1

I'm working on a static code injector for ELF files. I need to "steal" some bytes in order to write jump to my code on their place and then execute stolen instructions somewhere in the payload. However I don't know how to automate it. I will need to steal at least 5 bytes for my jump instruction, but obviously not always 5 bytes equal to the whole number of instructions, so I might have to nop several bytes.

What are the ways to distinguish instructions, given bytes in ELF binary( C/C++ preferably ) ?

Improve this question

1 Answer 1

Reset to default
2

The x86/x64 instruction set is variable length and there are no obvious instruction boundaries. You can make use of a length disassembler to figure out how long each instruction is. There are a bunch of them available, here’s a few I found by a quick search:

https://github.com/greenbender/lend

https://github.com/Nomade040/length-disassembler

https://github.com/GiveMeZeny/fde64

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.