Master the fundamental concepts of binary formats through this focused micro-challenge.
Binary patching modifies an executable file directly without recompiling from source. Crackme solvers, malware analysts, and hotfix engineers all patch bytes in place when they need to change program behavior quickly.
The workflow:
offset = VA - section_VA + section_file_offsetFor example, changing a conditional jump from JNE (0x75) to JE (0x74) inverts a license check with a single-byte patch.
You will search a simulated binary for a target byte pattern, show the offset where it was found, and replace it with new values. This teaches the VA-to-file-offset conversion that Ghidra and IDA automate when you edit instructions in the decompiler view.
Changing instruction length breaks PC-relative call and jmp targets in x86 code. Single-byte patches (like flipping a jump opcode) are safest because they preserve instruction boundaries. Signed binaries detect any byte change via hash verification, which is why operating systems enforce code signing on boot loaders and app store distributions. Always work on a copy and document the original bytes before patching.
Implement a conceptual binary patcher in C.
Requirements:
Test:
Three hints are available for this task, revealed one at a time inside the code workspace so you can struggle productively before seeing them.
All starter code and reference implementations are available for your local setup.
View on Github