8 changed files with 80 additions and 107 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,7 +1,4 @@
 *.o
 *.a
 woody_woodpacker
-woody
-asm
-payload
-print
+woody
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@ -0,0 +1,8 @@
+{
+	"files.associations": {
+		"stdio.h": "c",
+		"mman.h": "c",
+		"stdint.h": "c",
+		"compare": "c"
+	}
+}
--- a/includes/woody.h
+++ b/includes/woody.h
@ -15,8 +15,6 @@
 #include <stdint.h>

 #define JUMP "\xe9"
-#define TEXT_OFFSET "\xba\xba\xba\xba\xba\xba\xba\xba"
-#define SECTION_SIZE "\xca\xca\xca\xca\xca\xca\xca\xca"

 typedef struct payload
 {
@ -24,7 +22,7 @@ typedef struct payload
 	size_t len;
 }	t_payload;

-typedef struct elf_content
+typedef struct efl_content
 {
 	long unsigned int file_size;
 	char *file_path;
@ -32,18 +30,15 @@ typedef struct elf_content
 	Elf64_Ehdr *Ehdr;
 	Elf64_Phdr *Phdr;
 	Elf64_Shdr *Shdr;
-	Elf64_Shdr *text_section;
 	char *extra_data;
-} t_elf_content;
+} t_efl_content;

 // utils.c
 void *fetch(char *file, unsigned long file_size, unsigned long offset_to_data, unsigned long supposed_data_size);
 int ft_put_error(char *str);
-char *get_string(char *str, char *end_file);
-int	get_symbols_count(int sh_size, int sh_entsize);

 // woody.c
-int prepare_injection(t_elf_content *woody);
+int prepare_injection(t_efl_content *woody);

 // encrypt.c
 void encrypt(char *file, unsigned long int offset, unsigned long int size);
--- a/print.s
+++ b/print.s
@ -7,16 +7,21 @@ _start:
 		push rsi
 		push rdx

+		mov rdi, 1
+		mov rdi, 1
+		mov rdi, 1
+		mov rdi, 1
+		mov rdi, 1
 		mov rdi, 1
 		lea     rsi, [rel msg]
 		mov rdx, 10
 		mov rax, 1
 		syscall
+
 	    pop rdx
        pop rsi
        pop rdi
        pop rax
        jmp 0x00000000
+
 		msg     db "..WOODY..",10
-		text_section      dq 0xbabababababababa
-		section_sisze     dq 0xcacacacacacacaca
--- a/srcs/encrypt.c
+++ b/srcs/encrypt.c
@ -5,7 +5,7 @@ void	encrypt(char *file, unsigned long int offset, unsigned long int size)
 	size_t i = 0;
 	while (i < size)
 	{
-		file[offset + i] = file[offset + i] + 1;
+		file[offset + i] = 0;
 		++i;
 	}
 }
--- a/srcs/main.c
+++ b/srcs/main.c
@ -1,6 +1,6 @@
 #include "../includes/woody.h"

-int get_elf_file(t_elf_content *woody)
+int get_elf_file(t_efl_content *woody)
 {
 	int fd;
 	off_t off;
@ -20,7 +20,7 @@ int get_elf_file(t_elf_content *woody)
    }
 	woody->file_size = off;
 	woody->file = mmap(NULL, woody->file_size, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE, fd, 0);
-    if (woody->file == MAP_FAILED)
+    if (woody->file  == MAP_FAILED)
 	{
 		close(fd);
 		ft_printf("Error: Failed to map file \'%s\'\n", woody->file_path);
@ -32,7 +32,7 @@ int get_elf_file(t_elf_content *woody)

 int main(int ac, char **av)
 {
-	t_elf_content woody;
+	t_efl_content woody;
 	if (ac != 2)
 	{
 		return ft_put_error("Woody_woodpacker take 1 argument\n");
--- a/srcs/utils.c
+++ b/srcs/utils.c
@ -7,26 +7,6 @@ void	*fetch(char *file, unsigned long file_size, unsigned long offset_to_data, u
 	return NULL;
 }

-int	get_symbols_count(int sh_size, int sh_entsize)
-{
-	if (sh_size <= 0 || sh_entsize <= 0)
-		return 0;
-	return (sh_size / sh_entsize);
-}
-
-char *get_string(char *str, char *end_file)
-{
-	char *search_end = str;
-	while (search_end < end_file)
-	{
-		if (*search_end == 0)
-			return str;
-		++search_end;
-
-	}
-	return NULL;
-}
-
 int ft_put_error(char *str)
 {
 	ft_putstr_fd("Error: ", STDERR_FILENO);
--- a/srcs/woody.c
+++ b/srcs/woody.c
@ -6,7 +6,7 @@ int elf_magic_numbers(char *str)
 	return (!ft_strncmp(str, ELFMAG, SELFMAG));
 }

-int save_elf(char *path, char *file, unsigned long int size)
+int		save_elf(char *path, char *file, unsigned long int size)
 {
 	int fd = open(path, O_CREAT | O_WRONLY | O_TRUNC, 0755);
    if (fd == -1) {
@ -27,7 +27,7 @@ int save_elf(char *path, char *file, unsigned long int size)
 	return EXIT_SUCCESS;
 }

-int	get_load_segment(t_elf_content *woody, int start, bool executable)
+int	get_load_segment(t_efl_content *woody, int start, bool executable)
 {
 	for (int i = start; i < woody->Ehdr->e_phnum; i++)
 	{
@ -45,7 +45,7 @@ int	get_load_segment(t_elf_content *woody, int start, bool executable)
 	return -1;
 }

-void offset_sections(t_elf_content *woody, unsigned int from, unsigned int offset_ammount)
+void offset_sections(t_efl_content *woody, unsigned int from, unsigned int offset_ammount)
 {
 	for (int i = 0; i < woody->Ehdr->e_phnum; i++)
 	{
@ -59,7 +59,7 @@ void offset_sections(t_elf_content *woody, unsigned int from, unsigned int offse
 	}
 }

-size_t	create_codecave(t_elf_content *woody, Elf64_Phdr *load_segment, t_payload *payload)
+size_t	create_codecave(t_efl_content *woody, Elf64_Phdr *load_segment, t_payload *payload)
 {
 	const unsigned int page_size = 4096; // getpagesize(); not authorized
 	unsigned int padding_size = ((payload->len / page_size) + 1) * page_size;
@ -87,55 +87,37 @@ t_payload *get_payload()
 		return NULL;
 	char buffer[1024];
 	int fd = open("payload", O_RDONLY);
-	if (fd == -1) {
-		perror("error opening payload");
-		free(payload);
-		exit(1);
-	}
 	payload->len = read(fd, buffer, 1024);
 	payload->payload = malloc(sizeof(char) * payload->len);
 	ft_memcpy(payload->payload, buffer, payload->len);
 	return payload;
 }

-int	insert_payload(t_elf_content *woody, t_payload *payload, size_t payload_position)
+int	insert_payload(t_efl_content *woody, t_payload *payload, size_t payload_position)
 {
-	char *ptr_jmp = ft_strnstr_nullterminated(payload->payload, JUMP, payload->len);
-	char *ptr_text_section = ft_strnstr_nullterminated(payload->payload, TEXT_OFFSET, payload->len);
-	char *ptr_section_size = ft_strnstr_nullterminated(payload->payload, SECTION_SIZE, payload->len);
-	if (ptr_jmp && ptr_text_section && ptr_section_size)
+	char *ptr = ft_strnstr_nullterminated(payload->payload, JUMP, payload->len);
+	if (ptr)
 	{
-		printf("test a jumo = %ld\n", ptr_jmp - payload->payload);
-		printf("test a jumo = %ld\n", ptr_jmp - payload->payload + sizeof(JUMP));
-		printf("jump base = %ld\n", payload->len);
-		printf("the jump = %ld\n", payload->len - 16);
+		int32_t jmp_index = ptr - payload->payload; 
+		int32_t jump_value = ((payload_position + payload->len) - woody->Ehdr->e_entry) * -1;

-		int32_t jmp_index = ptr_jmp - payload->payload;
-		int32_t jump_value = (payload_position - woody->Ehdr->e_entry + jmp_index - 1) * -1;
 		ft_memcpy(&payload->payload[jmp_index + 1], &jump_value, sizeof(jump_value));
-
-		int64_t text_index = ptr_text_section - payload->payload;
-		int64_t text_value = (payload_position - woody->text_section->sh_offset + text_index - 1) * -1;
-		text_value = 0;
-		ft_memcpy(&payload->payload[text_index], &text_value, sizeof(text_value));
-		
-		int64_t section_index = ptr_section_size - payload->payload;
-		int64_t section_value = (payload_position - woody->text_section->sh_size + section_index - 1) * -1;
-		ft_memcpy(&payload->payload[section_index], &section_value, sizeof(section_value));
-
 		ft_memcpy(woody->file + payload_position, payload->payload, payload->len);
+
 		printf("Old entry : %ld (%lx)\n", woody->Ehdr->e_entry, woody->Ehdr->e_entry);
 		printf("Code cave start = %ld (%lx)\n", payload_position, payload_position);
 		printf("Payload size = %ld (%lx)\n", payload->len, payload->len);
-		printf("Backwar d offset = %d (%x)(%x)\n", jump_value, jump_value, -jump_value);
+		printf("Backwar d offset = %d (%x)\n", jump_value, jump_value);
+		
 		return EXIT_SUCCESS;
 	}
 	return EXIT_FAILURE;
 }

-void	inject(t_elf_content *woody)
+void	inject(t_efl_content *woody)
 {
 	t_payload *payload = get_payload();
+
 	int i = get_load_segment(woody, 0, true);	
 	int j = get_load_segment(woody, i + 1, false);
 	
@ -143,6 +125,7 @@ void	inject(t_elf_content *woody)
 	size_t payload_position;
 	printf("load position = : %ld (%lx)\n", woody->Phdr[i].p_offset, woody->Phdr[i].p_offset);
 	printf("load size = : %ld (%lx)\n", woody->Phdr[i].p_filesz, woody->Phdr[i].p_filesz);
+
 	if (code_cave_size > payload->len) // inverse here to test the other technique
 	{
 		payload_position = woody->Phdr[i].p_offset + woody->Phdr[i].p_memsz;
@ -157,20 +140,11 @@ void	inject(t_elf_content *woody)
 	woody->Ehdr->e_entry = payload_position;
 	woody->Phdr[i].p_filesz += payload->len;
 	woody->Phdr[i].p_memsz += payload->len;
-	woody->Phdr[i].p_flags = PF_X | PF_W | PF_R;
-	woody->text_section->sh_size += payload->len;
+
 	printf("New entry = %ld (%lx)\n", woody->Ehdr->e_entry, woody->Ehdr->e_entry);
 }

-int is_special_section_indice(uint16_t section_index) {
-  return (section_index == SHN_LOPROC || section_index == SHN_BEFORE ||
-          section_index == SHN_AFTER || section_index == SHN_HIPROC ||
-          section_index == SHN_LOOS || section_index == SHN_HIOS ||
-          section_index == SHN_ABS || section_index == SHN_COMMON ||
-          section_index == SHN_XINDEX || section_index == SHN_HIRESERVE);
-}
-
-int get_elf_sections(t_elf_content *woody)
+int get_elf_sections(t_efl_content *woody)
 {
 	woody->Ehdr = (Elf64_Ehdr *)fetch(woody->file, woody->file_size, 0, sizeof(Elf64_Ehdr));
 	if (!woody->Ehdr || !elf_magic_numbers(woody->file) || woody->Ehdr->e_ident[EI_CLASS] != ELFCLASS64)
@ -181,46 +155,60 @@ int get_elf_sections(t_elf_content *woody)
 	woody->Phdr = (Elf64_Phdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_phoff, sizeof(Elf64_Phdr));

 	woody->Shdr = (Elf64_Shdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, sizeof(Elf64_Shdr));
-	if (!woody->Shdr|| !fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, woody->Ehdr->e_shnum * sizeof(Elf64_Shdr)))
-		return EXIT_FAILURE;
+	if (woody->Shdr == NULL || !fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, woody->Ehdr->e_shnum * sizeof(Elf64_Shdr)))
+	{
+		return ft_put_error("Corrupted file");
+	}
+
+
+
+	// Elf64_Shdr *symbols_table = NULL;
+    // for (int i = 0; i < woody->Ehdr->e_shnum; i++) {
+	// 	if (Shdr[i].sh_type == SHT_SYMTAB) {
+    //         symbols_table = fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff + (i * sizeof(Elf64_Shdr)), sizeof(Elf64_Shdr));
+    //     }
+    // }
+	// if (symbols_table == NULL)
+	// 	return ft_put_error("No symbols");
+
+	// if (!fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff + (woody->Ehdr->e_shstrndx * sizeof(Elf64_Shdr)), sizeof(Elf64_Shdr)))
+	// 	return ft_put_error("Corrupted file");
+
+	// char *Sshstrtab = (char *)fetch(woody->file, woody->file_size, Shdr[woody->Ehdr->e_shstrndx].sh_offset, 0);
+	// if (Sshstrtab == NULL)
+	// 	return ft_put_error("Corrupted file");
+
+    // Elf64_Shdr *strtab_header = (Elf64_Shdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff + (symbols_table->sh_link * woody->Ehdr->e_shentsize), sizeof(Elf64_Shdr)); 
+	// if (!strtab_header)
+	// 	return ft_put_error("Corrupted file");
+
+    // char *strtab = fetch(woody->file, woody->file_size, strtab_header->sh_offset, 0);
+	// if (strtab == NULL)
+	// 	return ft_put_error("Corrupted file");
+    // Elf64_Sym *symbols = (Elf64_Sym *)fetch(woody->file, woody->file_size, symbols_table->sh_offset, sizeof(Elf64_Sym));
+	// if (symbols == NULL)
+	// 	return ft_put_error("Corrupted file");

-	if (!fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff + (woody->Ehdr->e_shstrndx * sizeof(Elf64_Shdr)), sizeof(Elf64_Shdr)))
-	{
-		return EXIT_FAILURE;
-	}
-	char *Sshstrtab = (char *)fetch(woody->file, woody->file_size, woody->Shdr[woody->Ehdr->e_shstrndx].sh_offset, 0);
-	if (Sshstrtab == NULL)
-	{
-		return EXIT_FAILURE;
-	}
-	for (int j = 0; j < woody->Ehdr->e_shnum;j++)
-	{
-		if (woody->Shdr[j].sh_name > woody->Shdr[woody->Ehdr->e_shstrndx].sh_size) return EXIT_FAILURE;
-    	if (woody->Shdr[j].sh_type == SHT_PROGBITS && woody->Shdr[j].sh_flags & SHF_EXECINSTR &&
-        woody->Shdr[j].sh_flags & SHF_ALLOC &&
-        Sshstrtab + woody->Shdr[j].sh_name < (char *)woody->file + woody->file_size &&
-        !ft_strncmp(".text\0", Sshstrtab + woody->Shdr[j].sh_name, 6))
-		{
-			woody->text_section = &woody->Shdr[j];
- 		    break;
-		}
-	}
 	return EXIT_SUCCESS;
 }

-int prepare_injection(t_elf_content *woody)
+int prepare_injection(t_efl_content *woody)
 {
 	int elf_statut = get_elf_sections(woody);
 	if (elf_statut)
 		return elf_statut;
+
 	inject(woody);
-	// encrypt(woody->file, woody->text_section->sh_offset, woody->text_section->sh_size);
+
 	char *woody_file;
 	if (!(woody_file = malloc(woody->file_size)))
 		return ft_put_error("Allocation error");
+
 	ft_memcpy(woody_file, woody->file, woody->file_size);
+
+	// encrypt(woody_file, strtab_header->sh_offset , strtab_header->sh_size);
 	munmap(woody_file, woody->file_size);
 	save_elf("woody", woody_file, woody->file_size);
 	free(woody_file);
 	return EXIT_SUCCESS;
-}
+}