static int read_phdr(struct elf32_info *info, FILE *in) { int i; if (info->file_ehdr.e_phnum > MAX_PHDRS) { printc_err("elf32: too many program headers: %d\n", info->file_ehdr.e_phnum); return -1; } for (i = 0; i < info->file_ehdr.e_phnum; i++) { if (fseek(in, i * info->file_ehdr.e_phentsize + info->file_ehdr.e_phoff, SEEK_SET) < 0) { printc_err("elf32: can't seek to phdr %d\n", i); return -1; } if (parse_phdr(&info->file_phdrs[i], in) < 0) { printc_err("elf32: can't read phdr %d: %s\n", i, last_error()); return -1; } } return 0; }
void decrypt_and_dump_self(char *selfFile, char *saveFile) { int fd = open(selfFile, O_RDONLY, 0); if (fd != -1) { void *addr = mmap(0, 0x4000, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0); if (addr != MAP_FAILED) { printfsocket("mmap %s : %p\n", selfFile, addr); uint16_t snum = *(uint16_t*)((uint8_t*)addr + 0x18); Elf64_Ehdr *ehdr = (Elf64_Ehdr *)((uint8_t*)addr + 0x20 + snum * 0x20); printfsocket("ehdr : %p\n", ehdr); // shdr fix ehdr->e_shoff = ehdr->e_shentsize = ehdr->e_shnum = ehdr->e_shstrndx = 0; Elf64_Phdr *phdrs = (Elf64_Phdr *)((uint8_t *)ehdr + 0x40); printfsocket("phdrs : %p\n", phdrs); int segBufNum = 0; SegmentBufInfo *segBufs = parse_phdr(phdrs, ehdr->e_phnum, &segBufNum); do_dump(saveFile, fd, segBufs, segBufNum, ehdr); printfsocket("dump completed\n"); free(segBufs); munmap(addr, 0x4000); } else { printfsocket("mmap file %s err : %s\n", selfFile, strerror(errno)); } close(fd); } else { printfsocket("open %s err : %s\n", selfFile, strerror(errno)); } }