it works time to clean up
This commit is contained in:
parent
c7862e2781
commit
e9e29568fc
|
|
@ -1,6 +1,7 @@
|
|||
{
|
||||
"files.associations": {
|
||||
"stdio.h": "c",
|
||||
"mman.h": "c"
|
||||
"mman.h": "c",
|
||||
"stdint.h": "c"
|
||||
}
|
||||
}
|
||||
|
|
@ -41,6 +41,7 @@ SRCS = $(SRCS_PATH)ft_atoi.c \
|
|||
$(SRCS_PATH)ft_bzero.c \
|
||||
$(SRCS_PATH)ft_strdup.c \
|
||||
$(SRCS_PATH)ft_strnstr.c \
|
||||
$(SRCS_PATH)ft_strnstr_nullterminated.c \
|
||||
$(SRCS_PATH)ft_calloc.c \
|
||||
$(SRCS_PATH)ft_substr.c \
|
||||
$(SRCS_PATH)ft_strjoin.c \
|
||||
|
|
|
|||
|
|
@ -0,0 +1,17 @@
|
|||
#include "libft.h"
|
||||
|
||||
char *ft_strnstr_nullterminated(const char *big, const char *little, size_t len)
|
||||
{
|
||||
size_t len_l;
|
||||
|
||||
if (*little == 0)
|
||||
return ((char *)big);
|
||||
len_l = ft_strlen(little);
|
||||
while (len-- >= len_l)
|
||||
{
|
||||
if (*big == *little && ft_strncmp(big, little, len_l) == 0)
|
||||
return ((char *)big);
|
||||
big++;
|
||||
}
|
||||
return (NULL);
|
||||
}
|
||||
|
|
@ -37,6 +37,7 @@ int ft_strncmp(const char *s1, const char *s2, size_t n);
|
|||
size_t ft_strlcpy(char *dst, const char *src, size_t size);
|
||||
size_t ft_strlcat(char *dst, const char *src, size_t size);
|
||||
char *ft_strnstr(const char *big, const char *little, size_t len);
|
||||
char *ft_strnstr_nullterminated(const char *big, const char *little, size_t len);
|
||||
int ft_atoi(const char *nptr);
|
||||
char *ft_substr(char const *s, unsigned int start, size_t len);
|
||||
char *ft_strjoin(char const *s1, char const *s2);
|
||||
|
|
@ -55,6 +56,7 @@ void *ft_calloc(size_t nmemb, size_t size);
|
|||
char *ft_convert_base(char *nbr, char *base_from, char *base_to);
|
||||
char *ft_u_convert(char *nbr, char *base_from, char *base_to);
|
||||
void ft_rev_int_tab(char *tab, int size);
|
||||
|
||||
typedef struct s_list
|
||||
{
|
||||
void *content;
|
||||
|
|
|
|||
|
|
@ -12,6 +12,10 @@
|
|||
#include <sys/mman.h>
|
||||
#include <fcntl.h>
|
||||
#include <elf.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#define PAYLOAD "\x50\x57\x56\x52\x53\x31\xc0\x99\xb2\x0a\xff\xc0\x89\xc7\x48\x8d\x35\x0c\x00\x00\x00\x0f\x05\x5b\x5a\x5e\x5f\x58\xe9\xdf\xff\xff\xff\x2e\x2e\x57\x4f\x4f\x44\x59\x2e\x2e\x0a"
|
||||
#define JUMP "\xe9\xdf\xff\xff\xff";
|
||||
|
||||
typedef struct efl_content
|
||||
{
|
||||
|
|
|
|||
5
print.s
5
print.s
|
|
@ -8,6 +8,7 @@ _start:
|
|||
push rsi
|
||||
push rdx
|
||||
push rbx
|
||||
|
||||
xor eax, eax
|
||||
cdq
|
||||
mov dl, 10
|
||||
|
|
@ -15,14 +16,12 @@ _start:
|
|||
mov edi, eax
|
||||
lea rsi, [rel msg]
|
||||
syscall
|
||||
pop rdx
|
||||
|
||||
pop rbx
|
||||
pop rdx
|
||||
pop rsi
|
||||
pop rdi
|
||||
pop rax
|
||||
ret
|
||||
jmp 0x00000000
|
||||
|
||||
msg db "..WOODY..",10
|
||||
|
||||
|
|
|
|||
37
srcs/woody.c
37
srcs/woody.c
|
|
@ -1,7 +1,5 @@
|
|||
#include "../includes/woody.h"
|
||||
|
||||
#define CODE_MACRO "\x50\x57\x56\x52\x53\x31\xc0\x99\xb2\x0a\xff\xc0\x89\xc7\x48\x8d\x35\x09\x00\x00\x00\x0f\x05\x5a\x5b\x5a\x5e\x5f\x58\xc3\x2e\x2e\x57\x4f\x4f\x44\x59\x2e\x2e\x0a"
|
||||
char jmp[] = "\xe9\x00\x00\x00\x00";
|
||||
|
||||
int elf_magic_numbers(char *str)
|
||||
{
|
||||
|
|
@ -57,6 +55,18 @@ int get_load_segment(t_efl_content *woody, int start, bool executable)
|
|||
return -1;
|
||||
}
|
||||
|
||||
|
||||
int32_t find_jmp(char *code, size_t len)
|
||||
{
|
||||
char *jump = JUMP;
|
||||
char *ptr = ft_strnstr_nullterminated(code, jump, len);
|
||||
if (ptr)
|
||||
{
|
||||
return ptr - code;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
void find_cave(t_efl_content *woody)
|
||||
{
|
||||
woody->Phdr = (Elf64_Phdr *)secure_jump(woody->file, woody->file_size, woody->Ehdr->e_phoff, sizeof(Elf64_Phdr));
|
||||
|
|
@ -69,21 +79,32 @@ void find_cave(t_efl_content *woody)
|
|||
printf("code_cave_start = %lx, virtual adress = %lx\n", woody->Phdr[i].p_offset, woody->Phdr[i].p_vaddr);
|
||||
printf("code_cave_size = %lx\n", woody->Phdr[j].p_offset - (woody->Phdr[i].p_offset + woody->Phdr[i].p_filesz));
|
||||
|
||||
Elf64_Off payload_off = woody->Phdr[i].p_offset + woody->Phdr[i].p_memsz;
|
||||
|
||||
Elf64_Off payload_off = woody->Phdr[i].p_offset + woody->Phdr[i].p_filesz;
|
||||
size_t len = sizeof(PAYLOAD) - 1;
|
||||
char payload[] = PAYLOAD;
|
||||
int32_t jmp = find_jmp(payload, len);
|
||||
|
||||
printf("%ld\n", (long int)payload[jmp + 1]);
|
||||
int32_t test = ((payload_off + len) - woody->Ehdr->e_entry) * -1;
|
||||
|
||||
size_t len = sizeof(CODE_MACRO) - 1;
|
||||
ft_memcpy(woody->file + payload_off, CODE_MACRO, len);
|
||||
ft_memcpy(&payload[jmp + 1], &test, sizeof(test));
|
||||
|
||||
ft_memcpy(woody->file + payload_off, payload, len);
|
||||
|
||||
printf("old entry : %lx\n", woody->Ehdr->e_entry);
|
||||
woody->Ehdr->e_entry = woody->Phdr[i].p_vaddr + woody->Phdr[i].p_filesz;
|
||||
printf("backward offset = %ld\n", (payload_off + len) - woody->Ehdr->e_entry);
|
||||
woody->Ehdr->e_entry = payload_off;
|
||||
woody->Phdr[i].p_filesz += len;
|
||||
woody->Phdr[i].p_memsz += len;
|
||||
|
||||
|
||||
printf("new entry = %lx\n", woody->Ehdr->e_entry);
|
||||
|
||||
printf("e_entry = %lx\n", woody->Ehdr->e_entry);
|
||||
printf("p_filesz = %lx\n", woody->Phdr[i].p_filesz);
|
||||
printf("p_memsz = %lx\n", woody->Phdr[i].p_memsz);
|
||||
woody->file_size += len;
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -148,6 +169,6 @@ int inject(t_efl_content *woody)
|
|||
ft_memcpy(woody_file, woody->file, woody->file_size);
|
||||
|
||||
// encrypt_zone(woody_file, strtab_header->sh_offset , strtab_header->sh_size);
|
||||
|
||||
munmap(woody_file, woody->file_size);
|
||||
return save_elf("woody", woody_file, woody->file_size);
|
||||
}
|
||||
Loading…
Reference in New Issue