From b1675739253af69a696a11c43f9aa3b0e35cdea9 Mon Sep 17 00:00:00 2001 From: pbonilla Date: Thu, 23 May 2024 13:37:43 +0200 Subject: [PATCH] Refactoring : code cave creation --- includes/woody.h | 1 - srcs/woody.c | 32 ++++++++++++++------------------ 2 files changed, 14 insertions(+), 19 deletions(-) diff --git a/includes/woody.h b/includes/woody.h index 0833ae4..e04b480 100644 --- a/includes/woody.h +++ b/includes/woody.h @@ -36,7 +36,6 @@ typedef struct elf_content Elf64_Ehdr *Ehdr; Elf64_Phdr *Phdr; Elf64_Shdr *Shdr; - char *extra_data; } t_elf_content; // utils.c diff --git a/srcs/woody.c b/srcs/woody.c index 580758c..d5557c7 100644 --- a/srcs/woody.c +++ b/srcs/woody.c @@ -49,7 +49,10 @@ void offset_sections(t_elf_content *woody, unsigned int from, unsigned int offse for (int i = 0; i < woody->Ehdr->e_phnum; i++) { if (woody->Phdr[i].p_offset > from) + { woody->Phdr[i].p_offset += offset_ammount; + woody->Phdr[i].p_flags = PF_X | PF_W | PF_R; + } } for (int i = 0; i < woody->Ehdr->e_shnum; i++) { @@ -58,25 +61,23 @@ void offset_sections(t_elf_content *woody, unsigned int from, unsigned int offse } } -size_t create_codecave(t_elf_content *woody, Elf64_Phdr *load_segment, t_payload *payload) +void create_codecave(t_elf_content *woody, t_payload *payload, size_t payload_position) { const unsigned int page_size = 4096; // getpagesize(); not authorized unsigned int padding_size = ((payload->len / page_size) + 1) * page_size; - unsigned int codecave_start = load_segment->p_offset + load_segment->p_filesz; - offset_sections(woody, codecave_start, padding_size); + offset_sections(woody, payload_position, padding_size); char *new_woody = malloc(woody->file_size + padding_size); if (!new_woody) - return 0; - ft_memcpy(new_woody, woody->file, codecave_start); - ft_bzero(new_woody + codecave_start, padding_size); - ft_memcpy(new_woody + codecave_start + padding_size, woody->file + codecave_start, woody->file_size - codecave_start); + return ; + ft_memcpy(new_woody, woody->file, payload_position); + ft_bzero(new_woody + payload_position, padding_size); + ft_memcpy(new_woody + payload_position + padding_size, woody->file + payload_position, woody->file_size - payload_position); munmap(woody->file, woody->file_size); woody->file = new_woody; woody->file_size += padding_size; woody->Ehdr = (Elf64_Ehdr *)new_woody; woody->Phdr = (Elf64_Phdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_phoff, sizeof(Elf64_Phdr)); woody->Shdr = (Elf64_Shdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, sizeof(Elf64_Shdr)); - return codecave_start; } t_payload *get_payload() @@ -136,18 +137,13 @@ void inject(t_elf_content *woody) int j = get_load_segment(woody, i + 1, false); size_t code_cave_size = woody->Phdr[j].p_offset - (woody->Phdr[i].p_offset + woody->Phdr[i].p_filesz); - size_t payload_position; - printf("load position = : %ld (%lx)\n", woody->Phdr[i].p_offset, woody->Phdr[i].p_offset); - printf("load size = : %ld (%lx)\n", woody->Phdr[i].p_filesz, woody->Phdr[i].p_filesz); - if (code_cave_size > payload->len) // inverse here to test the other technique + size_t payload_position = woody->Phdr[i].p_offset + woody->Phdr[i].p_filesz; + + if (code_cave_size < payload->len) // inverse here to test the other technique { - payload_position = woody->Phdr[i].p_offset + woody->Phdr[i].p_memsz; - printf("Code_cave_size = %ld (%lx)\n", code_cave_size, code_cave_size); - } - else - { - payload_position = create_codecave(woody, &woody->Phdr[i], payload); + create_codecave(woody, payload, payload_position); } + encrypt(woody->file, woody->Phdr[i].p_offset, woody->Phdr[i].p_memsz); insert_payload(woody, payload, payload_position, i);