Offset more datas on codecave creation

This commit is contained in:
pbonilla 2024-06-12 13:40:57 +02:00
parent ff92116756
commit 7d417ac4e7
2 changed files with 31 additions and 4 deletions
includes
srcs

View File

@ -21,7 +21,7 @@
#define TEXT_OFFSET "\xba\xba\xba\xba\xba\xba\xba\xba" #define TEXT_OFFSET "\xba\xba\xba\xba\xba\xba\xba\xba"
#define SECTION_SIZE "\xca\xca\xca\xca\xca\xca\xca\xca" #define SECTION_SIZE "\xca\xca\xca\xca\xca\xca\xca\xca"
typedef struct payload typedef struct payload
{ {
char *payload; char *payload;
@ -36,6 +36,8 @@ typedef struct elf_content
Elf64_Ehdr *Ehdr; Elf64_Ehdr *Ehdr;
Elf64_Phdr *Phdr; Elf64_Phdr *Phdr;
Elf64_Shdr *Shdr; Elf64_Shdr *Shdr;
Elf64_Shdr *symbols_table;
Elf64_Sym *symbols;
} t_elf_content; } t_elf_content;
// utils.c // utils.c

View File

@ -48,16 +48,28 @@ void offset_sections(t_elf_content *woody, unsigned int from, unsigned int offse
{ {
for (int i = 0; i < woody->Ehdr->e_phnum; i++) for (int i = 0; i < woody->Ehdr->e_phnum; i++)
{ {
if (woody->Phdr[i].p_offset > from) if (woody->Phdr[i].p_offset >= from)
{ {
woody->Phdr[i].p_offset += offset_ammount; woody->Phdr[i].p_offset += offset_ammount;
woody->Phdr[i].p_flags = PF_X | PF_W | PF_R; woody->Phdr[i].p_vaddr += offset_ammount;
woody->Phdr[i].p_paddr += offset_ammount;
} }
} }
for (int i = 0; i < woody->Ehdr->e_shnum; i++) for (int i = 0; i < woody->Ehdr->e_shnum; i++)
{ {
if (woody->Shdr[i].sh_offset > from) if (woody->Shdr[i].sh_offset >= from)
{
woody->Shdr[i].sh_offset += offset_ammount; woody->Shdr[i].sh_offset += offset_ammount;
woody->Shdr[i].sh_addr += offset_ammount;
}
}
int num_symbols = get_symbols_count(woody->symbols_table->sh_size, woody->symbols_table->sh_entsize);
for (int i = 1; i < num_symbols; i++) {
if (woody->symbols[i].st_value >= from)
{
woody->symbols[i].st_value += offset_ammount;
}
// printf("symbol value = %lx\n", symbols[i].st_value);
} }
} }
@ -76,6 +88,7 @@ void create_codecave(t_elf_content *woody, t_payload *payload, size_t payload_po
woody->file = new_woody; woody->file = new_woody;
woody->file_size += padding_size; woody->file_size += padding_size;
woody->Ehdr = (Elf64_Ehdr *)new_woody; woody->Ehdr = (Elf64_Ehdr *)new_woody;
woody->Ehdr->e_shoff += padding_size;
woody->Phdr = (Elf64_Phdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_phoff, sizeof(Elf64_Phdr)); woody->Phdr = (Elf64_Phdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_phoff, sizeof(Elf64_Phdr));
woody->Shdr = (Elf64_Shdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, sizeof(Elf64_Shdr)); woody->Shdr = (Elf64_Shdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, sizeof(Elf64_Shdr));
} }
@ -141,6 +154,7 @@ void inject(t_elf_content *woody)
if (code_cave_size < payload->len) // inverse here to test the other technique if (code_cave_size < payload->len) // inverse here to test the other technique
{ {
printf("Create a codecave\n");
create_codecave(woody, payload, payload_position); create_codecave(woody, payload, payload_position);
} }
@ -167,6 +181,17 @@ int get_elf_sections(t_elf_content *woody)
woody->Shdr = (Elf64_Shdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, sizeof(Elf64_Shdr)); woody->Shdr = (Elf64_Shdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, sizeof(Elf64_Shdr));
if (!woody->Shdr|| !fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, woody->Ehdr->e_shnum * sizeof(Elf64_Shdr))) if (!woody->Shdr|| !fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, woody->Ehdr->e_shnum * sizeof(Elf64_Shdr)))
return EXIT_FAILURE; return EXIT_FAILURE;
for (int i = 0; i < woody->Ehdr->e_shnum; i++) {
if (woody->Shdr[i].sh_type == SHT_SYMTAB) {
woody->symbols_table = fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff + (i * sizeof(Elf64_Shdr)), sizeof(Elf64_Shdr));
}
}
if (woody->symbols_table == NULL)
return EXIT_FAILURE; //Not sure about this
woody->symbols = (Elf64_Sym *)fetch(woody->file, woody->file_size, woody->symbols_table->sh_offset, sizeof(Elf64_Sym));
if (woody->symbols == NULL)
return EXIT_FAILURE;//Not sure about this
return EXIT_SUCCESS; return EXIT_SUCCESS;
} }