Hiii

Guys You Know that you can replace some instruction with another instruction with same function example:'


Retn = POP EAX
JMP EAX

My question is:

Retn instruction take space of memory but the instruction POP & JMP take bigger size of memory


so I tried to re[lace some instruction but that cause the instuction
under the one i want to replace is just disappeard

what is the right method to replace the instruction

Two choices :

1) Be smart and find a way of replacing a block of code with smaller code that does the same thing. For example, if there is a jump, can you replace it with a 'short' jump ?.

2) If you have room for a CALL or a JMP, then you can find a "cave" in the program ( a space where there is no information) and add a subroutine there. Don't forget the relocations if there are any. Utilities exist that will find a cave, add the code and do the fixups automatically for you.

Git

THank you

Useful informations.

wuold you explain more about block replacing with
example ?

I appreciate your help

Hope I've got the numbers right, but the idea should be clear anyway. Look at these two code snippets :

00015F1D 0F 84 03 00 00 00 jz @@1
00015F23 xx xx xx 'old code'
00015F26 @@1 ...



00015F1D 74 07 jz short @@1
00015F1F yy yy yy yy 'your code'
00015F23 xx xx xx 'old code'
00015F26 @@1 ...

The first uses a normal jump as may be in the code you want to change. The lower one has changed that to a 'short' jump. In doing so, it has saved 4 bytes in which you can now add a 4 byte instruction, two 2 byte instructions or a 3 byte instruction and a NOP. If the jump is made both sets of code function identically. If the jump is not made then the edited code has 4 extra bytes filleed with your new code 'yy yy yy yy'

If you wanted to add 4 bytes of code that are always obeyed you could rearange it like this :

00015F1D yy yy yy yy 'your code'
00015F21 74 03 jz short @@1
00015F23 xx xx xx 'old code'
00015F26 @@1 ...

Git

[Please DO NOT quote whole messages, it is a complete waste of time and space]


Thank you Very Much

The Idea is Clear to me now

I Hope I Don't bother you

the last thing I need is the instructions and it's equevlants
would you recommend one to me
Thank you

Work it out for yourself. You need to read "Intel® 64 and IA-32 Architectures Software Developer's Manual" which you can download from Intel. Last time I looked it was in 5 parts :

Optimization Reference Manual.pdf
Volume 1- Basic Architecture.pdf
Volume 2A- Instruction Set Reference- A-M.pdf
Volume 2B- Instruction Set Reference- N-Z.pdf
Volume 3A- System Programming Guide.pdf
Volume 3B- System Programming Guide.pdf

Volume 2 is the most important.

Git

Thank you Very much

I have a Clear start point now

Thank you again