Revision of shim_with_unprotect.c

1 file changed, 54 insertions

shim_with_unprotect.c(arquivo criado)

		@@ -0,0 +1,54 @@
1	+	// For RTLD_NEXT
2	+	#define _GNU_SOURCE
3	+
4	+	#include <stdio.h>
5	+	#include <dlfcn.h>
6	+	#include <stdlib.h>
7	+	#include <string.h>
8	+	#include <sys/mman.h>
9	+	#include <stdint.h>
10	+
11	+	static FILE (real_fopen)(const char , const char ) = NULL;
12	+
13	+	#define SEARCH_TOKEN_SIZE 6
14	+	char mySearchToken[SEARCH_TOKEN_SIZE] = "That's";
15	+
16	+	void searchData(char data, int len, void start, void end) {
17	+	void *i;
18	+
19	+	for(i = start; i < end; i += 1) {
20	+	if (memcmp(i, data, len) == 0 && i != (void *)data) {
21	+	return i;
22	+	}
23	+	}
24	+
25	+	return NULL;
26	+	}
27	+
28	+
29	+	FILE * fopen ( const char * filename, const char * mode ) {
30	+	printf("HUEBR, GIBE DATA PLOS, OR I REPORT U HUEHUE\n");
31	+	printf("MI NO LIK U FIL, MI UPEN HUE.TXT\n");
32	+
33	+	return real_fopen("hue.txt", "w");
34	+	}
35	+
36	+	void unprotectPage(uint64_t addr) {
37	+	mprotect((void*)(addr-(addr%4096)),4096,PROT_READ\|PROT_WRITE\|PROT_EXEC);
38	+	}
39	+
40	+	void __attribute__((constructor)) initialize(void) {
41	+	real_fopen = dlsym(RTLD_NEXT, "fopen");
42	+
43	+	if (real_fopen == NULL) {
44	+	printf("What? We couldn't find our fopen!!!!\n");
45	+	exit(255); // This will crash the program since it isn't expecting to exit in the constructor
46	+	}
47	+
48	+	void addr = searchData(mySearchToken, SEARCH_TOKEN_SIZE, (void )0x400040, (void*)0x400800 ); // Thats for 64 bit.
49	+
50	+	printf("Token Addr: %p\n", addr);
51	+	unprotectPage((uint64_t)(addr));
52	+	printf("Unprotected!\n");
53	+	((char *)addr)[0] = 'Z';
54	+	}

Próximo Anterior