This implements the "B0" tactic that implements an old idea: replace the instruction with an illegal opcode, and catch the SIGILL in order to redirect control-flow to the trampoline. The main advantage of this method is that it can patch any instruction since the illegal opcode is only one byte. The main (significant) disadvantage is performance, since using signals is very slow, and this may cripple the performance of the rewritten binary.
To enable, pass the -100 option to E9Tool:
$ e9tool -100 -M true -P print xterm
This should result in 100% of instructions being successfully patched.
This mode is intended for applications that need 100% coverage even at the cost of performance. It is considered an extension, and not the "official" mode of E9Tool/E9Patch.
Note that the actual performance can vary wildly. If there an no illegal opcodes in the critical path or inner loops, the performance loss may be minor.
This implements the "B0" tactic that implements an old idea: replace the instruction with an illegal opcode, and catch the SIGILL in order to redirect control-flow to the trampoline. The main advantage of this method is that it can patch any instruction since the illegal opcode is only one byte. The main (significant) disadvantage is performance, since using signals is very slow, and this may cripple the performance of the rewritten binary.
To enable, pass the
-100option to E9Tool:This should result in 100% of instructions being successfully patched.
This mode is intended for applications that need 100% coverage even at the cost of performance. It is considered an extension, and not the "official" mode of E9Tool/E9Patch.
Note that the actual performance can vary wildly. If there an no illegal opcodes in the critical path or inner loops, the performance loss may be minor.