048DDD                 mov     edi, edi
.text:08048DDF                 mov     edi, edi
.text:08048DE1                 mov     edi, edi
.text:08048DE3                 mov     edi, edi
.text:08048DE5                 add     [ebp+var_C], 1  ; Add
.text:08048DE9                 mov     eax, offset format ; "Message %d: %s"
.text:08048DEE                 lea     edx, [ebp+s]    ; Load Effective Address
.text:08048DF4                 mov     [esp+8], edx

the result looks like:

.text:08048DD5                 jmp     loc_8048D41
.text:08048DD5 ; ---------------------------------------------------------------------------
.text:08048DDA                 db 90h
.text:08048DDB                 db 89h, 0FFh
.text:08048DDD                 db 89h, 0FFh
.text:08048DDF                 db 89h, 0FFh
.text:08048DE1                 db 89h, 0FFh
.text:08048DE3                 db 89h, 0FFh
.text:08048DE5 ; ---------------------------------------------------------------------------
.text:08048DE5                 add     [ebp+var_C], 1
.text:08048DE9                 mov     eax, offset aMessageDS ; "Message %d: %s"
.text:08048DEE                 lea     edx, [ebp+s]
.text:08048DF4                 mov     [esp+8], edx
.text:08048DF8                 mov     edx, [ebp+var_C]

what exactly goes wrong here? How do i keep the rest of the code intact?

Foi útil?


Looks like it works, but the disassembler isn't interpreting the data as instructions. This is probably because of the preceding jmp instruction - the disassembler sees that the code right after it will never be reached, so it assumes it's not actually code (and thus interprets it as straight data).

Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top