我可以将汇编语言命令和数据添加到现有二进制文件中吗？

Question

This question is mostly about my experience with Hopper - The OS X and Linux Disassembler although conceptually I think it would also apply to other Disassemblers like IDA . The tools allow one to see the assembly code representation of the (hex) code that's in a binary file:

It also allows a way to modify the assembly instructions, such as replacing a je command with a jne command. They have a hex view , too, so it's easy to see what changes are actually happening - but from what I can tell, these are basically just a nice front-end for hex-editing - meaning I tell it to change JE to JNE and a 74 becomes a 75 .

However, Hopper has an option that says "Produce New Executable":

And the assembly editor dialog says "Assemble and Go Next":

I think the answer to this question is "No" - but just so I understand - there isn't a way to add code to a assembled / compiled binary file, right? The rest of the commands saved into a compiled program are referencing file offsets to other sections - so it would not be possible to add additional commands into a procedure, because they would mess up the offset for commands that come afterwards - causing code that comes earlier to jmp to the wrong place and all sorts of bad things like right - right? Editing existing commands, NOOP s, changing strings, anything without changing the "footprint" of the program are OK - but not adding code - correct? The only way it seems like it might be possible to add code in would be at the very end of the file, but even then I'm somewhat doubtful that it would work.

Do I understanding the capabilities of disassemblers correctly, in that: They can show the code, and even give representations of the functions used to create them (sometimes) but they are not really compilers per se? Or, are they good enough to actually keep up with all the offsets / references and actually rewrite them and truly produce a new executable with additional code and strings injected right in the middle?

ps: I apologize in advance if what I'm asking sounds malicious ( I don't think it does ) my goal is not to pirate software, but just to understand how programs are written, compiled, and interpreted. I'd like to eventually be able to write programs directly in assembly for ATMega chips, and as a beginner to assembly looking through existing programs has been far more interesting than reading tutorials online (although I'm doing both).

Answer 1

A disassembler like IDA can produce a source file of the executable. However, in my experience this is not really working out of the box, so you can't simply disassemble a file and then reproduce the executable, without doing a lot of manual work. For complex programs, it is not guaranteed to have a full dissassemble either, because the disassembler may not recognize all of the code and data sections correctly. So before you can assemble the output, you have to do a lot of reverse engineering to make it work. Of course, once you made it work, you can add code as you want.

Since IDA is very advanced, I don't think that Hopper can do it either.

Depending on the kind of changes you need, it might be easier to inject the code in memory with a seperate application or replacing a library with your own version.