1.13. GOTO OPERATOR
Place the cursor to addressJMP(0x410), press F3 (edit), press zero twice, so the opcode becomesEB 00:
Figure 1.33:HiewThe second byte of theJMPopcode denotes the relative offset for the jump, 0 means the point right after
the current instruction.
So nowJMPnot skipping the secondprintf()call.
Press F9 (save) and exit. Now if we run the executable we will see this:
Listing 1.104: Patched executable outputC:...>goto.exe
begin
skip me!
end
The same result could be achieved by replacing theJMPinstruction with 2NOPinstructions.
NOPhas an opcode of0x90and length of 1 byte, so we need 2 instructions asJMPreplacement (which is
2 bytes in size).
1.13.1 Dead code.
The secondprintf()call is also called “dead code” in compiler terms.
This means that the code will never be executed. So when you compile this example with optimizations,
the compiler removes “dead code”, leaving no trace of it:
Listing 1.105: Optimizing MSVC 2012$SG2981 DB 'begin', 0aH, 00H
$SG2983 DB 'skip me!', 0aH, 00H
$SG2984 DB 'end', 0aH, 00H
_main PROC
push OFFSET $SG2981 ; 'begin'
call _printf
push OFFSET $SG2984 ; 'end'
$exit$4:
call _printf
add esp, 8