------------------- Original Code ---------------------------------------------------- 8B 78 24 mov edi, [rax+24h] 45 8D A6 7F 04 00 00 lea r12d, [r14+47Fh] 48 8D 35 7E 12 1F 00 lea rsi, aEmu_firmwareCo ; "EMU_Firmware: Compress workspace" 41 81 E4 00 FC FF FF and r12d, 0FFFFFC00h 01 FF add edi, edi E8 A0 60 0F 00 call cc_malloc 48 8D 35 9F 0A 1F 00 lea rsi, aEmu_firmwareFw ; "EMU_Firmware: FW image buffer" 44 89 E7 mov edi, r12d 49 89 C7 mov r15, rax E8 8E 60 0F 00 call cc_malloc 49 89 C5 mov r13, rax -------------------- Patched Code (mov r12d) ----------------------------------------- 8B 78 24 mov edi, [rax+24h] 45 8D A6 7F 04 00 00 lea r12d, [r14+47Fh] 48 8D 35 7E 12 1F 00 lea rsi, aEmu_firmwareCo ; "EMU_Firmware: Compress workspace" 44 8B 60 1C mov r12d, [rax+1Ch] <-------- replaced instruction 90 nop 90 nop 90 nop 01 FF add edi, edi E8 A0 60 0F 00 call cc_malloc 48 8D 35 9F 0A 1F 00 lea rsi, aEmu_firmwareFw ; "EMU_Firmware: FW image buffer" 44 89 E7 mov edi, r12d 49 89 C7 mov r15, rax E8 8E 60 0F 00 call cc_malloc 49 89 C5 mov r13, rax -------------------- Example: Differences for JLink_Linux_V784f_x86_64 --------------- libjlinkarm.so.7.84.6 002f1cf2: 41 44 002f1cf3: 81 8b 002f1cf4: e4 60 002f1cf5: 00 1c 002f1cf6: fc 90 002f1cf7: ff 90 002f1cf8: ff 90