0

I am trying to change the code section after compiling but before linking (after obj is created but before it is linked to an exe).

I am able to locate the code section and add any number of NOPs to its end and the exe works fine; however, if I add a NOP to the beginning or middle of the section, the exe crashes.

I did update all the sections headers (pointer to data & pointer to relocations) according to the change size (delta), but I'm probably missing something else I need to fix. Since it works when I append to the end, it feels like an in-section-offset problem.

Mike LS
  • 1
  • 1
  • Yeh you are likely missing the concept of RIP relative addressing. First google hit seems pretty explanatory. – Pyjong Apr 21 '17 at 14:15
  • 1
    No wait, this one is better http://www.nynaeve.net/?p=192 – Pyjong Apr 21 '17 at 14:24
  • @Pyjong why would relative addressing be the issue here? If he's adding the bytes to the beginning of the section, all instructions should shift. What I'm assuming is that the absolute addresses are breaking. Try patching all absolute addresses using the relocation table, and also don't forget to change the entry point to the new location of the old beginning. – user2073973 Jun 29 '17 at 12:01
  • @user2073973 those are 2 different terms: RVA (the thing you are talking about) and RIP relative addressing (the thing I was talking about). Hence the link. – Pyjong Jun 29 '17 at 12:05
  • The question at this point may have nothing to do with RIP-relative addressing even if you assume an x64 binary is being used. If NOP is "inserted" in the middle of an instruction, a crash will likely result. If a NOP is "inserted" between instructions, relative addressing for the following instructions will likely break. If an instruction is replaced with NOPs, you must ensure you NOP out all of the instruction's bytes which depends on instruction. Replacing one of the bytes with a NOP and not all can change the instruction to something other than a NOP. – byteptr Jul 09 '17 at 16:54
  • Even if you successfully NOP out an instruction, you can still crash depending on what the rest of the program is doing. Do you have an idea of what you are NOPing out? Can you post a disassembly? – byteptr Jul 09 '17 at 17:01

0 Answers0