Offset more datas on codecave creation
This commit is contained in:
parent
ff92116756
commit
7d417ac4e7
|
@ -21,7 +21,7 @@
|
||||||
|
|
||||||
#define TEXT_OFFSET "\xba\xba\xba\xba\xba\xba\xba\xba"
|
#define TEXT_OFFSET "\xba\xba\xba\xba\xba\xba\xba\xba"
|
||||||
#define SECTION_SIZE "\xca\xca\xca\xca\xca\xca\xca\xca"
|
#define SECTION_SIZE "\xca\xca\xca\xca\xca\xca\xca\xca"
|
||||||
|
|
||||||
typedef struct payload
|
typedef struct payload
|
||||||
{
|
{
|
||||||
char *payload;
|
char *payload;
|
||||||
|
@ -36,6 +36,8 @@ typedef struct elf_content
|
||||||
Elf64_Ehdr *Ehdr;
|
Elf64_Ehdr *Ehdr;
|
||||||
Elf64_Phdr *Phdr;
|
Elf64_Phdr *Phdr;
|
||||||
Elf64_Shdr *Shdr;
|
Elf64_Shdr *Shdr;
|
||||||
|
Elf64_Shdr *symbols_table;
|
||||||
|
Elf64_Sym *symbols;
|
||||||
} t_elf_content;
|
} t_elf_content;
|
||||||
|
|
||||||
// utils.c
|
// utils.c
|
||||||
|
|
31
srcs/woody.c
31
srcs/woody.c
|
@ -48,16 +48,28 @@ void offset_sections(t_elf_content *woody, unsigned int from, unsigned int offse
|
||||||
{
|
{
|
||||||
for (int i = 0; i < woody->Ehdr->e_phnum; i++)
|
for (int i = 0; i < woody->Ehdr->e_phnum; i++)
|
||||||
{
|
{
|
||||||
if (woody->Phdr[i].p_offset > from)
|
if (woody->Phdr[i].p_offset >= from)
|
||||||
{
|
{
|
||||||
woody->Phdr[i].p_offset += offset_ammount;
|
woody->Phdr[i].p_offset += offset_ammount;
|
||||||
woody->Phdr[i].p_flags = PF_X | PF_W | PF_R;
|
woody->Phdr[i].p_vaddr += offset_ammount;
|
||||||
|
woody->Phdr[i].p_paddr += offset_ammount;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
for (int i = 0; i < woody->Ehdr->e_shnum; i++)
|
for (int i = 0; i < woody->Ehdr->e_shnum; i++)
|
||||||
{
|
{
|
||||||
if (woody->Shdr[i].sh_offset > from)
|
if (woody->Shdr[i].sh_offset >= from)
|
||||||
|
{
|
||||||
woody->Shdr[i].sh_offset += offset_ammount;
|
woody->Shdr[i].sh_offset += offset_ammount;
|
||||||
|
woody->Shdr[i].sh_addr += offset_ammount;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
int num_symbols = get_symbols_count(woody->symbols_table->sh_size, woody->symbols_table->sh_entsize);
|
||||||
|
for (int i = 1; i < num_symbols; i++) {
|
||||||
|
if (woody->symbols[i].st_value >= from)
|
||||||
|
{
|
||||||
|
woody->symbols[i].st_value += offset_ammount;
|
||||||
|
}
|
||||||
|
// printf("symbol value = %lx\n", symbols[i].st_value);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -76,6 +88,7 @@ void create_codecave(t_elf_content *woody, t_payload *payload, size_t payload_po
|
||||||
woody->file = new_woody;
|
woody->file = new_woody;
|
||||||
woody->file_size += padding_size;
|
woody->file_size += padding_size;
|
||||||
woody->Ehdr = (Elf64_Ehdr *)new_woody;
|
woody->Ehdr = (Elf64_Ehdr *)new_woody;
|
||||||
|
woody->Ehdr->e_shoff += padding_size;
|
||||||
woody->Phdr = (Elf64_Phdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_phoff, sizeof(Elf64_Phdr));
|
woody->Phdr = (Elf64_Phdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_phoff, sizeof(Elf64_Phdr));
|
||||||
woody->Shdr = (Elf64_Shdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, sizeof(Elf64_Shdr));
|
woody->Shdr = (Elf64_Shdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, sizeof(Elf64_Shdr));
|
||||||
}
|
}
|
||||||
|
@ -141,6 +154,7 @@ void inject(t_elf_content *woody)
|
||||||
|
|
||||||
if (code_cave_size < payload->len) // inverse here to test the other technique
|
if (code_cave_size < payload->len) // inverse here to test the other technique
|
||||||
{
|
{
|
||||||
|
printf("Create a codecave\n");
|
||||||
create_codecave(woody, payload, payload_position);
|
create_codecave(woody, payload, payload_position);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -167,6 +181,17 @@ int get_elf_sections(t_elf_content *woody)
|
||||||
woody->Shdr = (Elf64_Shdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, sizeof(Elf64_Shdr));
|
woody->Shdr = (Elf64_Shdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, sizeof(Elf64_Shdr));
|
||||||
if (!woody->Shdr|| !fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, woody->Ehdr->e_shnum * sizeof(Elf64_Shdr)))
|
if (!woody->Shdr|| !fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, woody->Ehdr->e_shnum * sizeof(Elf64_Shdr)))
|
||||||
return EXIT_FAILURE;
|
return EXIT_FAILURE;
|
||||||
|
|
||||||
|
for (int i = 0; i < woody->Ehdr->e_shnum; i++) {
|
||||||
|
if (woody->Shdr[i].sh_type == SHT_SYMTAB) {
|
||||||
|
woody->symbols_table = fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff + (i * sizeof(Elf64_Shdr)), sizeof(Elf64_Shdr));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (woody->symbols_table == NULL)
|
||||||
|
return EXIT_FAILURE; //Not sure about this
|
||||||
|
woody->symbols = (Elf64_Sym *)fetch(woody->file, woody->file_size, woody->symbols_table->sh_offset, sizeof(Elf64_Sym));
|
||||||
|
if (woody->symbols == NULL)
|
||||||
|
return EXIT_FAILURE;//Not sure about this
|
||||||
return EXIT_SUCCESS;
|
return EXIT_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue