I have a (probably naive) question about messing up the stack pointer. Here is the code produced by gcc for some function "X" (original source code is C/Obj-C)
#---- function "X" entry point -------------------- 0x82699 <>: push %ebp 0x8269a <+1>: mov %esp,%ebp 0x8269c <+3>: push %edi 0x8269d <+4>: push %esi 0x8269e <+5>: push %ebx 0x8269f <+6>: call 0x826a4 <+11> 0x826a4 <+11>: pop %ebx 0x826a5 <+12>: sub $0x2e,%esp ;; <---------(1) ... ... stuff here ... call another function "Y" ... stuff here ... 0x829fe <+869>: add $0x2e,%esp ;; <---------(2) 0x82a01 <+872>: pop %ebx 0x82a02 <+873>: pop %esi 0x82a03 <+874>: pop %edi 0x82a04 <+875>: leave 0x82a05 <+876>: ret #---------------- end of function ----------------- As I understand, instructions (1) and (2) are used to make room for the local variables declared in "X". Hence I would assume that simply replacing in both instructions the immediate value 0x2e with a HIGHER value, say 0x40 cannot affect the execution of the process. Surprisingly (for me) I patched the executable replacing just those 2 bytes and I got: EXC_BAD_INSTRUCTION in a function "Z" called by "Y". I thought that no matter how the source is written [ I do not have the source code :) ], the patch I made must always be harmless, but obviously this is not the case. Thanks for any explaination. Details: - Mac OSX - Objective-C/Cocoa application - Function X is in a shared library filippo cesi Phys Dept, Univ of Rome, La Sapienza
