Jump to content
Community Announcements, Giveaways & More!

How to replace small length instruction with large length instruction

nomanman

By nomanman
in Help & Support

 Share

7 posts in this topic

Recommended Posts

nomanman Newbie

nomanman 0
  •   6 

    • Posted
    Posted

    Basically i want to replace MOVS R1, #0x0 with MOV.W R1, #0x123 .since later instruction requires 4 bytes it is impossible to simply replace in HEX code.


    P.S. I'm trying to hack android native library. I found most hacking tutorials here, so i'm asking this question here  :)


    Guest

    Guest

    Posted
    Posted

    try simplifing it. if you want to for example get 10000 into R0 you could try

     

    mov r0, #100

    mul r0, r0 (multiply)

     

    then nops to fill in the extra unused bytes. just my suggestion as I've never had to do this before

    nomanman Newbie

    nomanman 0
  •   6 

    • Posted
    • Author
    Posted (edited)

    try simplifing it. if you want to for example get 10000 into R0 you could try

    mov r0, #100

    mul r0, r0 (multiply)

    then nops to fill in the extra unused bytes. just my suggestion as I've never had to do this before

    Actually 0x123 is some magic values upon which the library activates device specific functionality. So loading value in R1 is must. And as you told

     

    mov r0, #100

    mul r0, r0 (multiply)

     

    Wont it take more than 2 bytes?

     

    I'm looking for some tuts/exps for code caving for ARM.

    Updated by nomanman
    Guest

    Guest

    Posted
    Posted

    @nomanman oh ok code caving. I didn't really understand what you were asking so I answered it to my best ability. There is a tutorial for code caving but the author wants to keep it secret. Thats all I can say about code caving or I risk myself getting in trouble with the author.

    nomanman Newbie

    nomanman 0
  •   6 

    • Posted
    • Author
    Posted

    @nomanman oh ok code caving. I didn't really understand what you were asking so I answered it to my best ability. There is a tutorial for code caving but the author wants to keep it secret. Thats all I can say about code caving or I risk myself getting in trouble with the author.

    No problems. Can you tell me the name author so that i can contact him?

    movs r0 ,#0 2 or 4 bytes?

    Aren't all thumb instructions 16-bits?

    Please shade more light on this because i'm new to ARM architecture  :)

    Guest

    Guest

    Posted
    Posted

    No problems. Can you tell me the name author so that i can contact him?

     

    Aren't all thumb instructions 16-bits?

    Please shade more light on this because i'm new to ARM architecture  :)

    check your PM for who to contact

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now
     Share
    Go to topic listing
    ×
    ×
    • Create New...

    Important Information

    We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines