How does one change an instruction with a hex editor?

assembly hex reverse-engineering instructions ida
carboncomputed picture carboncomputed · Aug 20, 2012 · Viewed 10.4k times · Source

I am messing around with some reverse engineering, but I don't know how to change a jnz to jz with a hex editor. I understand it will vary between systems but I'm not sure where to look to find this information. I'm working on Mac OS X 64 bit and I disassembled code with IDA Pro.

Answer

nicomp picture nicomp · Aug 20, 2012

If you've found a jz, it will either look like 74 XX or 0F 84 XX XX XX XX. If it's a 74, change it to 75. If it's the one with 84, change it to 85. This information can be found, among other places, in Intel's manual (volume 2A).

It will not vary between systems, as long as they're all x86 based, and if they aren't then jz and jnz may not even exist..

Related questions

Converting very simple ARM instructions to binary/hex

I've been trying to use this page as well as various other guides to figure out how to express very simple ARM instructions as binary and hex. It seems like it should be a straightforward process to me, but I …

Read More
How do I decompile a .hex file into C++ for Arduino?

I have a hex file that is to be flashed onto an Atmel chip running on an Arduino device. There are certain aspects of this file that I would like to modify before putting it onto my Arduino, but I …

Read More
How to represent hex value such as FFFFFFBB in x86 assembly programming?

I'm learning about x86 inline assembly programming. I wanted to write mov ecx, FFFFFFBB, however the compiler isn’t recognizing it. How should hex numbers like that be written in inline assembler code?

Read More