C++ Memory editing- Editing assembly/writing bytes

Question

At address 10134CE0 I have

10134CE0 - 40 - inc eax

How could I change this (using C++ hopefully with WriteProcessMemory) to make it

dec eax

I know 40 means inc eax and 48 means dec eax but how could I change the 40 into 48?

Answer 1

First, if this is code and part of your program, you should make sure that the segment is writable to you. Otherwise, you cannot dynamically patch your code.

If it is, then the following will do the trick in C (C++ might benefit from using a more beautiful static_cast<>):

uint8_t *code = (uint8_t*)0x10134ce0;
*code = 0x48;

The first line declares a pointer and assigns it the address of your code. In the second line you then use this pointer to overwrite the original instruction.

If you are thinking about patching x86 code in general, note that simply doing this will not suffice. x86 is a packed instruction set and operations may have different lengths. In this case, overwriting one instruction with another might be hard, because the new instruction may be longer and you thereby would overwrite one or more instructions you did not mean to patch.

For such cases, you'll need to disassemble the original code and re-assemble a new instance that you use instead of your old code. For such purposes, I like using udis86 as a disassembler, and AsmJit to create new code on the fly.