void elfutils_save_elf_file(elfshobj_t *o, char *file)
{
int ret = elfsh_save_obj(o, file);
if (ret < 0){
elfsh_error();
}
}
int main(int argc, char **argv)
{
elfshobj_t *host;
elfshobj_t *rel;
elfshsect_t *txtsect;
elfsh_Sym *puts_troj;
elfsh_Sym *hook_func;
int idx;
u_long addr;
/* Map host file and relocatable file */
rel = elfsh_map_obj(RELOC_FILE);
if (NULL == rel)
goto err;
host = elfsh_map_obj(TROJANED_FILE);
if (NULL == host)
goto err;
/* Inject etrel */
idx = elfsh_inject_etrel(host, rel);
if (idx < 0)
goto err;
/* Get injected's section info */
txtsect = elfsh_get_section_by_name(host, RELOC_FILE".text", NULL, NULL, NULL);
if (txtsect == NULL)
goto err;
puts_troj = elfsh_get_symbol_by_name(host, "puts_troj");
idx = elfsh_hijack_function_by_name(host, ELFSH_HIJACK_TYPE_PLT,
"puts", puts_troj->st_value,
NULL);
if (idx < 0)
goto err;
hook_func = elfsh_get_symbol_by_name(host, "hook_func");
idx = elfsh_hijack_function_by_name(host, ELFSH_HIJACK_TYPE_FLOW,
"legit_func", hook_func->st_value,
NULL);
if (idx < 0)
goto err;
/* Save it */
idx = elfsh_save_obj(host, OUTPUT_FILE);
if (idx < 0)
goto err;
puts("[*] ET_REL injected");
return (0);
err:
elfsh_error();
return (-1);
}
int main(int ac, char **av)
{
mjrsession_t sess;
char *infile,*outfile, *delsym, *rensym;
int opt_R, opt_A, nr;
opt_R = opt_A = 0;
infile = outfile = delsym = rensym = NULL;
while ((nr = getopt(ac, av, "i:o:ARd:r:")) != -1)
{
switch(nr)
{
case 'i':
infile = optarg;
break;
case 'A':
opt_A = 1;
break;
case 'R':
opt_R = 1;
opt_A = 1;
break;
case 'o':
outfile = optarg;
break;
case 'd':
delsym = optarg;
break;
case 'r':
rensym = optarg;
break;
default:
usage();
return 1;
break;
}
}
if (!infile)
{
usage();
return 1;
}
if (!mjr_init_session(&sess))
{
printf("mjrInitSession faild.\n");
exit(1);
}
mjr_create_context_as_current(&sess, elfsh_map_obj(infile));
/*
if (sess->cur->obj == NULL) {
printf("elfsh_map_obj faild.\n");
exit(1);
}
*/
mjr_setup_processor(&sess, NULL);
if (opt_A)
{
mjr_analyse(&sess,NULL, 0);
printf("seen: %d found %d\n",
sess.cur->calls_seen,
sess.cur->calls_found);
}
if (opt_R)
mjr_symtab_rebuild(&sess);
/* just for tests */
if (delsym && mjr_symbol_delete_by_name(&sess,delsym))
printf("deleted %s\n",delsym);
if (rensym)
{
char *o,*n,*brk;
o = strtok_r(rensym, ":", &brk);
n = strtok_r(NULL, ":", &brk);
printf("Rename %s -> %s\n", o, n);
mjr_symbol_rename(&sess,o,n);
}
if (outfile)
elfsh_save_obj(sess.cur->obj,outfile);
return 0;
}
