1

I know you can easily patch the ELF with a value of the same size. But, what if I want to change it for a bigger value? Is there a way to un-pack and re-pack the ELF?

I'm not interested in patching the binary in memory.

Jonathan Leffler
  • 730,956
  • 141
  • 904
  • 1,278
gipsh
  • 578
  • 1
  • 3
  • 20
  • 1
    So you want to resize a string? This is certainly possible in principle, but since it may overlap with other raw data (e.g. C-style strings "asdf" and "sdf" overlap) due to compiler/linker optimizations, you might have more luck with adding a new value to do .rodata section and changing all required references to the old .rodata value, to the new location. Either way this is not an easy task. – jotik Mar 30 '16 at 12:45

1 Answers1

4

But, what if I want to change it for a bigger value?

You apparently want a longer string, not a bigger value.

is there a way to un-pack and re-pack the ELF?

Depends on what kind of ELF you are asking about. If you have a relocatable object file of type ET_REL (usually .o), then modification is fairly trivial: you simply append a new section to the end of the file (usually string contents reside in .rodata section, so you would make a (larger) copy of it, and then update corresponding section header's .sh_offset and .sh_size to point to the right place in the file.

On the other hand, for a linked ELF binary (ET_DYN or ET_EXEC), the task is so complicated as to be very hard (nearly impossible), because multiple pointers would need to be updated, and the placement in memory is not arbitrary.

Jonathan Leffler
  • 730,956
  • 141
  • 904
  • 1,278
Employed Russian
  • 199,314
  • 34
  • 295
  • 362