0

I'm trying to modify this program and display "it's not the same" only using objdump and a hexadecimal editor.

#include <string.h>
#include <stdio.h>

int     main(int argc, char *argv[])
{
  int   return_value;

  return_value = strcmp("test", "test");
  if (return_value == 0)
      printf("it's the same\n")
  else
      printf("it's not the same\n");
  return (1);
}

Do I used objdump -D and found the line of the JNE instruction. My first question is to know is it a JNE instruction and why not a JE ? Because JNE mean "jump not equal" however I wrote in my condition if return value IS equal to 0.

My second question is in the title, why do I need to increment for change an instruction ? (as in the following link)

How does one change an instruction with a hex editor?

  400526:       55                      push   %rbp
  400527:       48 89 e5                mov    %rsp,%rbp
  40052a:       48 83 ec 20             sub    $0x20,%rsp
  40052e:       89 7d ec                mov    %edi,-0x14(%rbp)
  400531:       48 89 75 e0             mov    %rsi,-0x20(%rbp)
  400535:       c7 45 fc 00 00 00 00    movl   $0x0,-0x4(%rbp)
  40053c:       83 7d fc 00             cmpl   $0x0,-0x4(%rbp)
  400540:       75 0c                   jne    40054e <main+0x28>
  400542:       bf e4 05 40 00          mov    $0x4005e4,%edi
  400547:       e8 b4 fe ff ff          callq  400400 <puts@plt>
  40054c:       eb 0a                   jmp    400558 <main+0x32>
  40054e:       bf f1 05 40 00          mov    $0x4005f1,%edi
  400553:       e8 a8 fe ff ff          callq  400400 <puts@plt>
  400558:       b8 01 00 00 00          mov    $0x1,%eax
  40055d:       c9                      leaveq
  40055e:       c3                      retq
  40055f:       90                      nop

I replace 75 by 76 in the hexa editor and it worked. But didn't understand why. (and by the way, what 0c corresponding to ?)

Thanks

Community
  • 1
  • 1
S7_0
  • 1,165
  • 3
  • 19
  • 32
  • 2
    _"[Why] is it a JNE instruction and why not a JE ?"_ You haven't shown us enough of the assembly code to be able to answer that definitively. But it's highly likely that that `JNE` is jumping to the `else`-clause when `return_value` != 0. _"what 0c corresponding to ?"_ It's the target address, expressed as _a signed offset relative to the current value of the instruction pointer in the EIP register_. – Michael Jul 25 '16 at 15:35
  • Hello Michael, I add the entire ASM code :)) Don't you think that the JMP instruction is rather jumping to the else condition ? – S7_0 Jul 25 '16 at 15:39
  • 1
    No, the `jmp` is jumping to the `return (1);` part. – Michael Jul 25 '16 at 15:39

1 Answers1

1

@Michael explained in a comment why/how JNE is being used.

As for the increment part of your question: it just so happens that the binary encodings (a.k.a. machine language) of your original and changed instructions are 1 apart.

Scott Hunter
  • 48,888
  • 12
  • 60
  • 101
  • In which case will I need to decrement instead of increment ? – S7_0 Jul 25 '16 at 21:24
  • When the instruction you want happens to be encoded with the number you get by decrementing. – Scott Hunter Jul 26 '16 at 00:28
  • @S7_0 if the CPU designer would decide that `jne` is `0x80 0xF0` and `je` is `0x44`, it would be not only pointless to think of increment/decrement difference, but you would have also to deal with different length. Now from 2B to 1B is easy, but when people were cracking some SW, they often needed to go from less bytes to more bytes.... that's where the fun starts. :D (searching rest of code to see where you can shorten it, rewrite it all, then the gained space used for the modification) – Ped7g Jul 26 '16 at 07:35