Originally Posted by
matsp
If you mean "how do you replace an existing bit of code with a jump that does the overwritten code wher the jump lands", then it's pretty simple - of course, you DO need to find a space to store the code you jump to.
There are several ways to find some place for the code:
- allocate some more memory with execute privileges by the Win32 API -
- by replacing some "Unused code", e.g. some error handling code that only happens when the application does something unusual, like running out of memory or dividing by zero or some such that doesn't happen under normal operaiton - there's usually "unused" code in any application -
- if nothing else, overwriting the "exit-code" that leaves the application is always an option - it may not be able to exit nicely any longer, but who cares...
No, I haven't done exactly this sort of hacking, but I have replaced code in executables/binaries for professional reasons at work - and there's USUALLY some place to put the code even in a fixed size binary.
So, once we've found a target code and some place to put our "extra" code, we do:
- insert a "jmp my_code" in place of some other instruction(s).
- add those "other instructions" at the beginning or end of "my_code",
- my code also does whatever it is that I wanted to do that wasn't in the original code, say increase my points in the game by 100 every time the letter K is pressed, or add more lifes to my player when I press "&", etc, etc.
- jump back to just after the "jmp my_code", making sure this is a valid instruction.
--
Mats