0

I am new to ELF and C programming.

I wanna set e_shstrndx which locates ELF header to 0 to avoid debugging by using msync system call.

I program this code, but it seems not working.

#include<elf.h>
#include<stdio.h>
#include<string.h>
#include<stdint.h>
#include<unistd.h>
#include<stdlib.h>
#include<sys/mman.h>
#include<sys/stat.h>
#include<sys/fcntl.h>

int
main(int argc, char *argv[]) {
    int fd;

    uint8_t *mem;
    struct stat st;

    Elf32_Ehdr *ehdr;
    Elf32_Shdr *shdr;

    if (argc < 2) {
        printf("Usage:%s <executable>\n", argv[0]);
        printf("Warning:Use it before backup\n");
        exit(0);
    }

    /*
     * Open file withe open syscall
     */

    if ((fd = open(argv[1], O_RDONLY)) < 0) {
        perror("open");
        exit(-1);
    }

    /* 
     * Read file status
     */

    if (fstat(fd, &st) < 0) {
        perror("stat");
    }

    /*
     * Map executable into memory
     */

    mem = mmap (NULL, st.st_size, PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0);

    if (mem == MAP_FAILED) {
        perror("mmap");
        exit(-1);
    }

    ehdr = (Elf32_Ehdr *)mem;
    shdr = (Elf32_Shdr *)&mem[ehdr->e_shoff];

    /*
     * Check magic number
     */

    if (mem[0] != 0x7f && strcmp(&mem[1], "ELF")) {
        fprintf(stderr, "Not an ELF file\n");
        exit(-1);
    }

    /*
     * Check if executable
     */

    if (ehdr->e_type == ET_EXEC) {
        fprintf(stderr, "Not an executable file\n");
        exit(-1);
    }

    /*
     * Set ehdr->e_shstrndx to 0
     */

    ehdr->e_shstrndx = 0;

    /*
     * Sync memory into disk
     */

    if (-1 == msync(mem, st.st_size, MS_ASYNC)) {
        perror("msync");
        exit(-1);
    }

    /*
     * Unmap memory
     */

    if (-1 == munmap(mem, st.st_size)) {
        perror("munmap");
        exit(-1);
    }

    close(fd);
}

I run the program and run readelf -h to get "Section header string table index" from modified program, nothing changed.

I don't know what's wrong with my code?

Any help will be appreciate.

Simson
  • 3,373
  • 2
  • 24
  • 38
coolder
  • 144
  • 2
  • 9
  • Have you tried singe step it in a debuger? – Simson Jun 08 '20 at 05:07
  • I'v tried to debug it, ehdr->e_shstrndx changed to 0 in memory. – coolder Jun 08 '20 at 05:37
  • Before assignment:> pxw @ rax + 0x3e 0x7f11680c703e 0x0006001c 0x00040000 0x00400000 0x00000000 ..........@..... – coolder Jun 08 '20 at 05:38
  • After assignment movw $0, 0x3e(%rax), :> pxw @ rax + 0x3e 0x7f11680c703e 0x00060000 0x00040000 0x00400000 0x00000000 ..........@..... – coolder Jun 08 '20 at 05:39
  • where do you open your file for writing and write ? Since the data in memory is correct when you chanted it the problem is between there and the filesystem. – Simson Jun 08 '20 at 06:16
  • This is not about elf and linux at all this is a question about posix_mapped_files – Simson Jun 08 '20 at 07:42

1 Answers1

2

There are 2 errors in your code.

  1. you need to open the file with O_RDWR flag instead of O_RDONLY.
  2. you need to call mmap with MAP_SHARED argument instead of MAP_PRIVATE.

Here is simplified version of your code with log statements that modifies the 4th byte of an 6-byte ASCII file:

#include<stdio.h>
#include<string.h>
#include<stdint.h>
#include<unistd.h>
#include<stdlib.h>
#include<sys/mman.h>
#include<sys/stat.h>
#include<sys/fcntl.h>

int main(int argc, char *argv[]) 
{
    int     fd;
    void    *mem;
    char    *data;
    struct stat st;
    int     rc;


    if (argc < 2) {
        printf("Usage:%s <filename>\n", argv[0]);
        exit(1);
    }
    printf("argv[1]=%s\n", argv[1]);

    /*
     * Open file with open syscall
     */

    rc = open(argv[1], O_RDWR);
    if (rc  < 0) {
        perror("open");
        exit(-1);
    }
    fd = rc;
    printf("fd=%d\n", fd);

    /* 
     * Read file status
     */

    if (fstat(fd, &st) < 0) {
        perror("stat");
    }
    printf("st.st_size=%ld\n", st.st_size);

    /*
     * Map file into memory
     */

    mem = mmap (NULL, st.st_size, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);

    if (mem == MAP_FAILED) {
        perror("mmap");
        exit(-1);
    }
    printf("mem=%p\n", mem);


   /*
    * modify memory mapped data
    */

    data = (char *)mem + 2; 
    *data = 'M';

    /*
     * Sync memory into disk
     */

    rc = msync(mem, st.st_size, MS_ASYNC);
    if (rc == -1) {
        perror("msync");
        exit(-1);
    }
    printf("msync rc=%d\n", rc);

    /*
     * Unmap memory
     */

    rc = munmap(mem, st.st_size);
    if (rc == -1) {
        perror("munmap");
        exit(-1);
    }
    printf("munmap rc=%d\n", rc);

    rc =  close(fd);
    printf("close rc=%d\n", rc);

    return 0;
}

Execution:

$ cat test.dat
A
b
C
$ ./mmap test.dat
argv[1]=test.dat
fd=3
st.st_size=6
mem=0x7fbf9f79c000
msync rc=0
munmap rc=0
close rc=0
$ cat test.dat
A
M
C
$
pifor
  • 7,419
  • 2
  • 8
  • 16