I am disassembling a code which has the following je function:
0F 84 FF 00 00 00 : je loc_00000105
I am instructed to bypass the compare function by modifying je to jne. This is a weird case because everywhere i experienced this:
74 F1 : jne loc_fffffff3
Which i can easily change by changing 74 to 75:
75 F1 : jne loc_fffffff3
But i am really confused how can i change:
0F 84 FF 00 00 00 : je loc_00000105 to jne
Any help will be appreciated!
I tried Changing :
0F to 0E
0F to 0B
etc...
74 is the x86 short je opcode, and 0F 84 is the near je opcode.
So this je -> jne short jump opcode patch:
74 -> 75
Would be equivalent to these je -> jne near jump opcodes.
0F 84 -> 0F 85
Here are some opcode tables for reference: