The way I'd go about this would be with PatchAPI and pulling some of the abstract classes out of dyninstAPI/src/Relocation. (And yes, I am about to outline use of a machine gun to kill a mosquito, but I trust you want that mosquito *dead*.)
The raw call that's most relevant is PatchModifier::redirectEdge, which will update the CFG representation to reflect the new target you want. However, you'll want a thin Transformer/Widget wrapper (and something doing the equivalent of dyninst's AddressSpace::relocate, again very thin) that goes through each redirected edge and ensures that you can generate a new branch that fits precisely over the old one (and either fails gracefully or falls back to relocation/springboards if for some reason you can't). That's also what will need to emit the modified branches.
(And if you want to cannibalize the branch target modification from the CFWidget class in Relocation, that may be sufficient. But I tend to be paranoid about what the code will/won't do when things go wrong.)
--bw
________________________________________
From: Dyninst-api <dyninst-api-bounces@xxxxxxxxxxx> on behalf of Mohamed Elsabagh <melsabag@xxxxxxx>
Sent: Sunday, September 11, 2016 12:08 PM
To: dyninst-api
Subject: [DynInst_API:] Directly reassemble and patch instructions
Hello,
Is there a way to directly modify the target of a branch without manually assembling the instruction? I don't want to insert trampolines or relocate the code; only modify the target of a specific call/branch instruction. I am currently doing that by manually re-assembling the instruction, then patch the binary directly via patchData() from SymtabAPI. However, that is error prone and there are many cases to handle. I am wondering if there is a better way.
Thanks.
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}