At 13:54 14.11.2008 +0100, Alessandro Pellegrini wrote: >Everything's working fine except for one >scenario: >mov $i, %eax >incl (%eax) >jmp .FancyFunction > >The incl (%eax) >is a 2 byte instruction, the instrumented code would result in: > >mov >$i, %eax >call MyFunction >nopw > >If somewhere else in the code there is a >jmp to the third line of this example (jmp .FancyFunction), eip will >point in the middle of the address of the call, in the best case >arising a SIGILL signal, in the worst case producing undefined >behaviour. Wouldn't it be enough to rearrange your replacement code to have the nop in the beginning? The your jump would be at the same address again. bye Fabi
