Mesopatcher: A Framework for Binary Patching Using Inter-Function Space to Add Additional Code
Faculty Mentor
Antonio Espinoza
Presentation Type
Oral Presentation
Start Date
4-14-2026 11:00 AM
End Date
4-14-2026 11:20 AM
Location
PUB 321
Primary Discipline of Presentation
Cybersecurity
Abstract
Patching software is critical to protect against bugs and vulnerabilities. However, patching is much more difficult when the source code is not available or recompiling the program is too expensive. For example, bandwidth to satellites is relatively low, so uploading an updated program could take a significant amount of time if the program is large. It would be beneficial to only need to upload the patch itself, which is comparably smaller. This project presents Mesopatcher, a framework for applying patches to compiled binaries that does not require source code or recompilation and works on both Windows and Linux executables. Unlike similar systems, Mesopatcher is able to apply patches without increasing the file size of the executable by utilizing pre-existing unused space within the binary. We demonstrated Mesopatcher's utility by applying it to three domains: debugging, bug fixing, and exploitation. A patch was applied to a binary with anti-debugging measures in place to get information about the running program without needing an external debugger. A vulnerable C program was patched to add NULL checks that were previously missing, which caused crashes. Finally, Mesopatcher was used to inject malware into a standard program (ls) to give a hypothetical attacker remote access to an infected machine. The experimental results show that Mesopatcher can effectively extend functionality and patch vulnerabilities without increasing the binary size.
Recommended Citation
Parker, David, "Mesopatcher: A Framework for Binary Patching Using Inter-Function Space to Add Additional Code" (2026). 2026 Symposium. 6.
https://dc.ewu.edu/srcw_2026/op_2026/o3_2026/6
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Mesopatcher: A Framework for Binary Patching Using Inter-Function Space to Add Additional Code
PUB 321
Patching software is critical to protect against bugs and vulnerabilities. However, patching is much more difficult when the source code is not available or recompiling the program is too expensive. For example, bandwidth to satellites is relatively low, so uploading an updated program could take a significant amount of time if the program is large. It would be beneficial to only need to upload the patch itself, which is comparably smaller. This project presents Mesopatcher, a framework for applying patches to compiled binaries that does not require source code or recompilation and works on both Windows and Linux executables. Unlike similar systems, Mesopatcher is able to apply patches without increasing the file size of the executable by utilizing pre-existing unused space within the binary. We demonstrated Mesopatcher's utility by applying it to three domains: debugging, bug fixing, and exploitation. A patch was applied to a binary with anti-debugging measures in place to get information about the running program without needing an external debugger. A vulnerable C program was patched to add NULL checks that were previously missing, which caused crashes. Finally, Mesopatcher was used to inject malware into a standard program (ls) to give a hypothetical attacker remote access to an infected machine. The experimental results show that Mesopatcher can effectively extend functionality and patch vulnerabilities without increasing the binary size.
