Upload files to "src"

src/binary_patch.py

@@ -88,14 +88,12 @@ def patch_strcpy(lief_binary, nbytes, save_path, output=True):
   new_segment = add_segment(lief_binary, types = lief._lief.ELF.Segment.TYPE.LOAD, flags = 5, content=patch_code)
   new_segment_address = new_segment.virtual_address
   #lief_binary.patch_pltgot("strcpy", new_segment.virtual_address)
+  os.system("rm " + save_path)
   lief_binary.write(save_path)
   os.system("chmod +x " + save_path)
   
   elf_patch = ELF(save_path)
-  print("save_path --> " + save_path)
+  patch_by_pltsec_jmp(elf_patch, 'strcpy', elf_patch.plt['strcpy'], new_segment_address, len(patch_code), save_path)
-  print("elf_patch.plt.strcpy --> " + hex(elf_patch.plt.strcpy))
-  patch_by_pltsec_jmp(elf_patch, 'strcpy', elf_patch.plt.strcpy, new_segment_address, len(patch_code), save_path)
-
 
 # to do
 def patch_dprintf(lief_binary, save_path, output=True):
@@ -115,40 +113,42 @@ def patch_dprintf(lief_binary, save_path, output=True):
   new_segment = add_segment(lief_binary, types = lief._lief.ELF.Segment.TYPE.LOAD, flags = 5, content=patch_code)
   new_segment_address = new_segment.virtual_address
   #lief_binary.patch_pltgot("dprintf", new_segment.virtual_address)
+  
+  os.system("rm " + save_path)
   lief_binary.write(save_path)
   os.system("chmod +x " + save_path)
   
   elf_patch = ELF(save_path)
-  patch_by_pltsec_jmp(elf_patch, 'dprintf', elf_patch.plt.dprintf, new_segment_address, len(patch_code), save_path)
+  patch_by_pltsec_jmp(elf_patch, 'dprintf', elf_patch.plt['dprintf'], new_segment_address, len(patch_code), save_path)
 
 
 def patch_recv(lief_binary, nbytes, save_path, output=True):
   patch_recv_code = f"""
-  mov rdx, {nbytes}
+  mov rdx, {nbytes};
-  mov r10, rcx;
-  xor r8, r8;
-  xor r9, r9;
-  push 45;
-  pop rax;
-  syscall;
-  ret;
   """
   patch_code = asm(patch_recv_code)
   if output:
     print("the assmebly code :\n %s" % patch_recv_code)
     print("the machine code :\n %s" % patch_code)
   new_segment = add_segment(lief_binary, types = lief._lief.ELF.Segment.TYPE.LOAD, flags = 5, content=patch_code)
-  lief_binary.patch_pltgot("recv", new_segment.virtual_address)
+  new_segment_address = new_segment.virtual_address
+  
+  os.system("rm " + save_path)
   lief_binary.write(save_path)
   os.system("chmod +x " + save_path)
+  
+  elf_patch = ELF(save_path)
+  patch_by_pltsec_jmp(elf_patch, 'recv', elf_patch.plt['recv'], new_segment_address, len(patch_code), save_path)
 
-# if __name__ == '__main__':
+if __name__ == '__main__':
-#   argv = sys.argv
+  argv = sys.argv
-#   argc = len(sys.argv)
+  argc = len(sys.argv)
-#   path = sys.argv[1]
+  path = sys.argv[1]
-#   save_path = path + "_patch" 
+  save_path = path + "_patch" 
-#   lief_binary, pwn_binary = load_binary_file_information(path)
+  lief_binary, pwn_binary = load_binary_file_information(path)
-#   if sys.argv[2] == 'dprintf':
+  if sys.argv[2] == 'dprintf':
-#     patch_dprintf(save_path)
+    patch_dprintf(lief_binary, save_path)
-#   elif sys.argv[2] == 'strcpy':
+  elif sys.argv[2] == 'strcpy':
-#     patch_strcpy(int(sys.argv[3]), save_path)
+    patch_strcpy(lief_binary, int(sys.argv[3]), save_path)
+  elif sys.argv[2] == 'recv':
+    patch_recv(lief_binary, int(sys.argv[3]), save_path)