diff --git a/print.s b/print.s index 4e386bd..bfc8337 100644 --- a/print.s +++ b/print.s @@ -12,11 +12,11 @@ _start: mov rdx, 10 mov rax, 1 syscall - pop rdx pop rsi pop rdi pop rax jmp 0x00000000 msg db "..WOODY..",10 + text_section dq 0xbabababababababa section_sisze dq 0xcacacacacacacaca \ No newline at end of file diff --git a/srcs/woody.c b/srcs/woody.c index 0ad2708..21176da 100644 --- a/srcs/woody.c +++ b/srcs/woody.c @@ -103,10 +103,7 @@ int insert_payload(t_elf_content *woody, t_payload *payload, size_t payload_posi char *ptr_jmp = ft_strnstr_nullterminated(payload->payload, JUMP, payload->len); char *ptr_text_section = ft_strnstr_nullterminated(payload->payload, TEXT_OFFSET, payload->len); char *ptr_section_size = ft_strnstr_nullterminated(payload->payload, SECTION_SIZE, payload->len); - (void)ptr_section_size; - (void)ptr_text_section; - printf("text_section = %ld and size = %ld\n", woody->text_section->sh_offset, woody->text_section->sh_size); - if (ptr_jmp) + if (ptr_jmp && ptr_text_section && ptr_section_size) { printf("test a jumo = %ld\n", ptr_jmp - payload->payload); printf("test a jumo = %ld\n", ptr_jmp - payload->payload + sizeof(JUMP)); @@ -115,10 +112,18 @@ int insert_payload(t_elf_content *woody, t_payload *payload, size_t payload_posi int32_t jmp_index = ptr_jmp - payload->payload; int32_t jump_value = (payload_position - woody->Ehdr->e_entry + jmp_index - 1) * -1; - ft_memcpy(&payload->payload[jmp_index + 1], &jump_value, sizeof(jump_value)); - ft_memcpy(woody->file + payload_position, payload->payload, payload->len); + int64_t text_index = ptr_text_section - payload->payload; + int64_t text_value = (payload_position - woody->text_section->sh_offset + text_index - 1) * -1; + text_value = 0; + ft_memcpy(&payload->payload[text_index], &text_value, sizeof(text_value)); + + int64_t section_index = ptr_section_size - payload->payload; + int64_t section_value = (payload_position - woody->text_section->sh_size + section_index - 1) * -1; + ft_memcpy(&payload->payload[section_index], §ion_value, sizeof(section_value)); + + ft_memcpy(woody->file + payload_position, payload->payload, payload->len); printf("Old entry : %ld (%lx)\n", woody->Ehdr->e_entry, woody->Ehdr->e_entry); printf("Code cave start = %ld (%lx)\n", payload_position, payload_position); printf("Payload size = %ld (%lx)\n", payload->len, payload->len); @@ -138,7 +143,6 @@ void inject(t_elf_content *woody) size_t payload_position; printf("load position = : %ld (%lx)\n", woody->Phdr[i].p_offset, woody->Phdr[i].p_offset); printf("load size = : %ld (%lx)\n", woody->Phdr[i].p_filesz, woody->Phdr[i].p_filesz); - if (code_cave_size > payload->len) // inverse here to test the other technique { payload_position = woody->Phdr[i].p_offset + woody->Phdr[i].p_memsz; @@ -153,7 +157,8 @@ void inject(t_elf_content *woody) woody->Ehdr->e_entry = payload_position; woody->Phdr[i].p_filesz += payload->len; woody->Phdr[i].p_memsz += payload->len; - + woody->Phdr[i].p_flags = PF_X | PF_W | PF_R; + woody->text_section->sh_size += payload->len; printf("New entry = %ld (%lx)\n", woody->Ehdr->e_entry, woody->Ehdr->e_entry); }