如何在Linux可执行文件中添加/删除x86指令而不破坏对齐方式 [英] How to add/remove x86 instruction in linux executables without spoiling the alignment

问题描述

我是二进制和汇编语言的新手，并对如何直接编辑二进制可执行文件感到好奇.我试图从二进制文件中删除一条指令(根据objdump提供的反汇编指令)，但是这样做之后，可执行文件"似乎不再具有可执行格式(运行时出现段错误； gdb无法识别).我听说这是由于指令对齐问题引起的. (是吗?)

I'm new to binary and assembly, and I'm curious about how to directly edit binary executables. I tried to remove an instruction from a binary file (according to disassembled instructions provided by objdump), but after doing that the "executable" seems no longer in an executable format (segmentation fault when running; gdb cannot recognize). I heard that this is due to instruction alignment issue. (Is it?)

那么，是否可以在Linux可执行文件中直接添加/删除单个x86指令?如果是这样，怎么办?预先感谢.

So, is it possible to add/remove single x86 instructions directly in linux executables? If so, how? Thanks in advance.

推荐答案

如果在不相应调整文件头的情况下删除了二进制文件的块，则它将无效.

If you remove a chunk of binary file without adjusting file headers accordingly, it will become invalid.

幸运的是，您可以用NOP替换说明，而无需实际删除它们.文件大小保持不变，并且如果没有校验和或签名(或者如果没有实际检查)，则无事可做.

Fortunately, you can replace instructions with NOP without actually removing them. File size remains the same, and if there is no checksum or signature (or if it's not actually checked), there is nothing more to do.

没有通用的方法来插入指令，但是通常您会用JMP覆盖原始代码到另一个位置，在该位置复制原始代码所做的事情，根据需要做自己的事情，然后按JMP背部.在不更改二进制文件大小的情况下，为新代码寻找空间可能是不可能的，因此，我会在可执行文件加载后修补代码(也许使用特殊的LD_PRELOAD ed库).

There is no universal way to insert the instructions, but generally you overwrite the original code with a JMP to another location, where you reproduce what the original code did, do your own things as you wanted, then JMP back. Finding room for your new code might be impossible without changing the size of the binary, so I would instead patch the code after executable is loaded (perhaps using a special LD_PRELOADed library).

这篇关于如何在Linux可执行文件中添加/删除x86指令而不破坏对齐方式的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！