Reputation: 1312
IDA Assembly change jump destination
I'm new to reverse engineering and i'm trying to change a
__text:001C2BE4 jz loc_1C3180
which jumps to
__text:001C3180 loc_1C3180:
into a jump to another subroutine. (__text:00128DC0 sub_128DC0:)
However, I don't yet understand how to do this. I can change assembly by editing the hex values but as loc_* is just a name given to the subroutine by IDA I don't know how to do this.
Could someone explain how to go about changing the destination of a jz?
Thanks.
Upvotes: 0
Views: 4558
Answers (1)
Reputation: 28839
As it turns out, loc_1C3180 is not just a name given to the subroutine by IDA - it is in fact derived directly from the (image-relative) address of the loc-ation being jumped to, which in this case is 0x1C3180.
jz is followed by an (in this case) 32-bit signed offset, which is added to the instruction pointer, if the condition is met.
The signed offset to use can be calculated with the following formula (note: may wrap around)
JumpOffset = Address of jump target - (Address of Jump instruction + 5)
The +5 comes in because that's the length of the jz instruction including the offset.
Upvotes: 2
Related Questions
- IDA pro understanding disassembly specifics
- Assembly - jump instruction in machine code
- disassembling, changing and assembling DLL file
- IDA pro asm instructions change
- How to analyze the indirect jump in assembly code
- Changes to the program. IDA disassembler
- How is this instruction calculating jump destination?
- Jump to the middle of an instruction
- Indirect jump destination calculation
- Reverse Engineer Simple Application with IDA Pro 5