hi,
I am trying to write on the code section of an executing C program. I tried using mprotect to get PROT_WRITE access to a section in memory and tried to write bytecode on it. It doesnt seem to write on that section. The code is:
Code:
#ifndef PAGESIZE
#define PAGESIZE 4096
#endif
unsigned char buffer[1024];
int blank();
int main()
{
unsigned long *p;
unsigned char c;
unsigned long *d;
int i;
p = ␣
p = (unsigned long *)(((int) p + PAGESIZE-1) & ~(PAGESIZE-1));
if (mprotect(p,12,PROT_WRITE))
{
perror("Could not mprotect");
exit(errno);
}
p[0] = 0xccccc3c9; // basically I was trying to make it return without executing
p[1] = 0x08a14097;
d= ␣
printf(" written values %x %x",p[0],p[1]);
printf(" written values %x %x",d[0],d[1]);
.....
return 0;
}
int blank()
{
int index=0;
int i;
unsigned char *p;
p = &main;
printf("here");
for (i=0;i<=203;i++)
buffer[index++] = p[i];
buffer[index]='\0';
return 0;
}
The first print returns: ccccc3c9 8a14097.
The second print returns: 83e58955 45c718ec // these are the values in blank() on objdump of the binary.
Can someone help me on this, or is there any easier way to make a running program write byte code onto itself?
Regards,
Raghu