From e9e29568fc9e9b18e3e24eff0e15f653b0eb019f Mon Sep 17 00:00:00 2001
From: pbonilla <pbonilla@student.42.fr>
Date: Wed, 21 Feb 2024 13:13:17 +0100
Subject: [PATCH] it works time to clean up

---
 .vscode/settings.json                       |   3 +-
 a.out                                       | Bin 16056 -> 0 bytes
 ft_printf/libft/Makefile                    |   1 +
 ft_printf/libft/ft_strnstr_nullterminated.c |  17 +++++++++
 ft_printf/libft/libft.h                     |   2 ++
 includes/woody.h                            |   4 +++
 payload                                     | Bin 40 -> 43 bytes
 print                                       | Bin 4696 -> 4704 bytes
 print.s                                     |   5 ++-
 srcs/woody.c                                |  37 +++++++++++++++-----
 10 files changed, 57 insertions(+), 12 deletions(-)
 delete mode 100755 a.out
 create mode 100644 ft_printf/libft/ft_strnstr_nullterminated.c

diff --git a/.vscode/settings.json b/.vscode/settings.json
index 2386c0c..258e317 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1,6 +1,7 @@
 {
 	"files.associations": {
 		"stdio.h": "c",
-		"mman.h": "c"
+		"mman.h": "c",
+		"stdint.h": "c"
 	}
 }
\ No newline at end of file
diff --git a/a.out b/a.out
deleted file mode 100755
index 9c336ffb10a06c00d205eda9400c80cb8946baf9..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 16056
zcmeHOYit}>6~4QP6E{s_Cv9lrgk}f@^&wBZiEX8iH0#GE<6<Wvaa4+0CS&i|UTGg;
zceb$$DlP%aDv6Z-;LQ(;kWz_Oga{-DA+e<;X^|)izk*Pu5E|r46r2FXfSTbuGv}<w
z(=|aAe?W7kneU#*cki8Z@66uWx%V@v{+;nyOi5a#9#kY9Z1y!tHq3T%29Q+S)C!z8
zs@v5P$csIlZ%_IFtDi2$=VK%57XgX4mNIp4gRfSC(n3PwEtKx01|bP5z7FCwkb&he
zp5Y1v#a^pVBQlcaooo08i-JKOHD#*RcbM8fAHT$L`6{FENF?4X%zK4-f-~GsL5U~D
zgpO?-&oH*ZMoBQt8)IG=dwrS`q&g_=zv86dOMQEpw^;LvQDJQN)k;w6`zUxz+4i4+
zbn`y0Z=rrLIR1hhUbQ)!8R~4`oK3f8Gx_p(>-e_L*3NdlRM5A0)l<7P95kkO?LMGT
zOqFyTMirm*Whswrx3Zo56B`y?`{DNvZpyCvw(<S@cf9l1@9uq_e5l>TAs<Rqo(vI^
zWqgp2Kh&QhHRqMOV85306bqczLBG0=tsgqAj(%(bJ+-r5IfobUr}l2b@vdZ=!{e4Y
zlF3`y%oDcC9V!+ad)QH?i5?g>OO91^%$$|UE0U=LI@PZJzV04#i@rtgsO7h|E3<EK
zz)agkdo)vW?Bd`+PqvV^2d$y3jp9agg*+E$`mS{y(ZD!*Acn~MM_k<los6e)OXeo(
zl@8YZ;F&L@8{(>qFHG)pxxbRDd_$G*W6>+tHzs|%=taJ`!`D+EQ|u&N3h0C5VmhFg
zF-V-5fZlulaY3^Iy+4k8!+F-zy+-3PN>K!&2t*NxA`nF&ia->BC<6aq5%_b{?f)>2
z{Grh}+VJbmN*SN8I&t^BapdL3m%IygJH8I}HTOf`05ok><WKJe>e`#XbzS!a$*{iQ
zS$madhg=TIiMRSH7d~NBE*nSQnAtm+N>mfC8ppT)9HqEx_QUfpBYM-u&w2Ghe+C-k
zc*ALeduN?BXj&)b(X^Y~OHCUm$?+vd_*Xptj?WU@b=|1U7%%>Dhw<X<A|rOzxNzOM
z6$LbK0gdjZk*1Akr|_x$liRytR^@vR7)Q2W){!+TSDfX>(e1y7Fue}fIi1GoY(oqD
zVvm74kN@Uj7^$EG;31eATK_VbMkO_EoJ-Bn%Y$(=HDmnkqEY!Nj3>$Xf%CA>LXTr$
z=0`L+H!80gm2=Zm*Im~*dSH4AD&_vlgICcVRE5`9wca6zC`A#7A`nF&ia->BC<0Lg
zq6kD0h$0Y0Ac{Z~fg494Mqj(uFS@@CuJj7JVa9dSzz2ZGfc?Pl03QX?H^S6a*Znb&
zzGYI1J+V*4#+zg7moIHRfe%%rr*HO+@c%G5^e**2o!x;febYVlC)d@0YGw1zm1`er
zy7_S9q}tJP-`!j9@IDU`|4|&z!B4)qkvr)f9N!A*sV-{gQ>f1Zs?^HnFT{IREQx;%
zEh0sfq6kD0h$0Y0Ac{Z~fhYn|1fmE;5r`u2za0TtS19WUWsM-MRiw1shuXr$6)Zo`
z>kerhC?#31xZW3)yfU@0EbA8OJ&Tgq|9agmkbH_48_L?k$;G6dTaS8??aO?%dWP|4
z#<h%V7zLQ7rg%M~taTKBdLN`DYl3g{Mb*rU8AZRB8z$|pvL6<4dP&N=on`U+r|VxI
z;_9jJN!GhwjmyIqUr&~}<Mq>%SF`=^EX#Fp@&7fD_2A(G+k!96VdKA%W!-7mB~ks_
z>1A%Ua?Uv3LF;{+8cyGxsJhj+FIUbbs;3@kYS8tE_w4C?MAw(8T|GVbX?GqND(9WD
zmT1#E^tRSS*%K2_ZrP%@wco|+a5XiV;<;E|b!!UFP=Cc>ImQ9iSbqz!o<H?x93S3K
zgyKOw(pN+Jt*n>(38I(!aE_@KHIVdW>2F${9aHa9a)0<%r9O=em0!C*+3-cre@*Rv
z6aSOQ)NB7j*F}o~V)!@Yk|rh0VZCzBdj7Ym@Ob&9N4rHW*5>$>yNn~I*4FMjvCbk>
zZ@u>#1Vj_3046;>o-)aR64?aw&1zjOo?_hw{p$ECCC?|(Kgj;!az5gfFJ5!_ap+gY
z*QxM$9wj|pf#&=2V@f>^eKY!ZZ*r~-%Jo9O8kU1RPQ3rJp#K#6%Xkph)9l~J&sU2L
z$2`4w&Ed1qQ#-@;z5u;8=T^&|gML#@n#){<esvsA`_OovhJF>|tR;P4-cEvz8^c8>
zp%<_q-Wtl7jy0;FC^_Yk5q((AEuJ@>oH<O(=S%QR7tGOYVaUpwX{S&unO1pR4Ht5U
zvbJNV^|tyRw5C5}TE(I@VcL18IH5+0R?arl<y>w8lz?Qy)0yX58nd(6;X>Lr9lPY9
zWv01vU)Mm&OzrM9v3$Sxk=<PbeLYZPqlB3<*lP6dQ|7MzJ>6aX=ANB9_ooKU!LIK9
z6d2*{1WDOMaHEX_cG_|*<y{R*A;I580Ac=?0yAAIm}6ExP1_Cn_P{Hh$(!YpomL0{
zPUcXl#9VJfgY0#vHHG#wm?riu$Ys)ohPt~H=I@%AUjPLY-IKPJ(n}LL#~K1UMIXl`
zm&s#`#37~UvE4!+&6jm-yf|bRor!>IsGPwDm`s{gUEO`HG+;dUF{?DD^z=j?Rru%>
zeaqu^v6Ly~=LsfkMLTN|fpdqlj?%rh>d5M&1&EX>*~3bA>~V-Rg5X{7dO)|wc+8BY
zQJP488UEn$8Ing;RxX3Wd^&=!bd1^@2IJiQ^Imf_U&1YhXT6`o``Bc@#AeS|@`NA6
zL30%0FSK8ad@0Gi#Fvz!?RY_cc;6QN-yTfzyb~S$t_At>yDF%OBV(BVF!XO@jw9`t
zd7z-w&(pDYwci4t=77SNd7|KRTrahe;w;xM^R*0gG!+p3BsWk{=9zHu5|t55pM*ej
zIN{5@O>iYUOZ&x7@JZNdPAIa>3kBPlA8tRZ)p2B~$-<X;s$i8JrT*~se}(zo>?iYH
zL5UObDIexP3mwHo%CG%?@b8Gc55UDs;r{<7v_Zbcyc#l3Kz^PCPlotOHVBH}Li|%9
z{$3^s-iUuD#6QRc!G}TvCS2Z6LVTIG2+I4Gv_BlbpE18Sr_$JyG3+n0;4hdj<45Lk
zg6&+Kfbc~AO^Clu^DTnUizB0qA5mXHhVBu0zmfMy*=HH{7g_KsxJ?1R%%iJ3Q4v45
zcu8czcc7)QEA`9#R`$)x{#d&IC<#yc@w?Db7YkqBGp9C_H<sf1P&*4>a0$pkzDlxd
zn~wuErk~M5@^X-=EU91SlLO2bz0jzxU|PlXvwO`XeEA<h48jkhj2-bI9OnYZxdHEo
tj>f25w>($qeJtEYsMHL-NFlu?75SnUE6#dA)8u;m*J)!VQp*ka{{mI~2?hWF

diff --git a/ft_printf/libft/Makefile b/ft_printf/libft/Makefile
index 0ff9c4e..9bfb217 100644
--- a/ft_printf/libft/Makefile
+++ b/ft_printf/libft/Makefile
@@ -41,6 +41,7 @@ SRCS  =		$(SRCS_PATH)ft_atoi.c \
 			$(SRCS_PATH)ft_bzero.c \
 			$(SRCS_PATH)ft_strdup.c \
 			$(SRCS_PATH)ft_strnstr.c \
+			$(SRCS_PATH)ft_strnstr_nullterminated.c \
 			$(SRCS_PATH)ft_calloc.c \
 			$(SRCS_PATH)ft_substr.c \
 			$(SRCS_PATH)ft_strjoin.c \
diff --git a/ft_printf/libft/ft_strnstr_nullterminated.c b/ft_printf/libft/ft_strnstr_nullterminated.c
new file mode 100644
index 0000000..3f13db2
--- /dev/null
+++ b/ft_printf/libft/ft_strnstr_nullterminated.c
@@ -0,0 +1,17 @@
+#include "libft.h"
+
+char	*ft_strnstr_nullterminated(const char *big, const char *little, size_t len)
+{
+	size_t	len_l;
+
+	if (*little == 0)
+		return ((char *)big);
+	len_l = ft_strlen(little);
+	while (len-- >= len_l)
+	{
+		if (*big == *little && ft_strncmp(big, little, len_l) == 0)
+			return ((char *)big);
+		big++;
+	}
+	return (NULL);
+}
\ No newline at end of file
diff --git a/ft_printf/libft/libft.h b/ft_printf/libft/libft.h
index 93441d3..fd6ed1d 100644
--- a/ft_printf/libft/libft.h
+++ b/ft_printf/libft/libft.h
@@ -37,6 +37,7 @@ int				ft_strncmp(const char *s1, const char *s2, size_t n);
 size_t			ft_strlcpy(char *dst, const char *src, size_t size);
 size_t			ft_strlcat(char *dst, const char *src, size_t size);
 char			*ft_strnstr(const char *big, const char *little, size_t len);
+char			*ft_strnstr_nullterminated(const char *big, const char *little, size_t len);
 int				ft_atoi(const char *nptr);
 char			*ft_substr(char const *s, unsigned int start, size_t len);
 char			*ft_strjoin(char const *s1, char const *s2);
@@ -55,6 +56,7 @@ void			*ft_calloc(size_t nmemb, size_t size);
 char			*ft_convert_base(char *nbr, char *base_from, char *base_to);
 char			*ft_u_convert(char *nbr, char *base_from, char *base_to);
 void			ft_rev_int_tab(char *tab, int size);
+
 typedef struct	s_list
 {
 	void			*content;
diff --git a/includes/woody.h b/includes/woody.h
index 7fc6f23..c5f23e3 100644
--- a/includes/woody.h
+++ b/includes/woody.h
@@ -12,6 +12,10 @@
 #include <sys/mman.h>
 #include <fcntl.h>
 #include <elf.h>
+#include <stdint.h>
+
+#define PAYLOAD "\x50\x57\x56\x52\x53\x31\xc0\x99\xb2\x0a\xff\xc0\x89\xc7\x48\x8d\x35\x0c\x00\x00\x00\x0f\x05\x5b\x5a\x5e\x5f\x58\xe9\xdf\xff\xff\xff\x2e\x2e\x57\x4f\x4f\x44\x59\x2e\x2e\x0a"
+#define JUMP "\xe9\xdf\xff\xff\xff";
 
 typedef struct efl_content
 {
diff --git a/payload b/payload
index fe0bf4eeebc875e56df6ae84757fb018be02028c..37d7f4523531c0171bf85412fd665df6ee7ba4a2 100644
GIT binary patch
literal 43
zcmWFt4+{!5JTP+;*Z%{Z$31#Yc^DWN_*tW);^HG--v9sqzn)&WzrRbQo*owff%Fjt

literal 40
wcmWFt4+{!5JTP+;*Z%{Z$31#YIT;uj_*tW(qvGNt4(sWK`}?~@>gjO-05Zo7S^xk5

diff --git a/print b/print
index c4d460bc1a25e44ab6e64179e45f7b70344b92c9..f16118f5abef9cc1096627e208402957e30fefa5 100755
GIT binary patch
delta 98
zcmcbi@<3&R2BX46&3sO61_;pJxUhg<fCtFoXN``Ei;sBu=l}ozljQ`ICLUm&>>!}P
qsJJ;%K%9{SreWej37{~`<T-*Oj0Tf83feQ?nEVk){+(<nqz(W+7#q$2

delta 90
zcmaE$azkZ;2BXA8&3sM`1_;pDxUhhqmlMe0XN`)Eii?jpJXujdY4QR=mdQQ>GK_MY
kGX=yM88s$13Yr7Sor3m^7bgD{wCDUP05L#uGNX_@0P!jny#N3J

diff --git a/print.s b/print.s
index 1fb08fe..6b75ec4 100644
--- a/print.s
+++ b/print.s
@@ -8,6 +8,7 @@ _start:
 		push rsi
 		push rdx
 		push rbx
+
         xor     eax, eax
         cdq
         mov     dl, 10
@@ -15,14 +16,12 @@ _start:
         mov     edi, eax
         lea     rsi, [rel msg]
         syscall
-		pop rdx
-			
 		pop rbx
 		pop rdx
 		pop rsi
 		pop rdi
 		pop rax
-		ret
+		jmp 0x00000000
 		
 msg     db "..WOODY..",10
 
diff --git a/srcs/woody.c b/srcs/woody.c
index 17cabd9..8a44c50 100644
--- a/srcs/woody.c
+++ b/srcs/woody.c
@@ -1,7 +1,5 @@
 #include "../includes/woody.h"
 
-#define CODE_MACRO "\x50\x57\x56\x52\x53\x31\xc0\x99\xb2\x0a\xff\xc0\x89\xc7\x48\x8d\x35\x09\x00\x00\x00\x0f\x05\x5a\x5b\x5a\x5e\x5f\x58\xc3\x2e\x2e\x57\x4f\x4f\x44\x59\x2e\x2e\x0a"
-char jmp[] = "\xe9\x00\x00\x00\x00";
 
 int elf_magic_numbers(char *str)
 {
@@ -57,6 +55,18 @@ int	get_load_segment(t_efl_content *woody, int start, bool executable)
 	return -1;
 }
 
+
+int32_t find_jmp(char *code, size_t len)
+{
+	char *jump = JUMP;
+	char *ptr = ft_strnstr_nullterminated(code, jump, len);
+	if (ptr)
+	{
+		return ptr - code;
+	}
+	return 0;
+}
+
 void	find_cave(t_efl_content *woody)
 {
 	woody->Phdr = (Elf64_Phdr *)secure_jump(woody->file, woody->file_size, woody->Ehdr->e_phoff, sizeof(Elf64_Phdr));
@@ -69,21 +79,32 @@ void	find_cave(t_efl_content *woody)
 	printf("code_cave_start = %lx, virtual adress = %lx\n", woody->Phdr[i].p_offset, woody->Phdr[i].p_vaddr);
 	printf("code_cave_size = %lx\n", woody->Phdr[j].p_offset - (woody->Phdr[i].p_offset + woody->Phdr[i].p_filesz));
 
+	Elf64_Off payload_off = woody->Phdr[i].p_offset + woody->Phdr[i].p_memsz;
 
-	Elf64_Off payload_off = woody->Phdr[i].p_offset + woody->Phdr[i].p_filesz;
+    size_t len = sizeof(PAYLOAD) - 1;
+	char payload[] = PAYLOAD;
+	int32_t jmp = find_jmp(payload, len);
 
+	printf("%ld\n", (long int)payload[jmp + 1]);
+	int32_t test = ((payload_off + len) - woody->Ehdr->e_entry) * -1;
 
-    size_t len = sizeof(CODE_MACRO) - 1;
-	ft_memcpy(woody->file + payload_off, CODE_MACRO, len);
+	ft_memcpy(&payload[jmp + 1], &test, sizeof(test));
+
+	ft_memcpy(woody->file + payload_off, payload, len);
 
 	printf("old entry : %lx\n", woody->Ehdr->e_entry);
-	woody->Ehdr->e_entry = woody->Phdr[i].p_vaddr +  woody->Phdr[i].p_filesz;
+	printf("backward offset = %ld\n", (payload_off + len) - woody->Ehdr->e_entry);
+	woody->Ehdr->e_entry = payload_off;
 	woody->Phdr[i].p_filesz += len;
 	woody->Phdr[i].p_memsz += len;
+		
+
+	printf("new entry = %lx\n", woody->Ehdr->e_entry);
 
-	printf("e_entry = %lx\n", woody->Ehdr->e_entry);
 	printf("p_filesz = %lx\n", woody->Phdr[i].p_filesz);
 	printf("p_memsz = %lx\n", woody->Phdr[i].p_memsz);
+	woody->file_size += len;
+
 }
 
 
@@ -148,6 +169,6 @@ int inject(t_efl_content *woody)
 	ft_memcpy(woody_file, woody->file, woody->file_size);
 
 	// encrypt_zone(woody_file, strtab_header->sh_offset , strtab_header->sh_size);
-	
+	munmap(woody_file, woody->file_size);
 	return save_elf("woody", woody_file, woody->file_size);
 }
\ No newline at end of file