diff --git a/Makefile b/Makefile index c441a74..6ecb028 100644 --- a/Makefile +++ b/Makefile @@ -16,7 +16,7 @@ RM = rm -f LIBFT_FLAGS = ft_printf/libftprintf.a -CFLAGS = -Wall -Wextra -Werror +CFLAGS = -Wall -Wextra -Werror -g3 all: ${NAME} diff --git a/includes/woody.h b/includes/woody.h index 6183a7b..d2d3b51 100644 --- a/includes/woody.h +++ b/includes/woody.h @@ -16,7 +16,9 @@ #define JUMP "\xe9" -#define WOODY "..WOODY.." +#define WOODY "....WOODY...." +#define JUMP_VALUE "\xda\xda\xda" + #define TEXT_OFFSET "\xba\xba\xba\xba\xba\xba\xba\xba" #define SECTION_SIZE "\xca\xca\xca\xca\xca\xca\xca\xca" diff --git a/print.s b/print.s index 5c2c123..0b5475f 100644 --- a/print.s +++ b/print.s @@ -14,15 +14,15 @@ _start: mov r8, qword [rel section_sisze] ;text_section size mov r9, 0 ;increment register xor r10, r10 - ; encrypt: - ; cmp r8, r9 - ; je end_encrypt - ; mov r10b, byte[rax + r9] - ; inc r10b ;rot + 1 - ; mov byte[rax + r9], r10b - ; inc r9 - ; jmp encrypt - ; end_encrypt: + encrypt: + cmp r8, r9 + je end_encrypt + movzx r10, byte[rax + r9] + inc r10b ;rot + 1 + mov byte[rax + r9], r10b + inc r9 + jmp encrypt + end_encrypt: mov rdx, 14 mov rax, 1 syscall @@ -31,7 +31,7 @@ _start: pop rdi pop rax - jmp 0x00000000 ;for now it needs to be the first jmp + jmp 0xdadadada msg db "....WOODY....",10 text_section dq 0xbabababababababa section_sisze dq 0xcacacacacacacaca diff --git a/srcs/woody.c b/srcs/woody.c index 3344599..e097122 100644 --- a/srcs/woody.c +++ b/srcs/woody.c @@ -99,15 +99,14 @@ t_payload *get_payload() int insert_payload(t_elf_content *woody, t_payload *payload, size_t payload_position) { - char *ptr_jmp = ft_strnstr_nullterminated(payload->payload, JUMP, payload->len); + char *ptr_jmp_value = ft_strnstr_nullterminated(payload->payload, JUMP_VALUE, payload->len); char *ptr_woody = ft_strnstr_nullterminated(payload->payload, WOODY, payload->len); char *ptr_text_section = ft_strnstr_nullterminated(payload->payload, TEXT_OFFSET, payload->len); char *ptr_section_size = ft_strnstr_nullterminated(payload->payload, SECTION_SIZE, payload->len); - if (ptr_jmp && ptr_woody && ptr_text_section && ptr_section_size) + if (ptr_jmp_value && ptr_woody && ptr_text_section && ptr_section_size) { int32_t woody_index = ptr_woody - payload->payload; - - int32_t jmp_index = ptr_jmp - payload->payload; + int32_t jmp_index = ptr_jmp_value - sizeof(JUMP) - payload->payload; int32_t jump_value = ((payload_position + jmp_index + 5) - woody->Ehdr->e_entry) * -1; // 5 = JUMP SIZE (OPCODE + 4 bytes operand) ft_memcpy(&payload->payload[jmp_index + 1], &jump_value, sizeof(jump_value)); @@ -121,10 +120,6 @@ int insert_payload(t_elf_content *woody, t_payload *payload, size_t payload_posi ft_memcpy(woody->file + payload_position, payload->payload, payload->len); - printf("jmp_index : %d (%x)\n", jmp_index, jmp_index); - printf("woody index :%d (%x)\n", woody_index, woody_index); - printf("jmp_index++ : %ld (%lx)\n", jmp_index + sizeof(JUMP) + sizeof(jump_value), jmp_index + sizeof(JUMP) + sizeof(jump_value) - 1); - printf("text_value : %ld (%lx)\n", text_value, text_value); printf("Old entry : %ld (%lx)\n", woody->Ehdr->e_entry, woody->Ehdr->e_entry); printf("Code cave start = %ld (%lx)\n", payload_position, payload_position); printf("Payload size = %ld (%lx)\n", payload->len, payload->len); @@ -159,7 +154,7 @@ void inject(t_elf_content *woody) woody->Phdr[i].p_filesz += payload->len; woody->Phdr[i].p_memsz += payload->len; woody->Phdr[i].p_flags = PF_X | PF_W | PF_R; - woody->text_section->sh_size += payload->len; + // woody->text_section->sh_size += payload->len; printf("New entry = %ld (%lx)\n", woody->Ehdr->e_entry, woody->Ehdr->e_entry); } @@ -216,7 +211,7 @@ int prepare_injection(t_elf_content *woody) if (elf_statut) return elf_statut; inject(woody); - // encrypt(woody->file, woody->text_section->sh_offset, woody->text_section->sh_size); + encrypt(woody->file, woody->text_section->sh_offset, woody->text_section->sh_size); char *woody_file; if (!(woody_file = malloc(woody->file_size))) return ft_put_error("Allocation error");