danyhm
commented
2 years ago I dug a little deeper. it seems some assembly instructions are totally wrong. for example, I have the following assembly
mov eax, cs:dword_7FF780D2B0A0
it's corresponding HEX is 8B 05 D1 C3 14 00 i checked with an online tool to verify:
https://defuse.ca/online-x86-assembler.htm#disassembly2 and the tools gives out
0: 8b 05 d1 c3 14 00 mov eax,DWORD PTR [rip+0x14c3d1] # 0x14c3d7
which is correct.
now i try to change the address or even reassemble the same instruction with keypatch and it gives me this encoded HEX value
2E A1 A0 B0 D2 80 F7 7F 00 00
first of all this is 4 bytes longer and it's a totally different assembly instruction!
0: 2e a1 a0 b0 d2 80 f7 movabs eax,cs:0x7ff780d2b0a0
7: 7f 00 00 why is this happening and how can i fix it?
edit: http://shell-storm.org/online/Online-Assembler-and-Disassembler/ another online assembler/disassembler based on key-stone which gives the correct results.
Hello,
I've installed and worked with the plugin and it's great , however, there is 1 catch
sometimes when modifying some instructions (for example changing their address only) causes keypatch to add 1 extra byte before the assembly like "db 2Eh" (which I'm not sure what is exactly) at the end and causing the next instruction to become nop. but again if patching the same instruction with the same changed address the "db 2Eh" disappears and the correct assembly is emitted.
this is very frustrating as I have to save the next instructions and change them again. also in this process, some instructions are not assembled again because keypatch cannot resolve the address of some addresses (whereas the address was there before!) and this process goes on and on.