How to change the qword memory offset in Hopper Assembler v3?

Question

So I got the following (as an example):

0x00000001000022c4    db    "Apple", 0
0x0000000100002347    db    "Ducks", 0

In a procedure it refers to Apple as such:

lea    rcx, qword [ds:0x1000022c4] ; "Apple"

Now I like this string to say Ducks and so I tried to modify assembly instruction by saying:

lea    rcx, qword [ds:0x100002347]

However when I apply it says something like:

lea    rcx, qword [ds:0x2ace]

Why does it do it? I was able to fix it by going into the hex editor find the hex value, look how much the offset was off and correct it. But it felt cumbersome.

Answer 1

Hopper Disassembler V3 is great tool to do reverse engineering. I have the same problem too. Here is my solution. My Demo arch is x86_64:

00000001000174a6         mov        rsi, qword [ds:0x1004b3040] ; @selector(setAlignment:)

When you see this, it's not mean you could modify the address(0x1004b3040) to whatever you want. Exactly the assemble code is:

00000001000174a6    movq    0x49bb93(%rip), %rsi    ## Objc selector ref: setAlignment:

That means you should convert target address '0x49bb93' The formula is 0x1004b3040 - 00000001000174a6 - 7 = 0x49bb93

So if you want to modify the address to 100002347 'Ducks', you should follow this formula and find the byte length of your instruction, my is '7'

In my demo I'd like to modify the @selector(setAlignment:) to @selector(setHidden:), So I have to convert it with the formula below: 0x1004b2238 - 0x1000174a6 - 7 = 0x49ad8b

So modify the hex code with 48 8b 35 8b ad 49 00, press 'command + shift + H' to show hex editor in Hopper.

Here comes some demo pictures:

Before my work

After my work

My english is not very good, so welcome to reply.