edit instructions directly in visual mode

Asked 8 years, 11 months ago

Modified 4 years, 1 month ago

Viewed 10k times

2

I know we can edit opcodes in radare2's visual mode using i.
But is there any way to edit instructions directly in visual mode?

In my case, the instruction is:

jae 0x8048450

And I want change it to:

jnbe 0x8048450

edited Oct 29, 2021 at 7:32

1177 bronze badges

asked Dec 22, 2016 at 12:31

911 gold badge1 silver badge8 bronze badges

Add a comment |

2 Answers 2

Sorted by:

3

This is called assembling - the reverse of "disassembling".

You can do so with the command wa (presumably, "write assembly"). It can be found in the Radare2 cheat sheet:

wa jnz 0x400d24

answered Dec 22, 2016 at 18:40

2,3642 gold badges17 silver badges30 bronze badges

Thank you for answering, when i run wa jnbe 0x8048450, radare2 write ja 0x10090882. radare2 result: Written 6 bytes (jnbe 0x8048450) = wx 0f874a840408. why?

ali
– ali

2016-12-22 23:28:30 +00:00
Commented Dec 22, 2016 at 23:28
@ali: because they are the same, and – apparently – radare2 defaults to the jnbe notation.

Jongware
– Jongware

2016-12-23 00:02:36 +00:00
Commented Dec 23, 2016 at 0:02
But i think jnbe 0x8048450 and ja 0x10090882 are not same operations. I received SIGSEGV after this change!

ali
– ali

2016-12-23 13:36:15 +00:00
Commented Dec 23, 2016 at 13:36
That's a bit confusing. Are you talking about the difference between ja and jnbe? Because they are exactly the same instruction (look at that web page I linked to–their codes are the same!). But the address in your examples are not the same, so it should not be surprising you get a different result. It also has nothing to do with the segfault–you changed the code, and so you probably broke something.

Jongware
– Jongware

2016-12-23 14:30:15 +00:00
Commented Dec 23, 2016 at 14:30
I looked, thanks. Problem are addresses. 731c jae 0x8048450 after wa ja 0x8048450 --> 0f8718000000 ja 0x8048450 and it's not true. And 731c jae 0x8048450 after i + 771c --> 771c jae 0x8048450 and it's true. wa ja 0x8048450 and i + 771c should be same. am i right?

ali
– ali

2016-12-23 20:25:09 +00:00
Commented Dec 23, 2016 at 20:25

Add a comment |

1

In visual mode, you can use the A command, to launch the interactive assembler, type your opcodes, and see in real time the corresponding hex code.

You could have found this command by typing ?, to get help, in visual mode.

answered Dec 23, 2016 at 12:02

2,52618 silver badges23 bronze badges

thanks, it's so useful! What is your idea about my commented issue?

ali
– ali

2016-12-23 13:51:27 +00:00
Commented Dec 23, 2016 at 13:51

Add a comment |

Start asking to get answers

Find the answer to your question by asking.

Explore related questions

See similar questions with these tags.