void elfutils_save_elf_file(elfshobj_t *o, char *file) { int ret = elfsh_save_obj(o, file); if (ret < 0){ elfsh_error(); } }
int main(int argc, char **argv) { elfshobj_t *host; elfshobj_t *rel; elfshsect_t *txtsect; elfsh_Sym *puts_troj; elfsh_Sym *hook_func; int idx; u_long addr; /* Map host file and relocatable file */ rel = elfsh_map_obj(RELOC_FILE); if (NULL == rel) goto err; host = elfsh_map_obj(TROJANED_FILE); if (NULL == host) goto err; /* Inject etrel */ idx = elfsh_inject_etrel(host, rel); if (idx < 0) goto err; /* Get injected's section info */ txtsect = elfsh_get_section_by_name(host, RELOC_FILE".text", NULL, NULL, NULL); if (txtsect == NULL) goto err; puts_troj = elfsh_get_symbol_by_name(host, "puts_troj"); idx = elfsh_hijack_function_by_name(host, ELFSH_HIJACK_TYPE_PLT, "puts", puts_troj->st_value, NULL); if (idx < 0) goto err; hook_func = elfsh_get_symbol_by_name(host, "hook_func"); idx = elfsh_hijack_function_by_name(host, ELFSH_HIJACK_TYPE_FLOW, "legit_func", hook_func->st_value, NULL); if (idx < 0) goto err; /* Save it */ idx = elfsh_save_obj(host, OUTPUT_FILE); if (idx < 0) goto err; puts("[*] ET_REL injected"); return (0); err: elfsh_error(); return (-1); }
int main(int ac, char **av) { mjrsession_t sess; char *infile,*outfile, *delsym, *rensym; int opt_R, opt_A, nr; opt_R = opt_A = 0; infile = outfile = delsym = rensym = NULL; while ((nr = getopt(ac, av, "i:o:ARd:r:")) != -1) { switch(nr) { case 'i': infile = optarg; break; case 'A': opt_A = 1; break; case 'R': opt_R = 1; opt_A = 1; break; case 'o': outfile = optarg; break; case 'd': delsym = optarg; break; case 'r': rensym = optarg; break; default: usage(); return 1; break; } } if (!infile) { usage(); return 1; } if (!mjr_init_session(&sess)) { printf("mjrInitSession faild.\n"); exit(1); } mjr_create_context_as_current(&sess, elfsh_map_obj(infile)); /* if (sess->cur->obj == NULL) { printf("elfsh_map_obj faild.\n"); exit(1); } */ mjr_setup_processor(&sess, NULL); if (opt_A) { mjr_analyse(&sess,NULL, 0); printf("seen: %d found %d\n", sess.cur->calls_seen, sess.cur->calls_found); } if (opt_R) mjr_symtab_rebuild(&sess); /* just for tests */ if (delsym && mjr_symbol_delete_by_name(&sess,delsym)) printf("deleted %s\n",delsym); if (rensym) { char *o,*n,*brk; o = strtok_r(rensym, ":", &brk); n = strtok_r(NULL, ":", &brk); printf("Rename %s -> %s\n", o, n); mjr_symbol_rename(&sess,o,n); } if (outfile) elfsh_save_obj(sess.cur->obj,outfile); return 0; }