Refactoring : code cave creation
This commit is contained in:
parent
2c14d6f0c5
commit
b167573925
|
|
@ -36,7 +36,6 @@ typedef struct elf_content
|
|||
Elf64_Ehdr *Ehdr;
|
||||
Elf64_Phdr *Phdr;
|
||||
Elf64_Shdr *Shdr;
|
||||
char *extra_data;
|
||||
} t_elf_content;
|
||||
|
||||
// utils.c
|
||||
|
|
|
|||
32
srcs/woody.c
32
srcs/woody.c
|
|
@ -49,7 +49,10 @@ void offset_sections(t_elf_content *woody, unsigned int from, unsigned int offse
|
|||
for (int i = 0; i < woody->Ehdr->e_phnum; i++)
|
||||
{
|
||||
if (woody->Phdr[i].p_offset > from)
|
||||
{
|
||||
woody->Phdr[i].p_offset += offset_ammount;
|
||||
woody->Phdr[i].p_flags = PF_X | PF_W | PF_R;
|
||||
}
|
||||
}
|
||||
for (int i = 0; i < woody->Ehdr->e_shnum; i++)
|
||||
{
|
||||
|
|
@ -58,25 +61,23 @@ void offset_sections(t_elf_content *woody, unsigned int from, unsigned int offse
|
|||
}
|
||||
}
|
||||
|
||||
size_t create_codecave(t_elf_content *woody, Elf64_Phdr *load_segment, t_payload *payload)
|
||||
void create_codecave(t_elf_content *woody, t_payload *payload, size_t payload_position)
|
||||
{
|
||||
const unsigned int page_size = 4096; // getpagesize(); not authorized
|
||||
unsigned int padding_size = ((payload->len / page_size) + 1) * page_size;
|
||||
unsigned int codecave_start = load_segment->p_offset + load_segment->p_filesz;
|
||||
offset_sections(woody, codecave_start, padding_size);
|
||||
offset_sections(woody, payload_position, padding_size);
|
||||
char *new_woody = malloc(woody->file_size + padding_size);
|
||||
if (!new_woody)
|
||||
return 0;
|
||||
ft_memcpy(new_woody, woody->file, codecave_start);
|
||||
ft_bzero(new_woody + codecave_start, padding_size);
|
||||
ft_memcpy(new_woody + codecave_start + padding_size, woody->file + codecave_start, woody->file_size - codecave_start);
|
||||
return ;
|
||||
ft_memcpy(new_woody, woody->file, payload_position);
|
||||
ft_bzero(new_woody + payload_position, padding_size);
|
||||
ft_memcpy(new_woody + payload_position + padding_size, woody->file + payload_position, woody->file_size - payload_position);
|
||||
munmap(woody->file, woody->file_size);
|
||||
woody->file = new_woody;
|
||||
woody->file_size += padding_size;
|
||||
woody->Ehdr = (Elf64_Ehdr *)new_woody;
|
||||
woody->Phdr = (Elf64_Phdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_phoff, sizeof(Elf64_Phdr));
|
||||
woody->Shdr = (Elf64_Shdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, sizeof(Elf64_Shdr));
|
||||
return codecave_start;
|
||||
}
|
||||
|
||||
t_payload *get_payload()
|
||||
|
|
@ -136,18 +137,13 @@ void inject(t_elf_content *woody)
|
|||
int j = get_load_segment(woody, i + 1, false);
|
||||
|
||||
size_t code_cave_size = woody->Phdr[j].p_offset - (woody->Phdr[i].p_offset + woody->Phdr[i].p_filesz);
|
||||
size_t payload_position;
|
||||
printf("load position = : %ld (%lx)\n", woody->Phdr[i].p_offset, woody->Phdr[i].p_offset);
|
||||
printf("load size = : %ld (%lx)\n", woody->Phdr[i].p_filesz, woody->Phdr[i].p_filesz);
|
||||
if (code_cave_size > payload->len) // inverse here to test the other technique
|
||||
size_t payload_position = woody->Phdr[i].p_offset + woody->Phdr[i].p_filesz;
|
||||
|
||||
if (code_cave_size < payload->len) // inverse here to test the other technique
|
||||
{
|
||||
payload_position = woody->Phdr[i].p_offset + woody->Phdr[i].p_memsz;
|
||||
printf("Code_cave_size = %ld (%lx)\n", code_cave_size, code_cave_size);
|
||||
}
|
||||
else
|
||||
{
|
||||
payload_position = create_codecave(woody, &woody->Phdr[i], payload);
|
||||
create_codecave(woody, payload, payload_position);
|
||||
}
|
||||
|
||||
encrypt(woody->file, woody->Phdr[i].p_offset, woody->Phdr[i].p_memsz);
|
||||
insert_payload(woody, payload, payload_position, i);
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue