From 2c14d6f0c52b3ec72e0359d6622dec0c50cab9cf Mon Sep 17 00:00:00 2001 From: pbonilla Date: Fri, 19 Apr 2024 11:41:15 +0200 Subject: [PATCH] infection of PT_LOAD reference to text section removed multiple infections OK --- includes/woody.h | 1 - resources/sample.c | 2 +- srcs/encrypt.c | 4 ++++ srcs/main.c | 6 +++--- srcs/woody.c | 50 +++++++++------------------------------------- 5 files changed, 17 insertions(+), 46 deletions(-) diff --git a/includes/woody.h b/includes/woody.h index d2d3b51..0833ae4 100644 --- a/includes/woody.h +++ b/includes/woody.h @@ -36,7 +36,6 @@ typedef struct elf_content Elf64_Ehdr *Ehdr; Elf64_Phdr *Phdr; Elf64_Shdr *Shdr; - Elf64_Shdr *text_section; char *extra_data; } t_elf_content; diff --git a/resources/sample.c b/resources/sample.c index 5fffccb..3b68c69 100644 --- a/resources/sample.c +++ b/resources/sample.c @@ -2,6 +2,6 @@ int main(void) { - printf("Hello, World!\n"); + ft_printf("Hello, World!\n"); return (0x0); } diff --git a/srcs/encrypt.c b/srcs/encrypt.c index f7866d7..c57c8f1 100644 --- a/srcs/encrypt.c +++ b/srcs/encrypt.c @@ -8,4 +8,8 @@ void encrypt(char *file, unsigned long int offset, unsigned long int size) file[offset + i] = file[offset + i] - 1; ++i; } + printf("\nENCRYPTION : \n"); + printf(" File encrypted from %ld (%lx) to %ld (%lx)\n", offset, offset, offset + size, offset + size); + printf(" Size of encryption = %ld (%lx)\n", size, size); + printf("\n"); } \ No newline at end of file diff --git a/srcs/main.c b/srcs/main.c index 807f492..173f3e1 100644 --- a/srcs/main.c +++ b/srcs/main.c @@ -8,14 +8,14 @@ int get_elf_file(t_elf_content *woody) fd = open(woody->file_path, O_RDONLY); if (fd < 0) { - ft_printf("Error: Failed to open \'%s\'\n", woody->file_path); + printf("Error: Failed to open \'%s\'\n", woody->file_path); return EXIT_FAILURE; } off = lseek(fd, 0, SEEK_END); if (off == -1) { close(fd); - ft_printf("Error: Failed to read file offset \'%s\'\n", woody->file_path); + printf("Error: Failed to read file offset \'%s\'\n", woody->file_path); return EXIT_FAILURE; } woody->file_size = off; @@ -23,7 +23,7 @@ int get_elf_file(t_elf_content *woody) if (woody->file == MAP_FAILED) { close(fd); - ft_printf("Error: Failed to map file \'%s\'\n", woody->file_path); + printf("Error: Failed to map file \'%s\'\n", woody->file_path); return EXIT_FAILURE; } close(fd); diff --git a/srcs/woody.c b/srcs/woody.c index e097122..580758c 100644 --- a/srcs/woody.c +++ b/srcs/woody.c @@ -9,18 +9,18 @@ int save_elf(char *path, char *file, unsigned long int size) { int fd = open(path, O_CREAT | O_WRONLY | O_TRUNC, 0755); if (fd == -1) { - ft_printf("Error: Failed to create new file \'%s\'\n", path); + printf("Error: Failed to create new file \'%s\'\n", path); return EXIT_FAILURE; } if (write(fd, file, size) == -1) { close(fd); - ft_printf("Error: Failed to write new file \'%s\'\n", path); + printf("Error: Failed to write new file \'%s\'\n", path); return EXIT_FAILURE; } if (close(fd) == -1) { - ft_printf("Error: Failed to close new file \'%s\'\n", path); + printf("Error: Failed to close new file \'%s\'\n", path); return EXIT_FAILURE; } return EXIT_SUCCESS; @@ -97,7 +97,7 @@ t_payload *get_payload() return payload; } -int insert_payload(t_elf_content *woody, t_payload *payload, size_t payload_position) +int insert_payload(t_elf_content *woody, t_payload *payload, size_t payload_position, int load_segment_index) { char *ptr_jmp_value = ft_strnstr_nullterminated(payload->payload, JUMP_VALUE, payload->len); char *ptr_woody = ft_strnstr_nullterminated(payload->payload, WOODY, payload->len); @@ -111,11 +111,11 @@ int insert_payload(t_elf_content *woody, t_payload *payload, size_t payload_posi ft_memcpy(&payload->payload[jmp_index + 1], &jump_value, sizeof(jump_value)); int64_t text_index = ptr_text_section - payload->payload; - int64_t text_value = payload_position - woody->Ehdr->e_entry + woody_index; + int64_t text_value = payload_position - woody->Phdr[load_segment_index].p_offset + woody_index; ft_memcpy(&payload->payload[text_index], &text_value, sizeof(text_value)); int64_t section_index = ptr_section_size - payload->payload; - int64_t section_value = woody->text_section->sh_size; + int64_t section_value = woody->Phdr[load_segment_index].p_memsz; //woody->text_section->sh_size; ft_memcpy(&payload->payload[section_index], §ion_value, sizeof(section_value)); ft_memcpy(woody->file + payload_position, payload->payload, payload->len); @@ -148,30 +148,22 @@ void inject(t_elf_content *woody) { payload_position = create_codecave(woody, &woody->Phdr[i], payload); } - insert_payload(woody, payload, payload_position); + encrypt(woody->file, woody->Phdr[i].p_offset, woody->Phdr[i].p_memsz); + insert_payload(woody, payload, payload_position, i); woody->Ehdr->e_entry = payload_position; woody->Phdr[i].p_filesz += payload->len; woody->Phdr[i].p_memsz += payload->len; woody->Phdr[i].p_flags = PF_X | PF_W | PF_R; - // woody->text_section->sh_size += payload->len; printf("New entry = %ld (%lx)\n", woody->Ehdr->e_entry, woody->Ehdr->e_entry); } -int is_special_section_indice(uint16_t section_index) { - return (section_index == SHN_LOPROC || section_index == SHN_BEFORE || - section_index == SHN_AFTER || section_index == SHN_HIPROC || - section_index == SHN_LOOS || section_index == SHN_HIOS || - section_index == SHN_ABS || section_index == SHN_COMMON || - section_index == SHN_XINDEX || section_index == SHN_HIRESERVE); -} - int get_elf_sections(t_elf_content *woody) { woody->Ehdr = (Elf64_Ehdr *)fetch(woody->file, woody->file_size, 0, sizeof(Elf64_Ehdr)); if (!woody->Ehdr || !elf_magic_numbers(woody->file) || woody->Ehdr->e_ident[EI_CLASS] != ELFCLASS64) { - ft_printf("Error: \'%s\' is not a valid 64-bit ELF file\n", woody->file_path); + printf("Error: \'%s\' is not a valid 64-bit ELF file\n", woody->file_path); return EXIT_FAILURE; } woody->Phdr = (Elf64_Phdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_phoff, sizeof(Elf64_Phdr)); @@ -179,29 +171,6 @@ int get_elf_sections(t_elf_content *woody) woody->Shdr = (Elf64_Shdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, sizeof(Elf64_Shdr)); if (!woody->Shdr|| !fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, woody->Ehdr->e_shnum * sizeof(Elf64_Shdr))) return EXIT_FAILURE; - - if (!fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff + (woody->Ehdr->e_shstrndx * sizeof(Elf64_Shdr)), sizeof(Elf64_Shdr))) - { - return EXIT_FAILURE; - } - char *Sshstrtab = (char *)fetch(woody->file, woody->file_size, woody->Shdr[woody->Ehdr->e_shstrndx].sh_offset, 0); - if (Sshstrtab == NULL) - { - return EXIT_FAILURE; - } - for (int j = 0; j < woody->Ehdr->e_shnum;j++) - { - if (woody->Shdr[j].sh_name > woody->Shdr[woody->Ehdr->e_shstrndx].sh_size) return EXIT_FAILURE; - if (woody->Shdr[j].sh_type == SHT_PROGBITS && woody->Shdr[j].sh_flags & SHF_EXECINSTR && - woody->Shdr[j].sh_flags & SHF_ALLOC && - Sshstrtab + woody->Shdr[j].sh_name < (char *)woody->file + woody->file_size && - !ft_strncmp(".text\0", Sshstrtab + woody->Shdr[j].sh_name, 6)) - { - woody->text_section = &woody->Shdr[j]; - break; - } - } - return EXIT_SUCCESS; } @@ -211,7 +180,6 @@ int prepare_injection(t_elf_content *woody) if (elf_statut) return elf_statut; inject(woody); - encrypt(woody->file, woody->text_section->sh_offset, woody->text_section->sh_size); char *woody_file; if (!(woody_file = malloc(woody->file_size))) return ft_put_error("Allocation error");