More progress towards patch injection framework

2023-04-10 22:24:44 -05:00 · 2023-04-10 22:24:44 -05:00 · 8aa55bdb23
commit 8aa55bdb23
parent ec17eec8c9
6 changed files with 46 additions and 10 deletions
--- a/notes/todo.md
+++ b/notes/todo.md
@ -0,0 +1,9 @@
+To Do
+
+Code injection
+    - Have a script with 3 functions, (main, funcA, funcB), and replace refs to funcA with funcB
+    - Trampoline definitions of a function to a new modified function that gets places in memory
+    - 
+
+Injected code: 0x680
+Call: 0x1160
--- a/src/patcher.rs
+++ b/src/patcher.rs
@ -37,8 +37,7 @@ pub fn patch_binary(binary_contents: Vec<u8>, binary_name: String, patch_file_pa

    file.write_all(&bytes)
        .expect("[Error] Could not write to patched binary file");
-    
-    file.flush();
+
 }


@ -57,11 +56,11 @@ fn parse_patch_file(patch_path: &String) -> HashMap<usize, Vec<u8>>{
        
        for line in contents {
            let unwrapped = line.unwrap();
-            if unwrapped.trim().starts_with("#") {
-
+            if unwrapped.trim().starts_with("#") || unwrapped.is_empty() {
+                //Skip
            } else {
                let mut statement = unwrapped.split(":");
-                let address: usize = statement.next().unwrap().trim().parse::<usize>().unwrap();
+                let address: usize = util::hex_to_int(statement.next().unwrap().trim()).unwrap();
                let data: &str = statement.next().unwrap().trim();

                if !data.is_empty() {
@ -85,7 +84,7 @@ fn parse_patch_file(patch_path: &String) -> HashMap<usize, Vec<u8>>{
                    } else {
                        // Data is comma seperated list or a single value
                        let byte_str: String = data.replace(",", "");
-                        let bytes: Vec<u8> = util::decode_hex(&byte_str).unwrap();
+                        let bytes: Vec<u8> = util::hex_to_buff(&byte_str).unwrap();
                        
                        print!("{}: ", address);
                    
--- a/src/util.rs
+++ b/src/util.rs
@ -348,9 +348,14 @@ pub fn read_lines(filename: String) -> io::Lines<BufReader<File>> {

 // Borrowed from the following Stack Overflow post
 // https://stackoverflow.com/questions/52987181/how-can-i-convert-a-hex-string-to-a-u8-slice
-pub fn decode_hex(s: &str) -> Result<Vec<u8>, ParseIntError> {
+pub fn hex_to_buff(s: &str) -> Result<Vec<u8>, ParseIntError> {
    (0..s.len())
        .step_by(2)
        .map(|i| u8::from_str_radix(&s[i..i + 2], 16))
        .collect()
+}
+
+
+pub fn hex_to_int(s: &str) -> Result<usize, ParseIntError> {
+    return usize::from_str_radix(s, 16)
 }
--- a/testing/hello_patched
+++ b/testing/hello_patched
--- a/testing/patches/hello.patch
+++ b/testing/patches/hello.patch
@ -1,3 +1,14 @@
-8196  :  "Hello, Patch!"
-#20041 : DE,AD,BE,EF
-#45620 : 00,01,02,03
+# Trampoline segment
+# Pushes and returns to 0x116b
+#3f80 : 48C7C00100000048C7C70100000048C7C68007000048C7C20D0000000F05686B110000C3
+# No syscall
+1190 : 48C7C00100000048C7C70100000048C7C6C011000048C7C20D000000686B110000C3
+
+# String data to print from trampoline instruction
+11C0 : "Hello, World!"
+
+# Initial jump to trampoline
+#1160 : 6880060000C3
+#1160 :  6890110000C3
+
+2004 : "Hello, Patch!"
--- a/testing/src/functions.c
+++ b/testing/src/functions.c
@ -0,0 +1,12 @@
+int main() {
+    
+    return 0;
+}
+
+int my_function() {
+    return 0;
+}
+
+int another_function() {
+    return 0;
+}