Search code examples
x86mach-omachine-codehex-editors

Can a hex editor be used to edit the instructions in an executable binary?

If I have a binary executable containing compiled C code, can I use a hex editor to edit that binary and change a specific instruction into another one, such as nop or jmp? How can I know the offset of the instruction I want to change?

Yes, this is for educational purposes.

Solution

  • UPDATE: Sorry, missed the Mach-O tag. This list is really for standard x86, not for Mach-O specifically. Still, it's a nice list for standard x86 code :)

    Sure, but you're better off using a tool such as OllyDbg, SoftICE, or Immunity Debugger (a variant of Olly that's designed for reverse engineering). Learning x86 asm isn't actually as difficult as most people make out. You can learn a lot of Win32 assembly from http://win32assembly.online.fr/

    You can get a list of opcodes at http://ref.x86asm.net/ if you're really set on editing with a hex editor.

    More great tools for this kind of stuff:

    • PE Info (free EXE header editor)
    • CFF Explorer (free EXE header editor / rebuilder. more features than PE Info)
    • PE Explorer (commercial EXE header and resource editor)
    • TrID (file type identifier)
    • PEID (executable / packer identifier)
    • IDA Pro (static executable analysis)
    • procmon (activity analysis)
    • procexp (like taskmgr, but way better and more in depth)
    • ildasm (CIL disassembler)
    • ilasm (CIL assembler)
    • RedGate Reflector (.NET reverse engineering tool)
    • .NET Reflector (.NET reverse engineering tool)
    • XVI32 (hex editor)
    • Hex Workshop (hex editor / structure editor)