diff --git a/.gitignore b/.gitignore index 1fde0fe..536a1bc 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,7 @@ *.o *.a woody_woodpacker -woody \ No newline at end of file +woody +asm +payload +print diff --git a/.vscode/settings.json b/.vscode/settings.json deleted file mode 100644 index 983d135..0000000 --- a/.vscode/settings.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "files.associations": { - "stdio.h": "c", - "mman.h": "c", - "stdint.h": "c", - "compare": "c" - } -} \ No newline at end of file diff --git a/includes/woody.h b/includes/woody.h index 6ec0516..f47c5a4 100644 --- a/includes/woody.h +++ b/includes/woody.h @@ -15,6 +15,8 @@ #include #define JUMP "\xe9" +// #define TEXT_OFFSET "\xba\xba\xba\xba\xba\xba\xba\xba" +// #define SECTION_SIZE "\xca\xca\xca\xca\xca\xca\xca\xca" typedef struct payload { @@ -30,12 +32,15 @@ typedef struct elf_content Elf64_Ehdr *Ehdr; Elf64_Phdr *Phdr; Elf64_Shdr *Shdr; + Elf64_Shdr *text_section; char *extra_data; } t_elf_content; // utils.c void *fetch(char *file, unsigned long file_size, unsigned long offset_to_data, unsigned long supposed_data_size); int ft_put_error(char *str); +char *get_string(char *str, char *end_file); +int get_symbols_count(int sh_size, int sh_entsize); // woody.c int prepare_injection(t_elf_content *woody); diff --git a/print.s b/print.s index 3a557c8..c30897a 100644 --- a/print.s +++ b/print.s @@ -7,11 +7,6 @@ _start: push rsi push rdx - mov rdi, 1 - mov rdi, 1 - mov rdi, 1 - mov rdi, 1 - mov rdi, 1 mov rdi, 1 lea rsi, [rel msg] mov rdx, 10 diff --git a/srcs/.woody.c.swp b/srcs/.woody.c.swp deleted file mode 100644 index db76144..0000000 Binary files a/srcs/.woody.c.swp and /dev/null differ diff --git a/srcs/encrypt.c b/srcs/encrypt.c index d66e160..833b63a 100644 --- a/srcs/encrypt.c +++ b/srcs/encrypt.c @@ -5,7 +5,7 @@ void encrypt(char *file, unsigned long int offset, unsigned long int size) size_t i = 0; while (i < size) { - file[offset + i] = 0; + file[offset + i] = file[offset + i] + 1; ++i; } } \ No newline at end of file diff --git a/srcs/main.c b/srcs/main.c index 0e42de8..8578041 100644 --- a/srcs/main.c +++ b/srcs/main.c @@ -20,7 +20,7 @@ int get_elf_file(t_elf_content *woody) } woody->file_size = off; woody->file = mmap(NULL, woody->file_size, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE, fd, 0); - if (woody->file == MAP_FAILED) + if (woody->file == MAP_FAILED) { close(fd); ft_printf("Error: Failed to map file \'%s\'\n", woody->file_path); diff --git a/srcs/utils.c b/srcs/utils.c index db2b226..1857a26 100644 --- a/srcs/utils.c +++ b/srcs/utils.c @@ -7,6 +7,26 @@ void *fetch(char *file, unsigned long file_size, unsigned long offset_to_data, u return NULL; } +int get_symbols_count(int sh_size, int sh_entsize) +{ + if (sh_size <= 0 || sh_entsize <= 0) + return 0; + return (sh_size / sh_entsize); +} + +char *get_string(char *str, char *end_file) +{ + char *search_end = str; + while (search_end < end_file) + { + if (*search_end == 0) + return str; + ++search_end; + + } + return NULL; +} + int ft_put_error(char *str) { ft_putstr_fd("Error: ", STDERR_FILENO); diff --git a/srcs/woody.c b/srcs/woody.c index da52764..24a9728 100644 --- a/srcs/woody.c +++ b/srcs/woody.c @@ -6,7 +6,7 @@ int elf_magic_numbers(char *str) return (!ft_strncmp(str, ELFMAG, SELFMAG)); } -int save_elf(char *path, char *file, unsigned long int size) +int save_elf(char *path, char *file, unsigned long int size) { int fd = open(path, O_CREAT | O_WRONLY | O_TRUNC, 0755); if (fd == -1) { @@ -113,7 +113,6 @@ int insert_payload(t_elf_content *woody, t_payload *payload, size_t payload_posi printf("Code cave start = %ld (%lx)\n", payload_position, payload_position); printf("Payload size = %ld (%lx)\n", payload->len, payload->len); printf("Backwar d offset = %d (%x)\n", jump_value, jump_value); - return EXIT_SUCCESS; } return EXIT_FAILURE; @@ -122,7 +121,6 @@ int insert_payload(t_elf_content *woody, t_payload *payload, size_t payload_posi void inject(t_elf_content *woody) { t_payload *payload = get_payload(); - int i = get_load_segment(woody, 0, true); int j = get_load_segment(woody, i + 1, false); @@ -149,6 +147,14 @@ void inject(t_elf_content *woody) printf("New entry = %ld (%lx)\n", woody->Ehdr->e_entry, woody->Ehdr->e_entry); } +int is_special_section_indice(uint16_t section_index) { + return (section_index == SHN_LOPROC || section_index == SHN_BEFORE || + section_index == SHN_AFTER || section_index == SHN_HIPROC || + section_index == SHN_LOOS || section_index == SHN_HIOS || + section_index == SHN_ABS || section_index == SHN_COMMON || + section_index == SHN_XINDEX || section_index == SHN_HIRESERVE); +} + int get_elf_sections(t_elf_content *woody) { woody->Ehdr = (Elf64_Ehdr *)fetch(woody->file, woody->file_size, 0, sizeof(Elf64_Ehdr)); @@ -160,40 +166,30 @@ int get_elf_sections(t_elf_content *woody) woody->Phdr = (Elf64_Phdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_phoff, sizeof(Elf64_Phdr)); woody->Shdr = (Elf64_Shdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, sizeof(Elf64_Shdr)); - if (woody->Shdr == NULL || !fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, woody->Ehdr->e_shnum * sizeof(Elf64_Shdr))) + if (!woody->Shdr|| !fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, woody->Ehdr->e_shnum * sizeof(Elf64_Shdr))) + return EXIT_FAILURE; + + if (!fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff + (woody->Ehdr->e_shstrndx * sizeof(Elf64_Shdr)), sizeof(Elf64_Shdr))) { - return ft_put_error("Corrupted file"); + return EXIT_FAILURE; + } + char *Sshstrtab = (char *)fetch(woody->file, woody->file_size, woody->Shdr[woody->Ehdr->e_shstrndx].sh_offset, 0); + if (Sshstrtab == NULL) + { + return EXIT_FAILURE; + } + for (int j = 0; j < woody->Ehdr->e_shnum;j++) + { + if (woody->Shdr[j].sh_name > woody->Shdr[woody->Ehdr->e_shstrndx].sh_size) return EXIT_FAILURE; + if (woody->Shdr[j].sh_type == SHT_PROGBITS && woody->Shdr[j].sh_flags & SHF_EXECINSTR && + woody->Shdr[j].sh_flags & SHF_ALLOC && + Sshstrtab + woody->Shdr[j].sh_name < (char *)woody->file + woody->file_size && + !ft_strncmp(".text\0", Sshstrtab + woody->Shdr[j].sh_name, 6)) + { + woody->text_section = &woody->Shdr[j]; + break; + } } - - - - // Elf64_Shdr *symbols_table = NULL; - // for (int i = 0; i < woody->Ehdr->e_shnum; i++) { - // if (Shdr[i].sh_type == SHT_SYMTAB) { - // symbols_table = fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff + (i * sizeof(Elf64_Shdr)), sizeof(Elf64_Shdr)); - // } - // } - // if (symbols_table == NULL) - // return ft_put_error("No symbols"); - - // if (!fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff + (woody->Ehdr->e_shstrndx * sizeof(Elf64_Shdr)), sizeof(Elf64_Shdr))) - // return ft_put_error("Corrupted file"); - - // char *Sshstrtab = (char *)fetch(woody->file, woody->file_size, Shdr[woody->Ehdr->e_shstrndx].sh_offset, 0); - // if (Sshstrtab == NULL) - // return ft_put_error("Corrupted file"); - - // Elf64_Shdr *strtab_header = (Elf64_Shdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff + (symbols_table->sh_link * woody->Ehdr->e_shentsize), sizeof(Elf64_Shdr)); - // if (!strtab_header) - // return ft_put_error("Corrupted file"); - - // char *strtab = fetch(woody->file, woody->file_size, strtab_header->sh_offset, 0); - // if (strtab == NULL) - // return ft_put_error("Corrupted file"); - // Elf64_Sym *symbols = (Elf64_Sym *)fetch(woody->file, woody->file_size, symbols_table->sh_offset, sizeof(Elf64_Sym)); - // if (symbols == NULL) - // return ft_put_error("Corrupted file"); - return EXIT_SUCCESS; } @@ -202,16 +198,12 @@ int prepare_injection(t_elf_content *woody) int elf_statut = get_elf_sections(woody); if (elf_statut) return elf_statut; - inject(woody); - + // encrypt(woody->file, woody->text_section->sh_offset, woody->text_section->sh_size); char *woody_file; if (!(woody_file = malloc(woody->file_size))) return ft_put_error("Allocation error"); - ft_memcpy(woody_file, woody->file, woody->file_size); - - // encrypt(woody_file, strtab_header->sh_offset , strtab_header->sh_size); munmap(woody_file, woody->file_size); save_elf("woody", woody_file, woody->file_size); free(woody_file);