Re: Looking for disassembler, decompiler, discompiler or whatever.

"Joachim Durchholz" <joachim_d@gmx.de>
11 Sep 2001 23:11:45 -0400

          From comp.compilers

Related articles
Looking for disassembler, decompiler, discompiler or whatever. zuyihe@163.net (2001-09-03)
Re: Looking for disassembler, decompiler, discompiler or whatever. andyjnsn@ma.ultranet.com (2001-09-05)
Re: Looking for disassembler, decompiler, discompiler or whatever. vbdis@aol.com (2001-09-05)
Re: Looking for disassembler, decompiler, discompiler or whatever. zuyihe@163.net (2001-09-11)
Re: Looking for disassembler, decompiler, discompiler or whatever. mpointie@eden-studios.fr (Mickaël Pointier) (2001-09-11)
Re: Looking for disassembler, decompiler, discompiler or whatever. joachim_d@gmx.de (Joachim Durchholz) (2001-09-11)
Re: Looking for disassembler, decompiler, discompiler or whatever. mpointie@eden-studios.fr (Mickaël Pointier) (2001-09-11)
Re: Looking for disassembler, decompiler, discompiler or whatever. debray@CS.Arizona.EDU (2001-09-11)
Re: Looking for disassembler, decompiler, discompiler or whatever. eanders@argus.EECS.Berkeley.EDU (2001-09-11)
| List of all articles for this month |

From: "Joachim Durchholz" <joachim_d@gmx.de>
Newsgroups: comp.compilers
Date: 11 Sep 2001 23:11:45 -0400
Organization: Compilers Central
References: 01-09-011 01-09-021 01-09-029
Keywords: disassemble
Posted-Date: 11 Sep 2001 23:11:45 EDT

zyy <zuyihe@163.net> wrote:
>
> My advisor wants me to modify an executable by inserting several
> instructions (to the text section). You are only given
> executable.


The details depend on the format of the executable, but in general what
you have to do is this:
1. Identify the place where to insert the instructions.
2. Adjust all data that refers to instruction locations.


#1 should be straightforward if you know how to read disassembly.


#2 can be a pain, depending on how many formats you have to support
and how well-documented they are. Most of the time, you don't really
want to do this; instead, you look at the basic block (basic blocks
start with a jump target and end before the next jump target); code
within the basic block isn't (usually) referred to, so you can do much
as you like within it. Strategy A is to look at the machine code, look
whether you can rewrite it so that the old code and your new
instructions fit into the space. If this fails, strategy B is to
replace the block with a jump to the end the program, append your code
there, and have your code jump back to the end of the original basic
block. (There are obvious variations possible.) With strategy B, you
must know how to enlarge the text section; for A, you need no more
than a disassembler, and assembler (to find out the machine code for
the instructions you're intended to insert), and a hex editor.


Regards,
Joachim


Post a followup to this message

Return to the comp.compilers page.
Search the comp.compilers archives again.