Author Topic: 0xE9 opcode in Win32 PE files  (Read 12971 times)

Offline AssemblerX86

  • Jr. Member
  • *
  • Posts: 5
0xE9 opcode in Win32 PE files
« on: September 05, 2015, 03:53:18 PM »
Hi :)

 I was wonder if it is possible to add a new code section (Similar to .text) to a .exe file and add executable code to it? Can I make a jump from a section to another using 0xE9 opcode (Or maybe 0xEA?)? For example if I put (0x66 0xE9 <4 byte address little-endian starting from next instruction>) in the start of .text, and the final address refers to the beginning of .text2 section, will it work?

 I want to know this since I want to use a hex editor to play around with a certain program and want to make it jump to my custom .text2 section rather than the original one.

 Do I need to make the JMP to the virtual address of the section (Once its loaded to memory)? Or physical address (Address in hard disk)?

Thank you!

Offline Frank Kotler

  • NASM Developer
  • Hero Member
  • *****
  • Posts: 2667
  • Country: us
Re: 0xE9 opcode in Win32 PE files
« Reply #1 on: September 05, 2015, 08:38:24 PM »
I'm not very familiar with Windows executables. I doubt if it'll let you do that, and I'm not sure it would do you any good. What happens if you try it?

Best,
Frank


Offline AssemblerX86

  • Jr. Member
  • *
  • Posts: 5
Re: 0xE9 opcode in Win32 PE files
« Reply #2 on: September 05, 2015, 10:04:31 PM »
The executable crashes and the debugger gives (Segmentation Fault). But why wont Windows allow me to do that? Whats the limitation?