On May 3, 2:45 am, Terje Mathisen <spamt...@[EMAIL PROTECTED]
> wrote:
....
> This is of course correct, but I'd like to step back to what I believe
> was the original problem:
>
> The OP needed to make a small modification to an existing binary, right?
>
> This is a well-known issue with old IBM mainframe application, many of
> them has no longer any source code available, but they have still been
> maintained and modified for decades.
>
> The tools used to solve this is a disassembler (to figure out where the
> patch needs to hook in), a compiler/assembler to generate the patch
> code, which can even be in the form of a separate program, loaded at a
> known address, and then finally, the patcher which works similar to a
> linker, modifying the binary image on the fly and inserting a jump
> opcode to branch to the new function.
>
> For an x86 program I would do the same, making a separate patch program
> which loads the original binary (but in halted modus, or with an
> inserted breakpoint) and then patch the function(s) to be modified.
Right. I've done that too. The only possible problem like I said
before is the need to change the existing data structures (in size or
layout) which in turn may require to change some other code elsewhere
that you don't really want to touch. That becomes complicated. But if
only the code needs to be patched, it may be really easy (although, if
the problematic code is scattered due to function inlining, then not).
Alex
|
