Hi,
is there a way how to check, whether some insctuction is present in provided binary file?

For example, is "add eax, 1" present in "mybinary.exe"?

Thanks
Posted on 2009-06-08 01:36:03 by turok
There are many ways, as always. What kind of binary file do you mean?
Posted on 2009-06-08 03:24:29 by ti_mo_n
standard .exe file
Posted on 2009-06-08 03:26:59 by turok
I think the best way is to decode the instructions or of course you can try doing string searching but that might give you false answers.
Posted on 2009-06-08 06:05:41 by roticv
sure i can decode it and look for it manually, but i need to do it dynamically in assembly. any guidence to do that?
Posted on 2009-06-08 06:25:56 by turok
Read the intel manuals. There are some tutorials on the forums (the opcode series by svin). I remember someone posting a snipplet of how to find the length of the instruction. Stuff like these are helpful.
Posted on 2009-06-08 07:03:34 by roticv
You want to trap execution whenever your target opcode is reached.
Theres a good example (I think by Defiler) whose goal is to log Conditional Jumps via this technique (using the WinDBG debug support api functions).

Posted on 2009-06-08 07:47:04 by Homer
i will look to the opcode tutorials, they look great, thanks for guiding me ...
Posted on 2009-06-08 23:58:31 by turok