rot1 #2
|
|
@ -21,7 +21,7 @@
|
|||
|
||||
#define TEXT_OFFSET "\xba\xba\xba\xba\xba\xba\xba\xba"
|
||||
#define SECTION_SIZE "\xca\xca\xca\xca\xca\xca\xca\xca"
|
||||
|
||||
|
||||
typedef struct payload
|
||||
{
|
||||
char *payload;
|
||||
|
|
@ -36,6 +36,8 @@ typedef struct elf_content
|
|||
Elf64_Ehdr *Ehdr;
|
||||
Elf64_Phdr *Phdr;
|
||||
Elf64_Shdr *Shdr;
|
||||
Elf64_Shdr *symbols_table;
|
||||
Elf64_Sym *symbols;
|
||||
} t_elf_content;
|
||||
|
||||
// utils.c
|
||||
|
|
|
|||
31
srcs/woody.c
31
srcs/woody.c
|
|
@ -48,16 +48,28 @@ void offset_sections(t_elf_content *woody, unsigned int from, unsigned int offse
|
|||
{
|
||||
for (int i = 0; i < woody->Ehdr->e_phnum; i++)
|
||||
{
|
||||
if (woody->Phdr[i].p_offset > from)
|
||||
if (woody->Phdr[i].p_offset >= from)
|
||||
{
|
||||
woody->Phdr[i].p_offset += offset_ammount;
|
||||
woody->Phdr[i].p_flags = PF_X | PF_W | PF_R;
|
||||
woody->Phdr[i].p_vaddr += offset_ammount;
|
||||
woody->Phdr[i].p_paddr += offset_ammount;
|
||||
}
|
||||
}
|
||||
for (int i = 0; i < woody->Ehdr->e_shnum; i++)
|
||||
{
|
||||
if (woody->Shdr[i].sh_offset > from)
|
||||
if (woody->Shdr[i].sh_offset >= from)
|
||||
{
|
||||
woody->Shdr[i].sh_offset += offset_ammount;
|
||||
woody->Shdr[i].sh_addr += offset_ammount;
|
||||
}
|
||||
}
|
||||
int num_symbols = get_symbols_count(woody->symbols_table->sh_size, woody->symbols_table->sh_entsize);
|
||||
for (int i = 1; i < num_symbols; i++) {
|
||||
if (woody->symbols[i].st_value >= from)
|
||||
{
|
||||
woody->symbols[i].st_value += offset_ammount;
|
||||
}
|
||||
// printf("symbol value = %lx\n", symbols[i].st_value);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -76,6 +88,7 @@ void create_codecave(t_elf_content *woody, t_payload *payload, size_t payload_po
|
|||
woody->file = new_woody;
|
||||
woody->file_size += padding_size;
|
||||
woody->Ehdr = (Elf64_Ehdr *)new_woody;
|
||||
woody->Ehdr->e_shoff += padding_size;
|
||||
woody->Phdr = (Elf64_Phdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_phoff, sizeof(Elf64_Phdr));
|
||||
woody->Shdr = (Elf64_Shdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, sizeof(Elf64_Shdr));
|
||||
}
|
||||
|
|
@ -141,6 +154,7 @@ void inject(t_elf_content *woody)
|
|||
|
||||
if (code_cave_size < payload->len) // inverse here to test the other technique
|
||||
{
|
||||
printf("Create a codecave\n");
|
||||
create_codecave(woody, payload, payload_position);
|
||||
}
|
||||
|
||||
|
|
@ -167,6 +181,17 @@ int get_elf_sections(t_elf_content *woody)
|
|||
woody->Shdr = (Elf64_Shdr *)fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, sizeof(Elf64_Shdr));
|
||||
if (!woody->Shdr|| !fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff, woody->Ehdr->e_shnum * sizeof(Elf64_Shdr)))
|
||||
return EXIT_FAILURE;
|
||||
|
||||
for (int i = 0; i < woody->Ehdr->e_shnum; i++) {
|
||||
if (woody->Shdr[i].sh_type == SHT_SYMTAB) {
|
||||
woody->symbols_table = fetch(woody->file, woody->file_size, woody->Ehdr->e_shoff + (i * sizeof(Elf64_Shdr)), sizeof(Elf64_Shdr));
|
||||
}
|
||||
}
|
||||
if (woody->symbols_table == NULL)
|
||||
return EXIT_FAILURE; //Not sure about this
|
||||
woody->symbols = (Elf64_Sym *)fetch(woody->file, woody->file_size, woody->symbols_table->sh_offset, sizeof(Elf64_Sym));
|
||||
if (woody->symbols == NULL)
|
||||
return EXIT_FAILURE;//Not sure about this
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue