Reputation: 147
How to change the value on an ADD EAX with C++ knowing the offset
So I have this:
Offset 0x007FF77D is ADD EAX, 0x1F7
And I want to change that 0x1F7 for 0x1F8 with C++, something like
*(BYTE*)(0x007FF77F) = 0x1F8
But for what I know it's not just (0x007FF77F) but I need to add something like + 1, + 2, etc. I'm obviously no expert, so I don't know what it should be.
Upvotes: 0
Views: 513
Answers (1)
Reputation: 364180
In x86 machine code, if there is an immediate, it's always the last byte or bytes, coming after the modrm + optional disp8/disp32.
The last 4 bytes of the instruction are the 32-bit immediate, in native endian, so you can just memcpy 0x1f8 there from an int32_t.
0x1f8 won't fit in a single byte.
Luckily for you, the original value is too big for a single byte, too, so we know it's using a 32-bit immediate.
You haven't shown enough info to tell whether it's using the add eax,imm32 short form with no ModR/M byte, or the add r/m32, imm32 encoding that's 1 byte longer. See http://felixcloutier.com/x86/ADD.html for 05 id (EAX short-form) vs. 81 /0 id (general form), where id = immediate dword.
It's most likely the EAX short form: assemblers normally pick the shortest encoding. But without seeing the raw machine code in the question, I can't give you a guaranteed answer. It's like +1, but could be +2. Or + even more if there are some prefixes that your disassembly didn't show.
But the immediate is still the last 4 bytes of the instruction regardless.
Upvotes: 1
Related Questions
- Trying to shift left by EAX a variable
- Adding an offset to a memory address
- How to shift values to eax correctly?
- Finding offset for code segment in x86 assembly program
- Setting value stored at address using x86 ASM
- Assembly offset calculation rule
- How to change a value stored in an address in x86?
- Increment eax register by 4 bytes
- Increment ecx in assembly language
- Retrieving Memory Offset Address Using Assembly