centaur is an ELF executable editing toolkit, focusing on code injection and function detouring.
It has been tested successfully in the environments provided by several Linux distributions, on both x86-32 and x86-64 machines:
- Ubuntu 12.04 LTS (x86-64)
- Arch Linux (June 2013) (x86-64)
- Slackware 14.0 (x86-32)
Injecting an object file into a program and detouring a function could hardly be simpler:
elfucli --input program \
--reladd objfile.o \
--detour oldfunc,newfunc \
--output program_modified
elfucli parses the command line parameters one by one like a script.
In this example, it:
- Loads the executable
program
containing the functionoldfunc
. - Injects an object file containing the function
newfunc
. - Overwrites the beginning of
oldfunc
with a jump tonewfunc
. - Writes the modified program to
program_modified
.
This functionality is exposed by the underlying libelfu
via a C API,
at the same high level. elfucli
serves as an example application for
it and doubles as a handy scalpel for ELF files.
More examples can be found in the testsuite. The 'detour' test is particularly similar to the example above.
Usually, a plain
make
should be enough to build centaur, provided that a version of libelf and its development files are installed. If not, see docs/building.md for further hints such as the packages to be installed on Ubuntu.
Once that is done,
make check
will build and run the testsuite. See docs/tests.md for details.
See the docs/ directory for all other documentation.