In order to patch a x86 elf file on Linux, I'm struggling to insert a specific assembler instruction into the binary file without overwriting any of the preexisting instructions.
I've been reading quite extensively Radare2 documentation regarding this matter, and so far found none of the commands described by the doc (wa, wo, wex, i in the visual mode and even the visual assembler) giving me the ability to carry it out.
All of these commands do actually overwrite the instruction located at the offset in which the new instruction gets written.
Knowing that the mov instruction I plan to insert would take at the very most 8 bytes, I've extended the size of the binary file accordingly, via the r2 command
r+ 8 My aim was then to shift all the instructions at the target offset so as to "make room" for the instruction to insert, but couldn't find any command that gets the job done.
Here is a typical example of what I'm aiming at :
Part of the original binary dump :
0x0804848a c745f8000000. mov dword [local_8h], 0 0x08048491 c745f4000000. mov dword [local_ch], 0 0x08048498 8b4508 mov eax, dword [arg_8h] 0x0804849b 890424 mov dword [esp], eax 0x0804849e e8e1feffff call sym.imp.strlen Binary dump after patching :
0x0804848a c745f8000000. mov dword [local_8h], 0 0x08048491 c745f4000000. mov dword [local_ch], 0 0x08048498 c745fc000000. mov dword [local_4h], 0 ; inserted instruction 0x0804849f 8b4508 mov eax, dword [arg_8h] ; following instructions get shifted from here 0x08048492 890424 mov dword [esp], eax 0x08048495 e8e1feffff call sym.imp.strlen Is that even possible ?
wexshould be able to do this. Are you sure it isn't? Worked for me just now. Try something likewex c745fc000000 @ 0x080484980x08048491 c745f4000000. mov dword [local_ch], 0).wes. So try something likewes 0x08048491 8