Merge branch 'debug-double-packing'

2024-04-17 09:02:51 +02:00 · 2024-04-17 09:02:51 +02:00 · d7668b88a8
parent d1c86e7165 c04078e5a2
commit d7668b88a8
5 changed files with 16 additions and 11 deletions
--- a/gen_payload.sh
+++ b/gen_payload.sh
@ -0,0 +1 @@
+nasm -f elf64 -o print.o print.s && ld -o print print.o && nasm -f bin -o payload print.s && hexdump -v -e '"\\\x\" 1/1 "%02x"' payload
--- a/includes/woody.h
+++ b/includes/woody.h
@ -49,3 +49,4 @@ int prepare_injection(t_elf_content *woody);
 void encrypt(char *file, unsigned long int offset, unsigned long int size);

 #endif
+
--- a/print.s
+++ b/print.s
@ -9,7 +9,7 @@ _start:

 		mov rdi, 1
 		lea     rsi, [rel msg]
-		mov rdx, 10
+		mov rdx, 14
 		mov rax, 1
 		syscall
 	    pop rdx
@ -17,6 +17,7 @@ _start:
        pop rdi
        pop rax
        jmp 0x00000000
-		msg     db "..WOODY..",10
+
+		msg     db "....WOODY....",10
 		text_section      dq 0xbabababababababa
 		section_sisze     dq 0xcacacacacacacaca
--- a/srcs/main.c
+++ b/srcs/main.c
@ -43,3 +43,4 @@ int main(int ac, char **av)
 		return ret;
 	return prepare_injection(&woody);
 }
+
--- a/srcs/woody.c
+++ b/srcs/woody.c
@ -1,6 +1,5 @@
 #include "../includes/woody.h"

-
 int elf_magic_numbers(char *str)
 {
 	return (!ft_strncmp(str, ELFMAG, SELFMAG));
@ -111,7 +110,7 @@ int	insert_payload(t_elf_content *woody, t_payload *payload, size_t payload_posi
 		printf("the jump = %ld\n", payload->len - 16);

 		int32_t jmp_index = ptr_jmp - payload->payload;
-		int32_t jump_value = (payload_position - woody->Ehdr->e_entry + jmp_index - 1) * -1;
+		int32_t jump_value = ((payload_position + jmp_index + 5) - woody->Ehdr->e_entry) * -1; // 5 = JUMP SIZE (OPCODE + 4 bytes operand)
 		ft_memcpy(&payload->payload[jmp_index + 1], &jump_value, sizeof(jump_value));

 		int64_t text_index = ptr_text_section - payload->payload;
@ -127,7 +126,7 @@ int	insert_payload(t_elf_content *woody, t_payload *payload, size_t payload_posi
 		printf("Old entry : %ld (%lx)\n", woody->Ehdr->e_entry, woody->Ehdr->e_entry);
 		printf("Code cave start = %ld (%lx)\n", payload_position, payload_position);
 		printf("Payload size = %ld (%lx)\n", payload->len, payload->len);
-		printf("Backwar d offset = %d (%x)(%x)\n", jump_value, jump_value, -jump_value);
+		printf("Backward offset = %d (%x)(%x)\n", jump_value, jump_value, -jump_value);
 		return EXIT_SUCCESS;
 	}
 	return EXIT_FAILURE;
@ -205,6 +204,7 @@ int get_elf_sections(t_elf_content *woody)
 		    break;
 		}
 	}
+
 	return EXIT_SUCCESS;
 }

@ -224,3 +224,4 @@ int prepare_injection(t_elf_content *woody)
 	free(woody_file);
 	return EXIT_SUCCESS;
 }
+
				`@ -0,0 +1 @@`
				`nasm -f elf64 -o print.o print.s && ld -o print print.o && nasm -f bin -o payload print.s && hexdump -v -e '"\\\x\" 1/1 "%02x"' payload`