Hello.

This is in relation to a patch I'm working on.

The description is based on IDA's output.

There is a word area in data section called 'Time'.

It's used like so:

mov eax, Time

What I want is a short way to assign a value to 'Time' before the above is executed.

The data to use, I can make available through another register.

If I try something like:

mov Time, ebx

it works when I run the program under IDA, but of course fails when run on its own.

How can I avoid the relocation problem and do the assignment in as few bytes as possible, say 5?

(No more room in the surrounding area).

The above is for 32-bit but if you also have a 64-bit way that would be great.

Thanks in advance.

Another possibility could be:

push ebx

pop Time

Thanks.

The problem is that 'Time' is relocated along with the DLL it belongs to.

Since I'm just inserting bytes (and can't use the convenient 'Time' variable), I have to find a way to calculate its real offset during runtime and use that instead.

Something like:

mov ds:[4500h], eax (assuming Time's offset within the data section is 4500h).

or

lea ebx, offset [4500h]

mov [ebx], eax

It gets weird with these RVAs and such and it will be worse in the 64-bit version of this program.

x64 allows relative addressing, which should make things easier. In x86, you could get eip and add the offset to the value you're searching for, similar to this:

call Relative ; E8 00 00 00 00
Relative:
pop eax
mov dword ptr [eax + Offset], Value

Thanks a bunch.

I'll try it later.

In the meantime, I just did it another messier way.

Then why not share it? Might be helpful even if messy.

also, ollydbg will automatically adjust relocations, if you use its "copy to file" feature.

also, ollydbg will automatically adjust relocations, if you use its "copy to file" feature.

Does it also add relocations for inline patches? News to me but I'd be happily surprised :>

@ deepzero

What!Olly can adjust [or add] relocations - where? Never seen this feature in Olly.So before a longer while I have test it with some dll files without success so how should Olly do this?

So relocs are o good theme to talk about it so till now I found no tool where you can change or add new rva's from a reloc table or a tool where you can create a own table etc.So do you know some tools or something helpfully for this?

Exsample with any command
-----------------------
Loaded ImagBase 009D0000009D1000  - FF25 B4609D00    JMP DWORD PTR DS:[9D60B4]    ; kernel32.GetStdHandle
-----------------------
RVA 1002 in relocs-----------------------
009D374E  - FF25 B4609D00    JMP DWORD PTR DS:[9D60B4]    ; kernel32.GetStdHandlenew added command in code + save
-----------------------
-----------------------
-----------------------
Loaded ImagBase 009E0000 now009E1000  - FF25 B4609E00    JMP DWORD PTR DS:[9E60B4]    ; kernel32.GetStdHandle
-----------------------
RVA 1002 in relocs-----------------------
009E374E    FF25 B4609D00    JMP DWORD PTR DS:[9D60B4]added command from above has still same value 9D60B4 = points wrong of course
-----------------------So how could I now add the address 009D3750 = RVA 3750 <-- to the reloc tabel too?
And how should Olly do this automatic?

greetz

So relocs are o good theme to talk about it so till now I found no tool where you can change or add new rva's from a reloc table or a tool where you can create a own table etc.So do you know some tools or something helpfully for this?

Reloz v1.0
/>http://forum.tuts4you.com/topic/15576-reloz-10/

PS: Buggy.

@ JeRRy

Hey hey!

Thank you for this tool so I did not note this in the past.Have test it with my exsample and it works very well so far.Great.

greetz