Patching a binary file with dd

From Leo's Notes
Last edited on 14 June 2020, at 22:21.

Suppose I know an instruction in a particular offset after disassembling a binary file. You can use the dd utility to change or patch a file.

dd if=nprobe bs=1 count=6 skip=$((0x1430C)) | xxd
6+0 records in
6+0 records out
6 bytes (6 B) copied, 0.000122275 s, 49.1 kB/s
0000000: 0f84 5401 0000                           ..T...

I want to change the above from a jz to jnz like so:

# echo "0F 85 54 01 00 00" | udcli -64  -x
0000000000000000 0f8554010000     jnz 0x15a

Overwrite the byte (or bytes) like so:

# printf '\x0f\x85' | dd conv=notrunc of=nprobe bs=1 seek=$((0x1430C))
2+0 records in
2+0 records out
2 bytes (2 B) copied, 0.00097866 s, 2.0 kB/s

Verify:

# dd if=nprobe bs=1 count=6 skip=$((0x1430C)) | xxd
6+0 records in
6+0 records out
6 bytes (6 B) copied, 0.000136555 s, 43.9 kB/s
0000000: 0f85 5401 0000                           ..T...

To patch libnprobe so that it doesn't stop after 25000:

# printf '\x0f\x85' | dd conv=notrunc of=/usr/local/lib/libnprobe-7.1.150608.so bs=1 seek=$((0x47e97))
dd if=/usr/local/lib/libnprobe-7.1.150608.so bs=1 count=6 skip=$((0x47e97)) | xxd
0000000: 0f85 d700 0000

This will effectively disable the limitation by always jumping regardless of the count.