Joined: 29 Nov 2016
|Posted: Fri May 12, 2017 3:36 am Post subject: Is there any downside/limit to using a large offset for cmp?
|This is more of a general question, but what I am currently doing is requiring me to compare an instruction's address with a constant one.
I am trying to selectively nop several (3-4) instructions that do inc and dec, and one mov, all using rdi+18. As they all change other addresses as well, I am not able to simply make a script that nops it, I have to have it compare an address with a constant value to (rdi + an offset) so I am able to make the script only do nothing when it is about to handle the address I want to remain unchanged.
The question I am asking is - is there any downside to simply looking for a constant using normal scans, subtracting the address from the address that holds the value I want nopped, and using that as my offset?
I.E say my found constant's address was 445 and my address with the value is D, I would use an offset of 438.
Obviously the real offset would probably be huge.
What I am wondering is, will that work? are there any downsides? because using dissect data structure has been kinda iffy due to it not really working well with a bunch of addresses plugged in (as the offset I use must be different to the equivalent value of the other addresses changed by the opcode.) It's also a lot of work, and finding a constant is looking to be really difficult work, I have yet to confirm even one constant, so I am still on my first opcode.