Compare commits
3 Commits
a0e9ccb0e3
...
9b39864ee8
Author | SHA1 | Date |
---|---|---|
pbonilla | 9b39864ee8 | |
pbonilla | 41fb358473 | |
pbonilla | 95bac7cadf |
|
@ -14,7 +14,9 @@
|
||||||
#include <elf.h>
|
#include <elf.h>
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
|
|
||||||
|
|
||||||
#define JUMP "\xe9"
|
#define JUMP "\xe9"
|
||||||
|
#define WOODY "..WOODY.."
|
||||||
#define TEXT_OFFSET "\xba\xba\xba\xba\xba\xba\xba\xba"
|
#define TEXT_OFFSET "\xba\xba\xba\xba\xba\xba\xba\xba"
|
||||||
#define SECTION_SIZE "\xca\xca\xca\xca\xca\xca\xca\xca"
|
#define SECTION_SIZE "\xca\xca\xca\xca\xca\xca\xca\xca"
|
||||||
|
|
||||||
|
|
20
print.s
20
print.s
|
@ -9,15 +9,29 @@ _start:
|
||||||
|
|
||||||
mov rdi, 1
|
mov rdi, 1
|
||||||
lea rsi, [rel msg]
|
lea rsi, [rel msg]
|
||||||
mov rdx, 14
|
mov rax, rsi
|
||||||
|
sub rax, qword [rel text_section] ;text_section address
|
||||||
|
mov r8, qword [rel section_sisze] ;text_section size
|
||||||
|
mov r9, 0 ;increment register
|
||||||
|
xor r10, r10
|
||||||
|
; encrypt:
|
||||||
|
; cmp r8, r9
|
||||||
|
; je end_encrypt
|
||||||
|
; mov r10b, byte[rax + r9]
|
||||||
|
; inc r10b ;rot + 1
|
||||||
|
; mov byte[rax + r9], r10b
|
||||||
|
; inc r9
|
||||||
|
; jmp encrypt
|
||||||
|
; end_encrypt:
|
||||||
|
mov rdx, 10
|
||||||
mov rax, 1
|
mov rax, 1
|
||||||
syscall
|
syscall
|
||||||
pop rdx
|
pop rdx
|
||||||
pop rsi
|
pop rsi
|
||||||
pop rdi
|
pop rdi
|
||||||
pop rax
|
pop rax
|
||||||
jmp 0x00000000
|
|
||||||
|
|
||||||
msg db "....WOODY....",10
|
jmp 0x00000000 ;for now it needs to be the first jmp
|
||||||
|
msg db "..WOODY..",10
|
||||||
text_section dq 0xbabababababababa
|
text_section dq 0xbabababababababa
|
||||||
section_sisze dq 0xcacacacacacacaca
|
section_sisze dq 0xcacacacacacacaca
|
||||||
|
|
|
@ -5,7 +5,7 @@ void encrypt(char *file, unsigned long int offset, unsigned long int size)
|
||||||
size_t i = 0;
|
size_t i = 0;
|
||||||
while (i < size)
|
while (i < size)
|
||||||
{
|
{
|
||||||
file[offset + i] = file[offset + i] + 1;
|
file[offset + i] = file[offset + i] - 1;
|
||||||
++i;
|
++i;
|
||||||
}
|
}
|
||||||
}
|
}
|
18
srcs/woody.c
18
srcs/woody.c
|
@ -100,29 +100,31 @@ t_payload *get_payload()
|
||||||
int insert_payload(t_elf_content *woody, t_payload *payload, size_t payload_position)
|
int insert_payload(t_elf_content *woody, t_payload *payload, size_t payload_position)
|
||||||
{
|
{
|
||||||
char *ptr_jmp = ft_strnstr_nullterminated(payload->payload, JUMP, payload->len);
|
char *ptr_jmp = ft_strnstr_nullterminated(payload->payload, JUMP, payload->len);
|
||||||
|
char *ptr_woody = ft_strnstr_nullterminated(payload->payload, WOODY, payload->len);
|
||||||
char *ptr_text_section = ft_strnstr_nullterminated(payload->payload, TEXT_OFFSET, payload->len);
|
char *ptr_text_section = ft_strnstr_nullterminated(payload->payload, TEXT_OFFSET, payload->len);
|
||||||
char *ptr_section_size = ft_strnstr_nullterminated(payload->payload, SECTION_SIZE, payload->len);
|
char *ptr_section_size = ft_strnstr_nullterminated(payload->payload, SECTION_SIZE, payload->len);
|
||||||
if (ptr_jmp && ptr_text_section && ptr_section_size)
|
if (ptr_jmp && ptr_woody && ptr_text_section && ptr_section_size)
|
||||||
{
|
{
|
||||||
printf("test a jumo = %ld\n", ptr_jmp - payload->payload);
|
int32_t woody_index = ptr_woody - payload->payload;
|
||||||
printf("test a jumo = %ld\n", ptr_jmp - payload->payload + sizeof(JUMP));
|
|
||||||
printf("jump base = %ld\n", payload->len);
|
|
||||||
printf("the jump = %ld\n", payload->len - 16);
|
|
||||||
|
|
||||||
int32_t jmp_index = ptr_jmp - payload->payload;
|
int32_t jmp_index = ptr_jmp - payload->payload;
|
||||||
int32_t jump_value = ((payload_position + jmp_index + 5) - woody->Ehdr->e_entry) * -1; // 5 = JUMP SIZE (OPCODE + 4 bytes operand)
|
int32_t jump_value = ((payload_position + jmp_index + 5) - woody->Ehdr->e_entry) * -1; // 5 = JUMP SIZE (OPCODE + 4 bytes operand)
|
||||||
ft_memcpy(&payload->payload[jmp_index + 1], &jump_value, sizeof(jump_value));
|
ft_memcpy(&payload->payload[jmp_index + 1], &jump_value, sizeof(jump_value));
|
||||||
|
|
||||||
int64_t text_index = ptr_text_section - payload->payload;
|
int64_t text_index = ptr_text_section - payload->payload;
|
||||||
int64_t text_value = (payload_position - woody->text_section->sh_offset + text_index - 1) * -1;
|
int64_t text_value = payload_position - woody->Ehdr->e_entry + woody_index;
|
||||||
text_value = 0;
|
|
||||||
ft_memcpy(&payload->payload[text_index], &text_value, sizeof(text_value));
|
ft_memcpy(&payload->payload[text_index], &text_value, sizeof(text_value));
|
||||||
|
|
||||||
int64_t section_index = ptr_section_size - payload->payload;
|
int64_t section_index = ptr_section_size - payload->payload;
|
||||||
int64_t section_value = (payload_position - woody->text_section->sh_size + section_index - 1) * -1;
|
int64_t section_value = woody->text_section->sh_size;
|
||||||
ft_memcpy(&payload->payload[section_index], §ion_value, sizeof(section_value));
|
ft_memcpy(&payload->payload[section_index], §ion_value, sizeof(section_value));
|
||||||
|
|
||||||
ft_memcpy(woody->file + payload_position, payload->payload, payload->len);
|
ft_memcpy(woody->file + payload_position, payload->payload, payload->len);
|
||||||
|
|
||||||
|
printf("jmp_index : %d (%x)\n", jmp_index, jmp_index);
|
||||||
|
printf("woody index :%d (%x)\n", woody_index, woody_index);
|
||||||
|
printf("jmp_index++ : %ld (%lx)\n", jmp_index + sizeof(JUMP) + sizeof(jump_value), jmp_index + sizeof(JUMP) + sizeof(jump_value) - 1);
|
||||||
|
printf("text_value : %ld (%lx)\n", text_value, text_value);
|
||||||
printf("Old entry : %ld (%lx)\n", woody->Ehdr->e_entry, woody->Ehdr->e_entry);
|
printf("Old entry : %ld (%lx)\n", woody->Ehdr->e_entry, woody->Ehdr->e_entry);
|
||||||
printf("Code cave start = %ld (%lx)\n", payload_position, payload_position);
|
printf("Code cave start = %ld (%lx)\n", payload_position, payload_position);
|
||||||
printf("Payload size = %ld (%lx)\n", payload->len, payload->len);
|
printf("Payload size = %ld (%lx)\n", payload->len, payload->len);
|
||||||
|
|
Loading…
Reference in New Issue