Use SIB trickery to encode information #35
Description
On further thought I don't think this will actually work since it involves different encoding lengths, but:
For 32-bit x86 binaries, there are two different ways to encode a displacement-only indirect addressing operation: you can either use the disp32 encoding via ModR/M (mod=b00 and rm=b101) or you can use the SIB encoding, which is activated by mod=b00 and rm=b100.
The SIB encoding, then, can be set with index=b100 to mark an invalid index register and base=b101, indicating that only the displacement is used. The result: two separate encodings for the same displacement-only indirect operation.
The downside is that the SIB encoding is 1 byte longer, since it includes the SIB byte itself. So, the only way this would probably work in the context of steg86 is if a particular binary was already using the SIB form, and could be selectively rewritten to use the non-SIB form + a padding NOP.