it works time to clean up

2024-02-21 13:13:17 +01:00 · 2024-02-21 13:13:17 +01:00 · e9e29568fc
parent c7862e2781
commit e9e29568fc
10 changed files with 57 additions and 12 deletions
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@ -1,6 +1,7 @@
 {
 	"files.associations": {
 		"stdio.h": "c",
-		"mman.h": "c"
+		"mman.h": "c",
 		"stdint.h": "c"
 	}
 }
--- a/a.out
+++ b/a.out
--- a/ft_printf/libft/Makefile
+++ b/ft_printf/libft/Makefile
@ -41,6 +41,7 @@ SRCS  =		$(SRCS_PATH)ft_atoi.c \
 			$(SRCS_PATH)ft_bzero.c \
 			$(SRCS_PATH)ft_strdup.c \
 			$(SRCS_PATH)ft_strnstr.c \
 			$(SRCS_PATH)ft_strnstr_nullterminated.c \
 			$(SRCS_PATH)ft_calloc.c \
 			$(SRCS_PATH)ft_substr.c \
 			$(SRCS_PATH)ft_strjoin.c \
--- a/ft_printf/libft/ft_strnstr_nullterminated.c
+++ b/ft_printf/libft/ft_strnstr_nullterminated.c
@ -0,0 +1,17 @@
 #include "libft.h"
 char	*ft_strnstr_nullterminated(const char *big, const char *little, size_t len)
 {
 	size_t	len_l;
 	if (*little == 0)
 		return ((char *)big);
 	len_l = ft_strlen(little);
 	while (len-- >= len_l)
 	{
 		if (*big == *little && ft_strncmp(big, little, len_l) == 0)
 			return ((char *)big);
 		big++;
 	}
 	return (NULL);
 }
--- a/ft_printf/libft/libft.h
+++ b/ft_printf/libft/libft.h
@ -37,6 +37,7 @@ int				ft_strncmp(const char *s1, const char *s2, size_t n);
 size_t			ft_strlcpy(char *dst, const char *src, size_t size);
 size_t			ft_strlcat(char *dst, const char *src, size_t size);
 char			*ft_strnstr(const char *big, const char *little, size_t len);
 char			*ft_strnstr_nullterminated(const char *big, const char *little, size_t len);
 int				ft_atoi(const char *nptr);
 char			*ft_substr(char const *s, unsigned int start, size_t len);
 char			*ft_strjoin(char const *s1, char const *s2);
@ -55,6 +56,7 @@ void			*ft_calloc(size_t nmemb, size_t size);
 char			*ft_convert_base(char *nbr, char *base_from, char *base_to);
 char			*ft_u_convert(char *nbr, char *base_from, char *base_to);
 void			ft_rev_int_tab(char *tab, int size);
 typedef struct	s_list
 {
 	void			*content;
--- a/includes/woody.h
+++ b/includes/woody.h
@ -12,6 +12,10 @@
 #include <sys/mman.h>
 #include <fcntl.h>
 #include <elf.h>
 #include <stdint.h>
 #define PAYLOAD "\x50\x57\x56\x52\x53\x31\xc0\x99\xb2\x0a\xff\xc0\x89\xc7\x48\x8d\x35\x0c\x00\x00\x00\x0f\x05\x5b\x5a\x5e\x5f\x58\xe9\xdf\xff\xff\xff\x2e\x2e\x57\x4f\x4f\x44\x59\x2e\x2e\x0a"
 #define JUMP "\xe9\xdf\xff\xff\xff";
 typedef struct efl_content
 {
--- a/BIN
+++ b/BIN
--- a/BIN
+++ b/BIN
--- a/print.s
+++ b/print.s
@ -8,6 +8,7 @@ _start:
 		push rsi
 		push rdx
 		push rbx
        xor     eax, eax
        cdq
        mov     dl, 10
@ -15,14 +16,12 @@ _start:
        mov     edi, eax
        lea     rsi, [rel msg]
        syscall
 		pop rdx
 		pop rbx
 		pop rdx
 		pop rsi
 		pop rdi
 		pop rax
-		ret
+		jmp 0x00000000
 msg     db "..WOODY..",10
--- a/srcs/woody.c
+++ b/srcs/woody.c
@ -1,7 +1,5 @@
 #include "../includes/woody.h"
 #define CODE_MACRO "\x50\x57\x56\x52\x53\x31\xc0\x99\xb2\x0a\xff\xc0\x89\xc7\x48\x8d\x35\x09\x00\x00\x00\x0f\x05\x5a\x5b\x5a\x5e\x5f\x58\xc3\x2e\x2e\x57\x4f\x4f\x44\x59\x2e\x2e\x0a"
 char jmp[] = "\xe9\x00\x00\x00\x00";
 int elf_magic_numbers(char *str)
 {
@ -57,6 +55,18 @@ int	get_load_segment(t_efl_content *woody, int start, bool executable)
 	return -1;
 }
 int32_t find_jmp(char *code, size_t len)
 {
 	char *jump = JUMP;
 	char *ptr = ft_strnstr_nullterminated(code, jump, len);
 	if (ptr)
 	{
 		return ptr - code;
 	}
 	return 0;
 }
 void	find_cave(t_efl_content *woody)
 {
 	woody->Phdr = (Elf64_Phdr *)secure_jump(woody->file, woody->file_size, woody->Ehdr->e_phoff, sizeof(Elf64_Phdr));
@ -69,21 +79,32 @@ void	find_cave(t_efl_content *woody)
 	printf("code_cave_start = %lx, virtual adress = %lx\n", woody->Phdr[i].p_offset, woody->Phdr[i].p_vaddr);
 	printf("code_cave_size = %lx\n", woody->Phdr[j].p_offset - (woody->Phdr[i].p_offset + woody->Phdr[i].p_filesz));
 	Elf64_Off payload_off = woody->Phdr[i].p_offset + woody->Phdr[i].p_memsz;
-	Elf64_Off payload_off = woody->Phdr[i].p_offset + woody->Phdr[i].p_filesz;
+    size_t len = sizeof(PAYLOAD) - 1;
 	char payload[] = PAYLOAD;
 	int32_t jmp = find_jmp(payload, len);
 	printf("%ld\n", (long int)payload[jmp + 1]);
 	int32_t test = ((payload_off + len) - woody->Ehdr->e_entry) * -1;
-    size_t len = sizeof(CODE_MACRO) - 1;
+	ft_memcpy(&payload[jmp + 1], &test, sizeof(test));
-	ft_memcpy(woody->file + payload_off, CODE_MACRO, len);
+
 	ft_memcpy(woody->file + payload_off, payload, len);
 	printf("old entry : %lx\n", woody->Ehdr->e_entry);
-	woody->Ehdr->e_entry = woody->Phdr[i].p_vaddr +  woody->Phdr[i].p_filesz;
+	printf("backward offset = %ld\n", (payload_off + len) - woody->Ehdr->e_entry);
 	woody->Ehdr->e_entry = payload_off;
 	woody->Phdr[i].p_filesz += len;
 	woody->Phdr[i].p_memsz += len;
 	printf("new entry = %lx\n", woody->Ehdr->e_entry);
 	printf("e_entry = %lx\n", woody->Ehdr->e_entry);
 	printf("p_filesz = %lx\n", woody->Phdr[i].p_filesz);
 	printf("p_memsz = %lx\n", woody->Phdr[i].p_memsz);
 	woody->file_size += len;
 }
@ -148,6 +169,6 @@ int inject(t_efl_content *woody)
 	ft_memcpy(woody_file, woody->file, woody->file_size);
 	// encrypt_zone(woody_file, strtab_header->sh_offset , strtab_header->sh_size);
-	
+	munmap(woody_file, woody->file_size);
 	return save_elf("woody", woody_file, woody->file_size);
 }