modifying and saving global variables on a executable file using libelf !!!!

redone · 09-11-2009, 09:58 AM

Quote:

Originally Posted by Sebastiani

>>
Why would you want to do that? The point is simply to find the target block so that you can read/replace the stored data. Does that make sense?

but the problem is how to find the target block in my executable so that i can modify my data

MK27 · 09-11-2009, 10:24 AM

Quote:

Originally Posted by redone

but the problem is how to find the target block in my executable so that i can modify my data

I think we all agree on this point.

**Salem** · 09-11-2009, 10:25 AM

You open the file, you read some data, you compare.

If you're dickering about with modifying an executable and you don't know how to do this basic stuff, then chances are you're going to screw it up.

Post some effort, and stop trying to get others to do the basics as well.

Sebastiani · 09-11-2009, 10:30 AM

Quote:

but the problem is how to find the target block in my executable so that i can modify my data

Well, have you gotten the bit where you open a file and read the contents working yet? If not, that might be the next logical step. It might be a good idea to just read the entire file, just to keep things simple. Then it's just a matter of searching through a block of memory (think 'memcmp'), making changes, and then overwriting the file (once you get that working you may even want to make a backup copy of the file before making changes, just for posterity).

tabstop · 09-11-2009, 10:31 AM

Quote:

Originally Posted by redone

but the problem is how to find the target block in my executable so that i can modify my data

Quote:

Originally Posted by MK27

I think we all agree on this point.

And finding a string in a binary file is not really all that different than finding a string in a text file (especially in Linux). Read bytes until found, more or less.

redone · 09-13-2009, 08:34 PM

here the my code source :

Code:

/*
 * Print the names of ELF sections.
 */

#include <err.h>
#include <fcntl.h>
#include <gelf.h>
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <sysexits.h>
#include <unistd.h>
#include <inttypes.h>
//#include <vis.h>
char *a="fggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggg";
int
main(int argc, char **argv)
{
        int fd;
        Elf *e;
        char *name, *p, pc[4*sizeof(char)];
        Elf_Scn *scn;
        Elf_Data *data;
        GElf_Shdr shdr;
        size_t n, shstrndx, sz;
         char c[1000];
       /* if (argc != 2)
                errx(EX_USAGE, "usage: %s file-name", getprogname());
*/
        if (elf_version(EV_CURRENT) == EV_NONE)
                errx(EX_SOFTWARE, "ELF library initialization failed: %s",
                    elf_errmsg(-1));

        if ((fd = open(argv[1], O_RDONLY, 0)) < 0)
                err(EX_NOINPUT, "open \%s\" failed", argv[1]);

        if ((e = elf_begin(fd, ELF_C_READ, NULL)) == NULL)
                errx(EX_SOFTWARE, "elf_begin() failed: %s.",
                    elf_errmsg(-1));

        if (elf_kind(e) != ELF_K_ELF)
                errx(EX_DATAERR, "%s is not an ELF object.", argv[1]);

        if (elf_getshstrndx(e, &shstrndx) == 0) 
                errx(EX_SOFTWARE, "getshstrndx() failed: %s.",
                    elf_errmsg(-1));

        scn = NULL; 
        while ((scn = elf_nextscn(e, scn)) != NULL) { 
                if (gelf_getshdr(scn, &shdr) != &shdr) 
                        errx(EX_SOFTWARE, "getshdr() failed: %s.",
                            elf_errmsg(-1));

                if ((name = elf_strptr(e, shstrndx, shdr.sh_name)) == NULL) 
                        errx(EX_SOFTWARE, "elf_strptr() failed: %s.",
                            elf_errmsg(-1));
                 if(strcmp(name,".data")==0)
{ 
        data=elf_getdata(scn,NULL);
        printf("%zd         ",data->d_size);
        //printf("%d ",(void *)data->d_off); 
         p = (char *) data->d_buf;
        
printf("%s",c);
printf("%p \n",p);
} 
               (void) printf("Section %-4.4jd %s\n", (uintmax_t) elf_ndxscn(scn),
                    name);
        }

        if ((scn = elf_getscn(e, shstrndx)) == NULL)         
                errx(EX_SOFTWARE, "getscn() failed: %s.",
                    elf_errmsg(-1));

        if (gelf_getshdr(scn, &shdr) != &shdr)
                errx(EX_SOFTWARE, "getshdr(shstrndx) failed: %s.",
                    elf_errmsg(-1));

        (void) printf(".shstrab: size=%jd\n", (uintmax_t) shdr.sh_size);

     /*   data = NULL; n = 0;
        while (n < shdr.sh_size && (data = elf_getdata(scn, data)) != NULL) { 
                p = (char *) data->d_buf;
                while (p < (char *) data->d_buf + data->d_size) {
                        if (vis(pc, *p, VIS_WHITE, 0))
                                printf("%s", pc);
                        n++; p++;
                        (void) putchar((n % 16) ? ' ' : '\n');
                }
        }
        (void) putchar('\n');*/

        (void) elf_end(e);
        (void) close(fd);
        exit(EX_OK);
}

the part in bold is when i try to access the .data segment note that i m using lib elf i get as an output the offset of the .data section but I m unable to read the data in it.I need help

**Salem** · 09-13-2009, 10:39 PM

> data=elf_getdata(scn,NULL);

Quote:

Originally Posted by manual page

elf_getdata( ) lets a program step through a section's data list. If the incoming data descriptor, data, is null, the function returns the first buffer associated with the section. Otherwise, data should be a data descriptor associated with scn, and the function gives the program access to the next data element for the section. If scn is null or an error occurs, elf_getdata( ) returns a null pointer.

Calling it once is a start, but it would seem you really need to call it in a loop until you find what you're looking for, or you reach the end of the list.

FWIW, your "fggg" thing isn't in the data segment in all likelihood, it is a string constant.

redone · 09-14-2009, 09:32 AM

the while loop before the bold text loops through all the sections and then i check for the section whose name is ".data"when i call data=elf_getdata(scn,NULL); and i print the data->d_buf i get a address in hexadecimal I think this the begining address of the global variable .If I'm right Iwant to read from his memory location and this is what I m unable to do .plz help me

**Salem** · 09-14-2009, 01:19 PM

a) there is potentially more than one global variable (so a loop within the section). You're not the only one with global data you know, parts of the standard libraries have them too.
b) like I already mentioned, string constants MAY not be in the data section, but in .rodata.

Try
char a[] = "ffffgggg";
and see if you can find that.

redone · 09-14-2009, 03:31 PM

Code:

#include <err.h>
#include <fcntl.h>
#include <gelf.h>
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <sysexits.h>
#include <unistd.h>
#include <inttypes.h>
//#include <vis.h>
char *a="fggg";
 int b=4;
int
main(int argc, char **argv)
{
        int fd;
        Elf *e;
        char *name, *p, pc[4*sizeof(char)];
        Elf_Scn *scn;
        Elf_Data *data;
        GElf_Shdr shdr;
        size_t n, shstrndx, sz;
         char c[1000];
       /* if (argc != 2)
                errx(EX_USAGE, "usage: %s file-name", getprogname());
*/
        if (elf_version(EV_CURRENT) == EV_NONE)
                errx(EX_SOFTWARE, "ELF library initialization failed: %s",
                    elf_errmsg(-1));

        if ((fd = open(argv[1], O_RDONLY, 0)) < 0)
                err(EX_NOINPUT, "open \%s\" failed", argv[1]);

        if ((e = elf_begin(fd, ELF_C_READ, NULL)) == NULL)
                errx(EX_SOFTWARE, "elf_begin() failed: %s.",
                    elf_errmsg(-1));

        if (elf_kind(e) != ELF_K_ELF)
                errx(EX_DATAERR, "%s is not an ELF object.", argv[1]);

        if (elf_getshstrndx(e, &shstrndx) == 0) 
                errx(EX_SOFTWARE, "getshstrndx() failed: %s.",
                    elf_errmsg(-1));

        scn = NULL; 
        while ((scn = elf_nextscn(e, scn)) != NULL) { 
                if (gelf_getshdr(scn, &shdr) != &shdr) 
                        errx(EX_SOFTWARE, "getshdr() failed: %s.",
                            elf_errmsg(-1));

                if ((name = elf_strptr(e, shstrndx, shdr.sh_name)) == NULL) 
                        errx(EX_SOFTWARE, "elf_strptr() failed: %s.",
                            elf_errmsg(-1));
if(strcmp(name,".data")==0)
{ 
       data=elf_getdata(scn,NULL);
       printf("%zd         ",data->d_size);
       //printf("%d ",(void *)data->d_off); 
p = (char *) data->d_buf;
        

printf("%p \n",p);
} 
if(strcmp(name,".rodata")==0)
 {
 data=elf_getdata(scn,NULL);
       printf("%zd         ",data->d_size);
 
p = (char *) data->d_buf;
        

printf("%p \n",p);
} 
}



        (void) elf_end(e);
        (void) close(fd);
        exit(EX_OK);
}

I get an output like this :
redone@ubuntu:~/Bureau$ ./sec sec
224 0xb7f29c68
16 0xb7f2a04c
I think this is the size and the offset of respectivly the .data and the .rodata
Still I m unable to read the content of this memory location and its size If anyone knows how to do that plz help me

09-11-2009, 10:25 AM	#18
Salem and the hat of Jobseeking Join Date: Aug 2001 Location: The edge of the known universe Posts: 21,657	You open the file, you read some data, you compare. If you're dickering about with modifying an executable and you don't know how to do this basic stuff, then chances are you're going to screw it up. Post some effort, and stop trying to get others to do the basics as well. __________________ If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
Salem is offline

09-14-2009, 09:32 AM	#23
redone Registered User Join Date: Sep 2009 Posts: 10	the while loop before the bold text loops through all the sections and then i check for the section whose name is ".data"when i call data=elf_getdata(scn,NULL); and i print the data->d_buf i get a address in hexadecimal I think this the begining address of the global variable .If I'm right Iwant to read from his memory location and this is what I m unable to do .plz help me
redone is offline

09-14-2009, 01:19 PM	#24
Salem and the hat of Jobseeking Join Date: Aug 2001 Location: The edge of the known universe Posts: 21,657	a) there is potentially more than one global variable (so a loop within the section). You're not the only one with global data you know, parts of the standard libraries have them too. b) like I already mentioned, string constants MAY not be in the data section, but in .rodata. Try char a[] = "ffffgggg"; and see if you can find that. __________________ If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
Salem is offline

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Writing and modifying data in a file	Micko	C Programming	2	02-17-2005 03:42 AM