问题
I am messing around with some reverse engineering, but I don't know how to change a jnz to jz with a hex editor. I understand it will vary between systems but I'm not sure where to look to find this information. I'm working on Mac OS X 64 bit and I disassembled code with IDA Pro.
回答1:
If you've found a jz, it will either look like 74 XX or 0F 84 XX XX XX XX. If it's a 74, change it to 75. If it's the one with 84, change it to 85. This information can be found, among other places, in Intel's manual (volume 2A).
It will not vary between systems, as long as they're all x86 based, and if they aren't then jz and jnz may not even exist..
回答2:
I assume that the correct way to do this is to find out the operation code (opcode) for the instruction of interest. Since you're interested in jz and jnz instruction, I deduce that you are on Intel x86-64 machine. This means you need to look at the Intel's reference http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html. There you may find, I believe, everything you want about Intel's 64-bit assembly. And you'll be able to apply the knowledge anywhere, like, for instance, in editing opcodes in hex-editor.
来源:https://stackoverflow.com/questions/12039220/how-does-one-change-an-instruction-with-a-hex-editor