Change assembly opcode

Question

I have the following code: enter image description here

I am using IDA PRO. I am trying to patch this code and change the line mov eax, [rax+10h] to mov eax, 3. mov eax, 3 is B8 03 00.

I do this in the hex editor and when I change the code from

8B 40 10 8D 48 01 41 89 4B 10 EB 05 B8 01 00 00

to

B8 03 00 8D 48 01 41 89 4B 10 EB 05 B8 01 00 00

I get B8 03 00 8D 48 in the same line which is a different command than what i intended.

what am i doing wrong? how can i make this change?

enter image description here

This is a 64-bit program, the assembler between your ears is running in 16-bit mode. — Hans Passant, Jul 25 '14 at 20:27
it is 64bit but i do not understand your reply. what should i do to make it "mov eax, 3" instead of the current code? — dandan, Jul 25 '14 at 20:36

rkhb · Accepted Answer · 2014-07-25T21:34:20.690

4

These are the machine codes for mov *a*, 3 in 64-bit mode:

mov eax, 3:  b8 03 00 00 00
mov  ax, 3:  66 b8 03 00
mov  al, 3:  b0 03

As you can see mov eax, 3 needs 5 bytes. You can try:

6a 03    push 3
58       pop rax

But you'll get trouble with the following instruction lea ecx, [rax+1]!

edited Jul 25 '14 at 21:34

answered Jul 25 '14 at 21:21

rkhb

+1, but remove the last line. The following `lea` instruction does not dereference. – user1354557 Aug 20 '14 at 23:02

1 Answers1