From 7d417ac4e71b43765a09018cb924b58ee124a1e2 Mon Sep 17 00:00:00 2001
From: pbonilla <pbonilla@student.42.fr>
Date: Wed, 12 Jun 2024 13:40:57 +0200
Subject: [PATCH] Offset more datas on codecave creation

---
 includes/woody.h |  4 +++-
 srcs/woody.c     | 31 ++++++++++++++++++++++++++++---
 2 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/includes/woody.h b/includes/woody.h
index e04b480..bb61913 100644
--- a/includes/woody.h
+++ b/includes/woody.h
@@ -21,7 +21,7 @@
 
 #define TEXT_OFFSET "\xba\xba\xba\xba\xba\xba\xba\xba"
 #define SECTION_SIZE "\xca\xca\xca\xca\xca\xca\xca\xca"
-
+  
 typedef struct payload
 {
 	char *payload;
@@ -36,6 +36,8 @@ typedef struct elf_content
 	Elf64_Ehdr *Ehdr;
 	Elf64_Phdr *Phdr;
 	Elf64_Shdr *Shdr;
+	Elf64_Shdr *symbols_table;
+	Elf64_Sym  *symbols;
 } t_elf_content;
 
 // utils.c
diff --git a/srcs/woody.c b/srcs/woody.c
index d5557c7..8c7c21c 100644
--- a/srcs/woody.c
+++ b/srcs/woody.c
@@ -48,16 +48,28 @@ void offset_sections(t_elf_content *woody, unsigned int from, unsigned int offse
 {
 	for (int i = 0; i < woody->Ehdr->e_phnum; i++)
 	{
-		if (woody->Phdr[i].p_offset > from)
+		if (woody->Phdr[i].p_offset >= from)	
 		{
 			woody->Phdr[i].p_offset += offset_ammount;
-			woody->Phdr[i].p_flags = PF_X | PF_W | PF_R;
+			woody->Phdr[i].p_vaddr += offset_ammount;
+			woody->Phdr[i].p_paddr += offset_ammount;
 		}
 	}
 	for (int i = 0; i < woody->Ehdr->e_shnum; i++)
 	{
-		if (woody->Shdr[i].sh_offset > from)
+		if (woody->Shdr[i].sh_offset >= from)
+		{
 			woody->Shdr[i].sh_offset += offset_ammount;
+			woody->Shdr[i].sh_addr += offset_ammount;
+		}
+	}
+	int num_symbols = get_symbols_count(woody->symbols_table->sh_size, woody->symbols_table->sh_entsize);
+	for (int i = 1; i < num_symbols; i++) {
+		if (woody->symbols[i].st_value >= from)
+		{
+			woody->symbols[i].st_value += offset_ammount;
+		}
+		// printf("symbol value = %lx\n", symbols[i].st_value);
 	}
 }
 
@@ -76,6 +88,7 @@ void	create_codecave(t_elf_content *woody, t_payload *payload, size_t payload_po
 	woody->file = new_woody;
 	woody->file_size += padding_size;
 	woody->Ehdr = (Elf64_Ehdr *)new_woody;
+	woody->Ehdr->e_shoff += padding_size;
 	woody->Phdr = (Elf64_Phdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_phoff, sizeof(Elf64_Phdr));
 	woody->Shdr = (Elf64_Shdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, sizeof(Elf64_Shdr));
 }
@@ -141,6 +154,7 @@ void	inject(t_elf_content *woody)
 
 	if (code_cave_size < payload->len) // inverse here to test the other technique
 	{
+		printf("Create a codecave\n");
 		create_codecave(woody, payload, payload_position);
 	}
 
@@ -167,6 +181,17 @@ int get_elf_sections(t_elf_content *woody)
 	woody->Shdr = (Elf64_Shdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, sizeof(Elf64_Shdr));
 	if (!woody->Shdr|| !fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, woody->Ehdr->e_shnum * sizeof(Elf64_Shdr)))
 		return EXIT_FAILURE;
+
+    for (int i = 0; i < woody->Ehdr->e_shnum; i++) {
+		if (woody->Shdr[i].sh_type == SHT_SYMTAB) {
+            woody->symbols_table = fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff + (i * sizeof(Elf64_Shdr)), sizeof(Elf64_Shdr));
+        }
+    }
+	if (woody->symbols_table == NULL)
+		return EXIT_FAILURE; //Not sure about this
+	woody->symbols = (Elf64_Sym *)fetch(woody->file, woody->file_size, woody->symbols_table->sh_offset, sizeof(Elf64_Sym));
+	if (woody->symbols == NULL)
+		return EXIT_FAILURE;//Not sure about this
 	return EXIT_SUCCESS;
 }