Patching doesn't work?

[bvkim]

Hi there

I'm currently doing practices under Linux w/ blah crackmes:
Link: crackmes.de

This is the dump result:

Code:

blah:     file format elf32-i386


Disassembly of section .text:

08048094 <.text>:
 8048094:	31 c0                	xor    %eax,%eax
 8048096:	b8 2f 00 00 00       	mov    $0x2f,%eax
 804809b:	cd 80                	int    $0x80
 804809d:	3d ad de 00 00       	cmp    $0xdead,%eax
 80480a2:	75 16                	jne    0x80480ba <-- I want to NOP this line
 80480a4:	b8 04 00 00 00       	mov    $0x4,%eax
 80480a9:	bb 01 00 00 00       	mov    $0x1,%ebx
 80480ae:	b9 c4 90 04 08       	mov    $0x80490c4,%ecx
 80480b3:	ba 06 00 00 00       	mov    $0x6,%edx
 80480b8:	cd 80                	int    $0x80
 80480ba:	31 c0                	xor    %eax,%eax
 80480bc:	40                   	inc    %eax
 80480bd:	31 db                	xor    %ebx,%ebx
 80480bf:	cd 80                	int    $0x80

As I comment above, I want to patch that line by 2 - NOP bytes.
I wrote this code:

Code:

#include <stdio.h>

int
main( int argc, char *argv[] )
{
	int offset[2] = { 0x75, 0x16 }; /* origin */
	char patch[2] = { 0x90, 0x90 }; /* nop */
	FILE *file;
	int i;
	
	file = fopen( "blah", "rb+" );
	if( file != NULL ) {
		for( i = 0; i < 2; ++i ) {
			fseek( file, offset[i], SEEK_SET ); /* search */
			fprintf( file, "%c", patch[i] ); /* patch */			
		}
		printf("Patched Done.\n");
	} else {
		printf("[Error]: file not found. \n");
	}		
	fclose( file );
	return 0;
}

However, I don't know why it doesn't work???
[Note: if I change different offsets, source works; only the above offset occurs error]
May some1 help me this?

[GL.Sam]

[Note: if I change different offsets, source works; only the above offset occurs error]
Sounds mysteriously. Maybe it's all because you are using hex representation as offset? Seems like you want to patch 117th and 22th bytes.

[bvkim]

@GL.Sam: event I change to decimal, it stays the same. =_+

[GL.Sam]

Sorry, I've expressed myself improperly. I meant that you are trying to patch 117th and 22th bytes, counting from the beginning. 75 16 is not the offset, it is what actually stands for your jne command. fseek's second argument is not the first occurence of a value, it is address from the beginning. You should probably open the file in hex editor and look for actual offset, or organize a loop with checking for what you want and use fwrite() for patching two bytes.

[Scarlet7]

Try using fwrite intead of fprintf:

Code:

      fwrite( &patch[i], 1, 1,  file);

[bvkim]

ohoh...my bad )
I'm crazyyyyy

this is my solution anyways, for any1 who want to reference.

Code:

#include <stdio.h>

int
main( int argc, char *argv[] )
{
	FILE *file;
	const char *file_name 	  = "blah";
	const char *file_mode 	  = "rb+";
	const int	patch_offset  = 0xa2;
	const char	patch_value[] = { 0x90, 0x90 };
	
	file = fopen( file_name, file_mode );
	if( file != NULL ) {		
		fseek( file, patch_offset, SEEK_SET ); /* search */
		fwrite( patch_value, sizeof( char ), 2, file );	
		printf("Patched Done.\n");
	} else {
		printf("[Error]: file not found. \n");
	}		
	
	fclose( file );
	return 0;
}

Thanks guys !

[Kennedy]

You have another problem. Where you have

Code:

	if( file != NULL ) {		
		fseek( file, patch_offset, SEEK_SET ); /* search */
		fwrite( patch_value, sizeof( char ), 2, file );	
		printf("Patched Done.\n");
	} else {
		printf("[Error]: file not found. \n");
	}		
	
	fclose( file );

I think that fclose would seg fault, though it has been so long since I've worked with files I don't remember what happens when one closes an unopened file handle.

[slingerland3g]

You have another problem. Where you have

Code:

	if( file != NULL ) {		
		fseek( file, patch_offset, SEEK_SET ); /* search */
		fwrite( patch_value, sizeof( char ), 2, file );	
		printf("Patched Done.\n");
	} else {
		printf("[Error]: file not found. \n");
	}		
	
	fclose( file );

I think that fclose would seg fault, though it has been so long since I've worked with files I don't remember what happens when one closes an unopened file handle.

This should satisfy the fclose()

Code:

   file = fopen( file_name, file_mode );

Is that not enough?

[GL.Sam]

Uh, yeah, when it ends up to fclose(NULL) you are getting totally screwed.

Should be moved to be after the first printf.

[slingerland3g]

Uh, yeah, when it ends up to fclose(NULL) you are getting totally screwed.

Should be moved to be after the first printf.

Oh, yes very true!