Re: Getting from TJump to TMethod.Code...
Thanks for the reply. It turned out that the original address doesn't
hold a jump instruction after all, so I took another path.
These are the 7 bytes, as layed out at memory address of the original
method:
$55 push ebp
$8BEC mov ebp,esp
$51 push ecx
$8945FC mov [ebp-$04],eax
Before overwriting the first 5 bytes with a near jump sequence, I
moved all 7 bytes (=4 instructions) to a temporary storage record
and appended another 5 bytes for an additional near jump instruction.
I set the offset of this additional jump to address of the 5th
instruction from the original address. It worked like a charm and
so the patched method is now able to call the original one.
However, I encountered a problem, I'm not quite sure how to tackle.
Namely, if I wanted to use this technique on another method, I'd
first need to look up the dissasembly of the method and determine
the instruction at the 5th byte, relative to the start address.
I need to know where that instruction ends, so that I can:
a.) preserve it in whole
b.) set a jump to skip it
Is there a way to automate this?
Regards,
Aleksander Oven
.
Relevant Pages
- Branch displacement Optimization
... basics of "displacement optimization" in machine ... a typical "JE" instruction on the x86 is ... In early x86 assemblers (and in a few assemblers ... smaller version of the jump instruction. ...
(alt.lang.asm) - Re: Advice on good forth coding
... There is no 32 bit offset. ... Or at least some kind of opcode sometime. ... I explained how the literal instruction worked, ... jump and the location is in the same code section. ...
(comp.lang.forth) - Suggested redcode instructions by others...
... BNC negate increment added to instruction pointer ... CCO copy opcode and addressing modes ... DRN decrements B. if B 0 jump to A, ... EAT subvert process executing at B ...
(rec.games.corewar) - Re: Direct Linux syscalls
... that explains why the instruction isn't really optimized. ... _30 year_ lifespan...and become the architecture used in 90+% of machines ... As a simple example, when a process loads, a "jump table" of address to all ... whether you're calling other user mode code or actually calling into kernel ...
(comp.os.linux.development.apps) - Re: [PATCH -tip v5 07/10] kprobes/x86: Support kprobes jump optimization on x86
... The optimized instructions which will be replaced by a jump instruction ... +struct arch_optimized_insn { ...
(Linux-Kernel) |
|
