I am new to ELF and C programming.
I wanna set e_shstrndx which locates ELF header to 0 to avoid debugging by using msync system call.
I program this code, but it seems not working.
#include<elf.h>
#include<stdio.h>
#include<string.h>
#include<stdint.h>
#include<unistd.h>
#include<stdlib.h>
#include<sys/mman.h>
#include<sys/stat.h>
#include<sys/fcntl.h>
int
main(int argc, char *argv[]) {
int fd;
uint8_t *mem;
struct stat st;
Elf32_Ehdr *ehdr;
Elf32_Shdr *shdr;
if (argc < 2) {
printf("Usage:%s <executable>\n", argv[0]);
printf("Warning:Use it before backup\n");
exit(0);
}
/*
* Open file withe open syscall
*/
if ((fd = open(argv[1], O_RDONLY)) < 0) {
perror("open");
exit(-1);
}
/*
* Read file status
*/
if (fstat(fd, &st) < 0) {
perror("stat");
}
/*
* Map executable into memory
*/
mem = mmap (NULL, st.st_size, PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0);
if (mem == MAP_FAILED) {
perror("mmap");
exit(-1);
}
ehdr = (Elf32_Ehdr *)mem;
shdr = (Elf32_Shdr *)&mem[ehdr->e_shoff];
/*
* Check magic number
*/
if (mem[0] != 0x7f && strcmp(&mem[1], "ELF")) {
fprintf(stderr, "Not an ELF file\n");
exit(-1);
}
/*
* Check if executable
*/
if (ehdr->e_type == ET_EXEC) {
fprintf(stderr, "Not an executable file\n");
exit(-1);
}
/*
* Set ehdr->e_shstrndx to 0
*/
ehdr->e_shstrndx = 0;
/*
* Sync memory into disk
*/
if (-1 == msync(mem, st.st_size, MS_ASYNC)) {
perror("msync");
exit(-1);
}
/*
* Unmap memory
*/
if (-1 == munmap(mem, st.st_size)) {
perror("munmap");
exit(-1);
}
close(fd);
}
I run the program and run readelf -h to get "Section header string table index" from modified program, nothing changed.
I don't know what's wrong with my code?
Any help will be appreciate.
There are 2 errors in your code.
Here is simplified version of your code with log statements that modifies the 4th byte of an 6-byte ASCII file:
#include<stdio.h>
#include<string.h>
#include<stdint.h>
#include<unistd.h>
#include<stdlib.h>
#include<sys/mman.h>
#include<sys/stat.h>
#include<sys/fcntl.h>
int main(int argc, char *argv[])
{
int fd;
void *mem;
char *data;
struct stat st;
int rc;
if (argc < 2) {
printf("Usage:%s <filename>\n", argv[0]);
exit(1);
}
printf("argv[1]=%s\n", argv[1]);
/*
* Open file with open syscall
*/
rc = open(argv[1], O_RDWR);
if (rc < 0) {
perror("open");
exit(-1);
}
fd = rc;
printf("fd=%d\n", fd);
/*
* Read file status
*/
if (fstat(fd, &st) < 0) {
perror("stat");
}
printf("st.st_size=%ld\n", st.st_size);
/*
* Map file into memory
*/
mem = mmap (NULL, st.st_size, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
if (mem == MAP_FAILED) {
perror("mmap");
exit(-1);
}
printf("mem=%p\n", mem);
/*
* modify memory mapped data
*/
data = (char *)mem + 2;
*data = 'M';
/*
* Sync memory into disk
*/
rc = msync(mem, st.st_size, MS_ASYNC);
if (rc == -1) {
perror("msync");
exit(-1);
}
printf("msync rc=%d\n", rc);
/*
* Unmap memory
*/
rc = munmap(mem, st.st_size);
if (rc == -1) {
perror("munmap");
exit(-1);
}
printf("munmap rc=%d\n", rc);
rc = close(fd);
printf("close rc=%d\n", rc);
return 0;
}
Execution:
$ cat test.dat
A
b
C
$ ./mmap test.dat
argv[1]=test.dat
fd=3
st.st_size=6
mem=0x7fbf9f79c000
msync rc=0
munmap rc=0
close rc=0
$ cat test.dat
A
M
C
$