Adress to sections added to asm
This commit is contained in:
parent
8a5bfae528
commit
d1c86e7165
2
print.s
2
print.s
|
|
@ -12,11 +12,11 @@ _start:
|
|||
mov rdx, 10
|
||||
mov rax, 1
|
||||
syscall
|
||||
|
||||
pop rdx
|
||||
pop rsi
|
||||
pop rdi
|
||||
pop rax
|
||||
jmp 0x00000000
|
||||
msg db "..WOODY..",10
|
||||
text_section dq 0xbabababababababa
|
||||
section_sisze dq 0xcacacacacacacaca
|
||||
21
srcs/woody.c
21
srcs/woody.c
|
|
@ -103,10 +103,7 @@ int insert_payload(t_elf_content *woody, t_payload *payload, size_t payload_posi
|
|||
char *ptr_jmp = ft_strnstr_nullterminated(payload->payload, JUMP, payload->len);
|
||||
char *ptr_text_section = ft_strnstr_nullterminated(payload->payload, TEXT_OFFSET, payload->len);
|
||||
char *ptr_section_size = ft_strnstr_nullterminated(payload->payload, SECTION_SIZE, payload->len);
|
||||
(void)ptr_section_size;
|
||||
(void)ptr_text_section;
|
||||
printf("text_section = %ld and size = %ld\n", woody->text_section->sh_offset, woody->text_section->sh_size);
|
||||
if (ptr_jmp)
|
||||
if (ptr_jmp && ptr_text_section && ptr_section_size)
|
||||
{
|
||||
printf("test a jumo = %ld\n", ptr_jmp - payload->payload);
|
||||
printf("test a jumo = %ld\n", ptr_jmp - payload->payload + sizeof(JUMP));
|
||||
|
|
@ -115,10 +112,18 @@ int insert_payload(t_elf_content *woody, t_payload *payload, size_t payload_posi
|
|||
|
||||
int32_t jmp_index = ptr_jmp - payload->payload;
|
||||
int32_t jump_value = (payload_position - woody->Ehdr->e_entry + jmp_index - 1) * -1;
|
||||
|
||||
ft_memcpy(&payload->payload[jmp_index + 1], &jump_value, sizeof(jump_value));
|
||||
ft_memcpy(woody->file + payload_position, payload->payload, payload->len);
|
||||
|
||||
int64_t text_index = ptr_text_section - payload->payload;
|
||||
int64_t text_value = (payload_position - woody->text_section->sh_offset + text_index - 1) * -1;
|
||||
text_value = 0;
|
||||
ft_memcpy(&payload->payload[text_index], &text_value, sizeof(text_value));
|
||||
|
||||
int64_t section_index = ptr_section_size - payload->payload;
|
||||
int64_t section_value = (payload_position - woody->text_section->sh_size + section_index - 1) * -1;
|
||||
ft_memcpy(&payload->payload[section_index], §ion_value, sizeof(section_value));
|
||||
|
||||
ft_memcpy(woody->file + payload_position, payload->payload, payload->len);
|
||||
printf("Old entry : %ld (%lx)\n", woody->Ehdr->e_entry, woody->Ehdr->e_entry);
|
||||
printf("Code cave start = %ld (%lx)\n", payload_position, payload_position);
|
||||
printf("Payload size = %ld (%lx)\n", payload->len, payload->len);
|
||||
|
|
@ -138,7 +143,6 @@ void inject(t_elf_content *woody)
|
|||
size_t payload_position;
|
||||
printf("load position = : %ld (%lx)\n", woody->Phdr[i].p_offset, woody->Phdr[i].p_offset);
|
||||
printf("load size = : %ld (%lx)\n", woody->Phdr[i].p_filesz, woody->Phdr[i].p_filesz);
|
||||
|
||||
if (code_cave_size > payload->len) // inverse here to test the other technique
|
||||
{
|
||||
payload_position = woody->Phdr[i].p_offset + woody->Phdr[i].p_memsz;
|
||||
|
|
@ -153,7 +157,8 @@ void inject(t_elf_content *woody)
|
|||
woody->Ehdr->e_entry = payload_position;
|
||||
woody->Phdr[i].p_filesz += payload->len;
|
||||
woody->Phdr[i].p_memsz += payload->len;
|
||||
|
||||
woody->Phdr[i].p_flags = PF_X | PF_W | PF_R;
|
||||
woody->text_section->sh_size += payload->len;
|
||||
printf("New entry = %ld (%lx)\n", woody->Ehdr->e_entry, woody->Ehdr->e_entry);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue