keystone icon indicating copy to clipboard operation
keystone copied to clipboard
verified publisher icon keystone-engine

Absolute indirect jump

Open eXtreames opened this issue 1 year ago • 2 comments

Is it possible to add (or use) absolute indirect jump using a sequence of bytes - FF 25 00 00 00 00 [8 bytes of address]? Example - jmp 0x123456789 encoded as FF 25 00 00 00 00 89 67 45 23 01 00 00 00. image

eXtreames avatar Mar 11 '24 19:03 eXtreames

Did you find a way to do this? I still haven't...

ru-mii avatar Jan 19 '25 22:01 ru-mii

Patched the keystone code. Changed the logic when processing instructions JMP и CALL. When |(target - source - 5)| > INT_MAX, i manually add bytes (for jmp FF 25 00 00 00 00 (64bit address), for call FF 15 00 00 00 00 (64bit address)) and interrupt further processing of this instruction, proceeding to the next.

eXtreames avatar Jan 20 '25 04:01 eXtreames