stackoom
  简体   繁体   中英

Editing assembly bytes with C++ code

 原文  2017-12-10 05:11:36       c++/ assembly/ memory/ share/ edit

Question

I have running process (*.exe file). At address 0x496A42 I have this asm code 

496A42 cmp     al, 14h

I found it in IDA software. How can i change this value to 

al, 18h

in C++, using VirtualProtect..

I unlocked memory with VirtualProtect, but i don't know how to change this value. Would you tell me how to edit this assembly code with C++ code?

I hope to see you answer. Thank you.

1 answers

solution1
 0  2018-02-11 22:13:00

Assuming that ASLR is not enabled, and the .exe is loaded into the default imagebase of 0x400000 and your address is inside the .exe module

The "cmp al, 14" instruction has the corresponding bytes 0x3C 0x14

0x3C would be at address 0x496A42 and the 0x14 operand would be at address 0x496A43

So you overwrite the byte at address 0x496A43 with 0x18 

void Patch(char* dst, char* src, int size)
{
    DWORD oldprotect;
    VirtualProtect(dst, size, PAGE_EXECUTE_READWRITE, &oldprotect);
    memcpy(dst, src, size);
    VirtualProtect(dst, size, oldprotect, &oldprotect);
}

Patch((char*)0x496A43, "\x18", 1);

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question C++ Memory editing- Editing assembly/writing bytes Editing source code of a C++/assembly debugger to include additional assembly information? Assembly Code in C++ writing assembly code in c++ Porting assembly code to c++ convert raw bytes to hexadecimal in c++ or assembly(FASM) C++ or Java Library for automated code editing? Editing plist from c++ code C++ Unicode: Bytes, Code Points and Graphemes Convert assembly to machine code in C++
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM