diff --git a/includes/woody.h b/includes/woody.h index 4b4fb19..6c516f8 100644 --- a/includes/woody.h +++ b/includes/woody.h @@ -40,6 +40,7 @@ typedef struct elf_content int num_symbols; Elf64_Shdr *text_section; Elf64_Sym *symbols; + char *Sshstrtab; } t_elf_content; // utils.c @@ -47,6 +48,7 @@ void *fetch(char *file, unsigned long file_size, unsigned long offset_to_data, u int ft_put_error(char *str); char *get_string(char *str, char *end_file); int get_symbols_count(int sh_size, int sh_entsize); +char *get_section_name(t_elf_content *woody, int section_index); // woody.c int prepare_injection(t_elf_content *woody); diff --git a/srcs/utils.c b/srcs/utils.c index 1857a26..6355bfa 100644 --- a/srcs/utils.c +++ b/srcs/utils.c @@ -27,6 +27,12 @@ char *get_string(char *str, char *end_file) return NULL; } +char *get_section_name(t_elf_content *woody, int section_index) +{ + unsigned int shstrtabndx = woody->Shdr[section_index].sh_name; + return get_string(&woody->Sshstrtab[shstrtabndx], woody->file + woody->file_size); +} + int ft_put_error(char *str) { ft_putstr_fd("Error: ", STDERR_FILENO); diff --git a/srcs/woody.c b/srcs/woody.c index bf6321a..00cafba 100644 --- a/srcs/woody.c +++ b/srcs/woody.c @@ -46,6 +46,63 @@ int get_load_segment(t_elf_content *woody, int start, bool executable) void offset_sections(t_elf_content *woody, unsigned int from, unsigned int offset_ammount) { + for (int i = 0; i < woody->Ehdr->e_shnum; i++) + { + if (woody->Shdr[i].sh_type == SHT_REL) + { + int num_entries = woody->Shdr[i].sh_size / woody->Shdr[i].sh_entsize; + Elf64_Rel *rel = (Elf64_Rel *)fetch(woody->file, woody->file_size, woody->Shdr[i].sh_offset, woody->Shdr[i].sh_size); + for (int j = 0; j < num_entries; j++) + { + rel[j].r_offset += offset_ammount; + printf(" Offset: 0x%lx, Info: 0x%lx, Type: %u, Symbol: %u\n", + (unsigned long)rel[j].r_offset, (unsigned long)rel[j].r_info, + (unsigned int)ELF64_R_TYPE(rel[j].r_info), (unsigned int)ELF64_R_SYM(rel[j].r_info)); + } + } + else if (woody->Shdr[i].sh_type == SHT_RELA) + { + int num_entries = woody->Shdr[i].sh_size / woody->Shdr[i].sh_entsize; + Elf64_Rela *rela = (Elf64_Rela *)fetch(woody->file, woody->file_size, woody->Shdr[i].sh_offset , woody->Shdr[i].sh_size); + for (int j = 0; j < num_entries; j++) + { + rela[j].r_offset += offset_ammount; + if (rela[j].r_addend >= from) + rela[j].r_addend += offset_ammount; + + // printf(" Offset: 0x%lx, Info: 0x%lx, Type: %u, Symbol: %u adden: 0x%lx\n", + // (unsigned long)rela[j].r_offset, (unsigned long)rela[j].r_info, + // (unsigned int)ELF64_R_TYPE(rela[j].r_info), (unsigned int)ELF64_R_SYM(rela[j].r_info), (unsigned long)rela[j].r_addend); + + + } + } else if (woody->Shdr[i].sh_type == SHT_DYNAMIC) + { + int num_dyn_entries = woody->Shdr[i].sh_size / woody->Shdr[i].sh_entsize; + Elf64_Dyn *dyn_entries = (Elf64_Dyn *)fetch(woody->file, woody->file_size, woody->Shdr[i].sh_offset , woody->Shdr[i].sh_size); + for (int j = 0; j < num_dyn_entries; j++) + { + // printf("dyn_entries[%d].d_tag = %lx ptr = %lx value = %lx\n",j, dyn_entries[j].d_tag, dyn_entries[j].d_un.d_ptr, dyn_entries[j].d_un.d_val); + if (dyn_entries[j].d_tag == DT_PLTGOT || dyn_entries[j].d_tag == DT_FINI || dyn_entries[j].d_tag == DT_INIT_ARRAY || dyn_entries[j].d_tag == DT_FINI_ARRAY) + { + dyn_entries[j].d_un.d_ptr += offset_ammount; + } + } + } + char *section_name = get_section_name(woody, i); + if (section_name && !ft_strcmp(".got", section_name)) + { + int num_entries = woody->Shdr[i].sh_size / woody->Shdr[i].sh_entsize; + Elf64_Addr *got_entri = (Elf64_Addr *)fetch(woody->file, woody->file_size, woody->Shdr[i].sh_offset, woody->Shdr[i].sh_size); + for (int j = 0; j < num_entries; j++) + { + if (got_entri[j]) + { + got_entri[j] += offset_ammount; + } + } + } + } for (int i = 0; i < woody->Ehdr->e_phnum; i++) { if (woody->Phdr[i].p_offset >= from) @@ -70,38 +127,7 @@ void offset_sections(t_elf_content *woody, unsigned int from, unsigned int offse woody->symbols[i].st_value += offset_ammount; } } - for (int i = 0; i < woody->Ehdr->e_shnum; i++) { - if (woody->Shdr[i].sh_type == SHT_REL) - { - printf("SHT_RE = %ld %ld\n", sizeof(Elf64_Rel), woody->Shdr[i].sh_entsize); - int num_entries = woody->Shdr[i].sh_size / woody->Shdr[i].sh_entsize; - for (int j = 0; j < num_entries; j++) { - Elf64_Rel *rel = (Elf64_Rel *)fetch(woody->file, woody->file_size, woody->Shdr[i].sh_offset + (j * woody->Shdr[i].sh_entsize), sizeof(Elf64_Rel)); - rel->r_offset += offset_ammount; - // printf(" Offset: 0x%lx, Info: 0x%lx, Type: %u, Symbol: %u\n", - // (unsigned long)rel[j].r_offset, (unsigned long)rel[j].r_info, - // (unsigned int)ELF64_R_TYPE(rel[j].r_info), (unsigned int)ELF64_R_SYM(rel[j].r_info)); - } - } - if (woody->Shdr[i].sh_type == SHT_RELA) - { - // printf("SHT_RELA = %ld %ld\n", sizeof(Elf64_Rela), woody->Shdr[i].sh_entsize); - int num_entries = woody->Shdr[i].sh_size / woody->Shdr[i].sh_entsize; - for (int j = 0; j < num_entries; j++) { - Elf64_Rela *rela = (Elf64_Rela *)fetch(woody->file, woody->file_size, woody->Shdr[i].sh_offset + (j * woody->Shdr[i].sh_entsize), sizeof(Elf64_Rela)); - rela->r_offset += offset_ammount; - // printf(" Offset: 0x%lx, Info: 0x%lx, Type: %u, Symbol: %u, Addend: %ld\n", - // (unsigned long)rela[j].r_offset, (unsigned long)rela[j].r_info, - // (unsigned int)ELF64_R_TYPE(rela[j].r_info), (unsigned int)ELF64_R_SYM(rela[j].r_info), - // (long)rela[j].r_addend); - if (rela->r_addend >= from) - { - rela->r_addend += offset_ammount; - } - } - } - } } @@ -185,18 +211,6 @@ void inject(t_elf_content *woody) size_t code_cave_size = woody->Phdr[j].p_offset - (woody->Phdr[i].p_offset + woody->Phdr[i].p_filesz); size_t payload_position = woody->Phdr[i].p_offset + woody->Phdr[i].p_filesz; - // printf("Load segment p_offset = %lx\n", woody->Phdr[i].p_offset); - // printf("Load segment p_filesz = %lx\n", woody->Phdr[i].p_filesz); - // printf("Load segment p_memsz = %lx\n", woody->Phdr[i].p_memsz); - - // printf("Load segment p_offset = %lx\n", woody->Phdr[i + 1].p_offset); - // printf("Load segment p_filesz = %lx\n", woody->Phdr[i + 1].p_filesz); - // printf("Load segment p_memsz = %lx\n", woody->Phdr[i + 1].p_memsz); - - // printf("text section sh_offset = %lx\n", woody->text_section->sh_offset); - // printf("text section sh_size = %lx\n", woody->text_section->sh_size); - // printf("text section sh_addr = %lx\n", woody->text_section->sh_addr); - if (code_cave_size < payload->len) // inverse here to test the other technique { printf("create code_Cave %ld\n", code_cave_size); @@ -208,7 +222,7 @@ void inject(t_elf_content *woody) printf("%ld\n", woody->Phdr[i].p_align); (void)payload_position; insert_payload(woody, payload, payload_position, i); - //woody->Ehdr->e_entry = payload_position; + woody->Ehdr->e_entry = payload_position; printf("New entry = %ld (%lx)\n", woody->Ehdr->e_entry, woody->Ehdr->e_entry); printf("Load segment p_filesz = %lx\n", woody->Phdr[i].p_filesz); printf("Load segment p_memsz = %lx\n", woody->Phdr[i].p_memsz); @@ -236,12 +250,16 @@ int get_elf_sections(t_elf_content *woody) if (woody->Shdr[i].sh_type == SHT_PROGBITS && (woody->Shdr[i].sh_flags & SHF_EXECINSTR) && (woody->Shdr[i].sh_flags & SHF_ALLOC)) { woody->text_section = fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff + (i * sizeof(Elf64_Shdr)), sizeof(Elf64_Shdr)); } + } if (woody->symbols_table == NULL || woody->text_section == NULL) return EXIT_FAILURE; //Not sure about this woody->symbols = (Elf64_Sym *)fetch(woody->file, woody->file_size, woody->symbols_table->sh_offset, sizeof(Elf64_Sym)); if (woody->symbols == NULL) return EXIT_FAILURE;//Not sure about this + woody->Sshstrtab = (char *)fetch(woody->file, woody->file_size, woody->Shdr[woody->Ehdr->e_shstrndx].sh_offset, 0); + if (woody->Sshstrtab == NULL) + return EXIT_FAILURE; //Not sure about this woody->num_symbols = get_symbols_count(woody->symbols_table->sh_size, woody->symbols_table->sh_entsize); if (!fetch(woody->file, woody->file_size, woody->symbols_table->sh_offset + (sizeof(Elf64_Sym) * (woody->num_symbols)), 0)) return EXIT_FAILURE;