fixes #33. fixed #34. python interpreter should clean up after itself properly so maybe #32 is also sovled but i need more time to know. the stack usage for lua has been reduced so larger number of xobjs are fine now. general cleanup for executioner and bruiser. added a note regarding running obfuscators test. lua no longer needs libreadline to build. bfds test no longer needs libbfd to build.

author: bloodstalker <thabogre@gmail.com> 2018-05-18 23:35:03 +0000
committer: bloodstalker <thabogre@gmail.com> 2018-05-18 23:35:03 +0000
commit: 5de630461628e95a7460f16574242f897f874a94 (patch)
tree: e259b4ea6d6b0421fe605ffece4d98aa5baa8ccb /bfd
parent: contribution guidelines (diff)
download: mutator-5de630461628e95a7460f16574242f897f874a94.tar.gz
mutator-5de630461628e95a7460f16574242f897f874a94.zip
3 files changed, 49 insertions, 17 deletions
diff --git a/bfd/load.py b/bfd/load.py
index 1a62b04..f0941b0 100755
--- a/bfd/load.py
+++ b/bfd/load.py
@@ -83,6 +83,7 @@ class CLIArgParser(object):
         parser.add_argument("--reladyn", action='store_true', help=".rela.dyn entries", default=False)
         parser.add_argument("--relaplt", action='store_true', help=".rela.plt entries", default=False)
         parser.add_argument("--rodata", action='store_true', help="dump .rodata", default=False)
+        parser.add_argument("--disass", type=str, help="disassemblt a section")
         self.args = parser.parse_args()
         if self.args.obj is None:
             raise Exception("no object file provided. please specify an object with --obj.")
@@ -928,8 +929,8 @@ class ELF(object):
                     for byte in obj:
                         if count%16 == 0:
                             for ch in strrep:
-                                if ord(ch) > 16 and ord(ch) < 127: print(ch, end = '')
-                                else: pass
+                                if ord(ch) > 32 and ord(ch) < 127: print(ch, end = '')
+                                else: print(" ", end="")
                             print()
                             strrep = []
                             print(format(count, "06x"), ': ', end='')
@@ -941,9 +942,9 @@ class ELF(object):
                             print(format(byte, '02x') + ' ', end='')
                         count += 1
                     for i in range(0, 16-count%16): print("   ", end="")
-                    #for ch in strrep:
-                        #if ord(ch) > 63 and ord(ch) < 100: print(repr(ch), end = '')
-                        #else: pass
+                    for ch in strrep:
+                            if ord(ch) > 32 and ord(ch) < 127: print(ch, end = '')
+                            else: print(" ", end="")
                     print()
 
                 ret_dummy = []
@@ -1343,11 +1344,13 @@ class Rewriter(object):
         self.elf = ELF(so)
         self.elf.init(64)
         #shutil.copyfile(path, "/tmp/exe")
-        self.file_w = open("/tmp/exe", "wb")
         self.magic_section_number = int()
         self.new_name = new_name
+        self.shdr_new_size = []
+        self.shdr_new_offset = []
 
     def fix_section_offsets(self, section_name, new_size:int, new_section:bytes):
+        file_w = open(self.new_name, "wb")
         magic_number = int()
         for i in range(0, byte2int(self.elf.elfhdr.e_shnum)):
             name = self.elf.read_section_name(byte2int(self.elf.shhdr[i].sh_name))
@@ -1355,16 +1358,30 @@ class Rewriter(object):
                 self.magic_section_number = i
         print(self.magic_section_number)
 
+        ### copy the sections before magic_number
+        ### write in the new section
+        ### fix section headers
+
         end = int()
-        for i in range(self.magic_section_number-1, byte2int(self.elf.elfhdr.e_shnum)):
-            before = byte2int(self.elf.shhdr[i].sh_offset) + byte2int(self.elf.shhdr[i].sh_size)
-            print(before)
-            if before / byte2int(self.elf.shhdr[i].sh_addralign) == float(before / byte2int(self.elf.shhdr[i].sh_addralign)): pass
-            else:
-                end = ceil(before / byte2int(self.elf.shhdr[i].sh_addralign))
-
-    def fix_section_size(self, section_name):
-        pass
+        #for i in range(self.magic_section_number, byte2int(self.elf.elfhdr.e_shnum) + 1):
+        for i in range(0, byte2int(self.elf.elfhdr.e_shnum)):
+            if i > self.magic_section_number:
+                extra_chunk = end % byte2int(self.elf.shhdr[i].sh_addralign)
+                missing_chunk = byte2int(self.elf.shhdr[i].sh_addralign) - extra_chunk
+                assert missing_chunk > 0, "missing chunk is negative"
+                self.shdr_new_size.append(byte2int(self.elf.shhdr[i].sh_size))
+                self.shdr_new_offset.append(end + missing_chunk%byte2int(self.elf.shhdr[i].sh_addralign))
+                end = self.shdr_new_offset[-1] + self.shdr_new_size[-1]
+
+            elif i < self.magic_section_number:
+                self.shdr_new_size.append(byte2int(self.elf.shhdr[i].sh_size))
+                self.shdr_new_offset.append(byte2int(self.elf.shhdr[i].sh_offset))
+            elif i == self.magic_section_number:
+                self.shdr_new_size.append(new_size)
+                self.shdr_new_offset.append(byte2int(self.elf.shhdr[i].sh_offset))
+                end = byte2int(self.elf.shhdr[i].sh_offset) + new_size
+        for size in self.shdr_new_size: print(repr(i) + " new size is " + repr(size))
+        for offset in self.shdr_new_offset: print(repr(i) + " new offset is " + repr(offset))
 
 def premain(argparser):
     so = openSO_r(argparser.args.obj)
@@ -1409,6 +1426,17 @@ def premain(argparser):
             for i in md.disasm(bytes(code), 0x0):
                 print(hex(i.address).ljust(7), i.mnemonic.ljust(7), i.op_str)
     elif argparser.args.phdynent: elf.dump_ph_dyn_entries()
+    elif argparser.args.disass:
+        for section in elf.shhdr:
+            name = elf.read_section_name(byte2int(section.sh_name))
+            if name == argparser.args.disass:
+                if byte2int(section.sh_flags) & 0x4 != 0x04:
+                    print("section is not executable...but, since you asked, here you go...")
+                elf.so.seek(byte2int(section.sh_offset))
+                code = elf.so.read(byte2int(section.sh_size))
+                md = Cs(CS_ARCH_X86, CS_MODE_64)
+                for i in md.disasm(bytes(code), 0x0):
+                    print(hex(i.address).ljust(7), i.mnemonic.ljust(7), i.op_str)
     elif argparser.args.textasm:
         md = Cs(CS_ARCH_X86, CS_MODE_64)
         for i in md.disasm(bytes(elf.text_section), 0x0):
diff --git a/bfd/test/makefile b/bfd/test/makefile
index eb8576f..9414f84 100644
--- a/bfd/test/makefile
+++ b/bfd/test/makefile
@@ -3,7 +3,8 @@
 CC?=gcc
 CC=gcc
 CC_FLAGS=-fpic -O0 -g -v --debug
-LD_FLAGS= -l bfd
+#LD_FLAGS= -l bfd
+LD_FLAGS=
 TARGET=test
 ##################################RULES################################
 .DEFAULT:all
diff --git a/bfd/test/test.c b/bfd/test/test.c
index cac61b6..00f92ad 100644
--- a/bfd/test/test.c
+++ b/bfd/test/test.c
@@ -13,6 +13,7 @@ double subdouble(double a, double b) {return a-b;}
 double triple(double a, double b, double c) {return a+b+c;}
 int quad(int a, int b, int c, int d) {return add2(a,b) + add2(c,d);}
 const char* passthrough(const char* a) {return a;}
+void ext_1(void) {printf("%s", "hey there sleepy-head.\n");}
 
 int myvar1 = 1;
 int myvar2 = 2;
@@ -25,5 +26,7 @@ int main(int argc, char** argv) {
   int sum;
   sum = add2(10, 20);
   printf("i live!\n");
-  return sub2(20, 10);
+  int res =  sub2(20, 10);
+  ext_1();
+  return quad(1,2,3,4);
 }
author	bloodstalker <thabogre@gmail.com>	2018-05-18 23:35:03 +0000
committer	bloodstalker <thabogre@gmail.com>	2018-05-18 23:35:03 +0000
commit	5de630461628e95a7460f16574242f897f874a94 (patch)
tree	e259b4ea6d6b0421fe605ffece4d98aa5baa8ccb /bfd
parent	contribution guidelines (diff)
download	mutator-5de630461628e95a7460f16574242f897f874a94.tar.gz mutator-5de630461628e95a7460f16574242f897f874a94.zip