Ani_Skywalker
September 5th, 2011, 05:44
Hi,
I'm quite new to RE. Describing my current level briefly (probably required to understand why I ask my question): Done binary patching, know basic x86 assembly (MASM32), read Eldads book, a couple of books on assembly and some readings on the Intel architecture and the PE-fileformat.
Question 1:
Pretend we are about to patch an executable binary in hex editor, for example NOP:ing a statement. The statement has been translated to several instructions and we NOP each of those instructions out. It will work.
However, the amount of instructions in the binary pre- and post- patch must be equal. If the entire file was 654 bytes before, it must be 654 bytes after the patch. Why can't we extend binaries "on the go"? To me, it seems logical that if extended properly so that the instructions to the processor make sense all the way, it should not be any reasons for this? I'm aware this question is due to my lack of knowledge, but I can't seem to google for the answer
Question 2:
Is it possible to write a binary from scratch in a hex-editor? Is there a guide to do this? If not, where should I read about it? I'd like to do this and also post a blog about it in the near future, I think it could give some insights.
// Thank you in advance, your time is very appreciated!
I'm quite new to RE. Describing my current level briefly (probably required to understand why I ask my question): Done binary patching, know basic x86 assembly (MASM32), read Eldads book, a couple of books on assembly and some readings on the Intel architecture and the PE-fileformat.
Question 1:
Pretend we are about to patch an executable binary in hex editor, for example NOP:ing a statement. The statement has been translated to several instructions and we NOP each of those instructions out. It will work.
However, the amount of instructions in the binary pre- and post- patch must be equal. If the entire file was 654 bytes before, it must be 654 bytes after the patch. Why can't we extend binaries "on the go"? To me, it seems logical that if extended properly so that the instructions to the processor make sense all the way, it should not be any reasons for this? I'm aware this question is due to my lack of knowledge, but I can't seem to google for the answer

Question 2:
Is it possible to write a binary from scratch in a hex-editor? Is there a guide to do this? If not, where should I read about it? I'd like to do this and also post a blog about it in the near future, I think it could give some insights.
// Thank you in advance, your time is very appreciated!