Code cave explained

A code cave is a series of unused bytes in a process's memory. The code cave inside a process's memory is often a reference to a section that has capacity for injecting custom instructions.

Common uses

The concept of a code cave is often employed by hackers and reverse engineers to execute arbitrary code in a compiled program. It can be a helpful method to make modifications to a compiled program in the example of including additional dialog boxes, variable modifications or even the removal of software key validation checks. Often using a call instruction commonly found on many CPU architectures, the code jumps to the new subroutine and pushes the next address onto the stack. After execution of the subroutine a return instruction can be used to pop the previous location off of the stack into the program counter. This allows the existing program to jump to the newly added code without making significant changes to the program flow itself.

Advantages

Disadvantages

Tools

External links

Notes and References

  1. Web site: Pycave. GitHub. 27 October 2021.
  2. http://www.codeproject.com/Articles/20240/The-Beginners-Guide-to-Codecaves The Beginners Guide to Codecaves - CodeProject
  3. http://thelegendofrandom.com/blog/archives/tag/code-cave Modifying Binaries: Adding a Splash Dialog
  4. http://eryanbot.com/jtp/2012/06/30/game-hacking-utilizing-code-caves/ Game Hacking-Utilizing Code Caves
  5. http://www.progamercity.net/ghack-tut/164-guide-theories-methods-code-caves.html Theories and methods of Code-caves