Offset more datas on codecave creation

This commit is contained in:
pbonilla 2024-06-12 13:40:57 +02:00
parent ff92116756
commit 7d417ac4e7
2 changed files with 31 additions and 4 deletions

View File

@ -36,6 +36,8 @@ typedef struct elf_content
Elf64_Ehdr *Ehdr;
Elf64_Phdr *Phdr;
Elf64_Shdr *Shdr;
Elf64_Shdr *symbols_table;
Elf64_Sym *symbols;
} t_elf_content;
// utils.c

View File

@ -48,16 +48,28 @@ void offset_sections(t_elf_content *woody, unsigned int from, unsigned int offse
{
for (int i = 0; i < woody->Ehdr->e_phnum; i++)
{
if (woody->Phdr[i].p_offset > from)
if (woody->Phdr[i].p_offset >= from)
{
woody->Phdr[i].p_offset += offset_ammount;
woody->Phdr[i].p_flags = PF_X | PF_W | PF_R;
woody->Phdr[i].p_vaddr += offset_ammount;
woody->Phdr[i].p_paddr += offset_ammount;
}
}
for (int i = 0; i < woody->Ehdr->e_shnum; i++)
{
if (woody->Shdr[i].sh_offset > from)
if (woody->Shdr[i].sh_offset >= from)
{
woody->Shdr[i].sh_offset += offset_ammount;
woody->Shdr[i].sh_addr += offset_ammount;
}
}
int num_symbols = get_symbols_count(woody->symbols_table->sh_size, woody->symbols_table->sh_entsize);
for (int i = 1; i < num_symbols; i++) {
if (woody->symbols[i].st_value >= from)
{
woody->symbols[i].st_value += offset_ammount;
}
// printf("symbol value = %lx\n", symbols[i].st_value);
}
}
@ -76,6 +88,7 @@ void create_codecave(t_elf_content *woody, t_payload *payload, size_t payload_po
woody->file = new_woody;
woody->file_size += padding_size;
woody->Ehdr = (Elf64_Ehdr *)new_woody;
woody->Ehdr->e_shoff += padding_size;
woody->Phdr = (Elf64_Phdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_phoff, sizeof(Elf64_Phdr));
woody->Shdr = (Elf64_Shdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, sizeof(Elf64_Shdr));
}
@ -141,6 +154,7 @@ void inject(t_elf_content *woody)
if (code_cave_size < payload->len) // inverse here to test the other technique
{
printf("Create a codecave\n");
create_codecave(woody, payload, payload_position);
}
@ -167,6 +181,17 @@ int get_elf_sections(t_elf_content *woody)
woody->Shdr = (Elf64_Shdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, sizeof(Elf64_Shdr));
if (!woody->Shdr|| !fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, woody->Ehdr->e_shnum * sizeof(Elf64_Shdr)))
return EXIT_FAILURE;
for (int i = 0; i < woody->Ehdr->e_shnum; i++) {
if (woody->Shdr[i].sh_type == SHT_SYMTAB) {
woody->symbols_table = fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff + (i * sizeof(Elf64_Shdr)), sizeof(Elf64_Shdr));
}
}
if (woody->symbols_table == NULL)
return EXIT_FAILURE; //Not sure about this
woody->symbols = (Elf64_Sym *)fetch(woody->file, woody->file_size, woody->symbols_table->sh_offset, sizeof(Elf64_Sym));
if (woody->symbols == NULL)
return EXIT_FAILURE;//Not sure about this
return EXIT_SUCCESS;
}