\u6838\u5fc3\u903b\u8f91\uff1a\u62d3\u5c55elf\u6587\u4ef6\u7a7a\u95f4\uff0c\u5199\u5165shellcode\u3002<\/p>\n\n\n\n
\u76f4\u63a5\u4ecelinux\u4e8c\u8fdb\u5236\u5206\u6790\u91cc\u9762\u6284\u7b97\u6cd5<\/p>\n\n\n\n
.text\u611f\u67d3\u7b97\u6cd5<\/strong><\/p>\n\n\n\n \u4e66\u4e2d\uff0c\u611f\u67d3\u7b97\u6cd5\u662f\u8d70C\u8bed\u8a00\u4ee3\u7801\u5b9e\u73b0\u7684\uff08\u800c\u4e14\u7f51\u4e0a\u6284\u7684\u4ee3\u7801\u8dd1\u4e0d\u8d77\u6765\uff0c\u4e5f\u4e0d\u597d\u8bfb\u3002\u3002\u3002\u3002\u6240\u4ee5\u8fd8\u662f\u5f97\u81ea\u5df1\u5199\u4e00\u904d\uff09\uff0c\u7531\u4e8e\u5f53\u65f6\u6ca1\u6709\u597d\u7684elf\u6587\u4ef6patch\u5de5\u5177\uff0c\u4f46\u662f\u73b0\u5728\u6211\u4eec\u6709\u4e86lief\uff0c\u4e3a\u7406\u89e3silvio\u7684\u6587\u4ef6\u611f\u67d3\u601d\u8def\uff0c\u6253\u7b97\u4f7f\u7528lief\u6765\u5b9e\u73b0\u4e00\u904d\u3002\u6211\u4eec\u628asilvio \u611f\u67d3\u5206\u4e3a\u4e24\u6b65\uff0c\u62d3\u5c55 \uff0c\u690d\u5165<\/p>\n\n\n\n <\/p>\n\n\n\n \u5982\u4e0b\u4ee3\u7801\u5b9e\u73b0\u4e86\u62d3\u5c55\uff0c\u90a3\u690d\u5165\u5c31\u770b\u5404\u81ea\u6240\u9700\u4e86\u3002<\/p>\n\n\n\n \u6309\u7167\u4e4b\u524d\u7684\u903b\u8f91\uff0c\u5148\u62d3\u5c55segment\uff0csection\uff0c\u518d\u5199\u5165shellcode<\/p>\n\n\n\n \u5047\u8bbeshellcode\u957f\u5ea6\u4e3aSIZEdai\u3002<\/p>\n\n\n\n \u8fd9\u4e2a\u5f88\u7b80\u5355\uff0cPT_NOTE \u662f\u4e34\u8fd1PT_LOAD\u7684\u6700\u540e\u4e00\u4e2asegment\uff0c\u4e14\u4e0d\u4f1a\u88ab\u52a0\u8f7d\u5230\u5185\u5b58\u3002<\/p>\n\n\n\nehdr->e_entry = phdr[TEXT].p_vaddr + phdr[TEXT].p_filesz<\/code> \u589e\u52a0phdr[TEXT].p_filesz\uff08\u6587\u4ef6\u957f\u5ea6\uff09\u7684\u957f\u5ea6\u4e3a\u5bc4\u751f\u4ee3\u7801\u7684\u957f\u5ea6 \u589e\u52a0phdr[TEXT].p_memsz\uff08\u5185\u5b58\u957f\u5ea6\uff09\u7684\u957f\u5ea6\u4e3a\u5bc4\u751f\u4ee3\u7801\u7684\u957f\u5ea6<\/li>\u5b9e\u73b0\u62c6\u89e3<\/h4>\n\n\n\n
import lief
obj = lief.parse(\".\/elf1\")
segments = obj.segments
sections = obj.sections
header = obj.header
text_sec = obj.get_section(\".text\")
# print segment which .text belong to .
text_segment = \"\"
load_flag = False
# extend segments
for segment in segments:
if segment.type == lief.ELF.SEGMENT_TYPES.LOAD:
if segment.has(\".text\") :
text_segment = segment
segment.physical_size = segment.physical_size + 0x800
segment.virtual_size += 0x800
load_flag = True
continue
# if load_flag == True :
# segment.physical_size += 0x800
# extent sections
sec_flag = False
for sec in sections:
if sec.name == \".fini\" :
sec.size += 0x800
#sec.virtual_address += 0x1000
sec_flag = True
continue
# if sec_flag == True :
# sec.size += 0x800
# modify entryp_point
#header.entrypoint = obj.entrypoint + 0x1000
print(type(obj.entrypoint))
obj.write(\"update_segment_section\")
<\/pre>\n\n\n\n\u5176\u4ed6\u5404\u79cd\u6587\u4ef6\u611f\u67d3\u65b9\u6cd5<\/h2>\n\n\n\n
data\u6bb5\u611f\u67d3<\/h3>\n\n\n\n
\u5c06PT_NOTE \u8f6c\u5316PT_LOAD<\/h3>\n\n\n\n