gman0064/chisel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

More progress towards patch injection framework

Browse Source
This commit is contained in:
Garrett Dickinson 2023-04-10 22:24:44 -05:00
parent ec17eec8c9
commit 8aa55bdb23
6 changed files with 46 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
notes/todo.md Normal file
View File

@ -0,0 +1,9 @@
To Do
Code injection
- Have a script with 3 functions, (main, funcA, funcB), and replace refs to funcA with funcB
- Trampoline definitions of a function to a new modified function that gets places in memory
-
Injected code: 0x680
Call: 0x1160

9
src/patcher.rs
View File

@ -38,7 +38,6 @@ pub fn patch_binary(binary_contents: Vec<u8>, binary_name: String, patch_file_pa
file.write_all(&bytes) file.write_all(&bytes)
.expect("[Error] Could not write to patched binary file"); .expect("[Error] Could not write to patched binary file");
file.flush();
} }
@ -57,11 +56,11 @@ fn parse_patch_file(patch_path: &String) -> HashMap<usize, Vec<u8>>{
for line in contents { for line in contents {
let unwrapped = line.unwrap(); let unwrapped = line.unwrap();
if unwrapped.trim().starts_with("#") { if unwrapped.trim().starts_with("#") || unwrapped.is_empty() {
//Skip
} else { } else {
let mut statement = unwrapped.split(":"); let mut statement = unwrapped.split(":");
let address: usize = statement.next().unwrap().trim().parse::<usize>().unwrap(); let address: usize = util::hex_to_int(statement.next().unwrap().trim()).unwrap();
let data: &str = statement.next().unwrap().trim(); let data: &str = statement.next().unwrap().trim();
if !data.is_empty() { if !data.is_empty() {
@ -85,7 +84,7 @@ fn parse_patch_file(patch_path: &String) -> HashMap<usize, Vec<u8>>{
} else { } else {
// Data is comma seperated list or a single value // Data is comma seperated list or a single value
let byte_str: String = data.replace(",", ""); let byte_str: String = data.replace(",", "");
let bytes: Vec<u8> = util::decode_hex(&byte_str).unwrap(); let bytes: Vec<u8> = util::hex_to_buff(&byte_str).unwrap();
print!("{}: ", address); print!("{}: ", address);

7
src/util.rs
View File

@ -348,9 +348,14 @@ pub fn read_lines(filename: String) -> io::Lines<BufReader<File>> {
// Borrowed from the following Stack Overflow post // Borrowed from the following Stack Overflow post
// https://stackoverflow.com/questions/52987181/how-can-i-convert-a-hex-string-to-a-u8-slice // https://stackoverflow.com/questions/52987181/how-can-i-convert-a-hex-string-to-a-u8-slice
pub fn decode_hex(s: &str) -> Result<Vec<u8>, ParseIntError> { pub fn hex_to_buff(s: &str) -> Result<Vec<u8>, ParseIntError> {
(0..s.len()) (0..s.len())
.step_by(2) .step_by(2)
.map(|i| u8::from_str_radix(&s[i..i + 2], 16)) .map(|i| u8::from_str_radix(&s[i..i + 2], 16))
.collect() .collect()
} }
pub fn hex_to_int(s: &str) -> Result<usize, ParseIntError> {
return usize::from_str_radix(s, 16)
}

BIN
testing/hello_patched
View File

Binary file not shown.

17
testing/patches/hello.patch
View File

@ -1,3 +1,14 @@
8196 : "Hello, Patch!" # Trampoline segment
#20041 : DE,AD,BE,EF # Pushes and returns to 0x116b
#45620 : 00,01,02,03 #3f80 : 48C7C00100000048C7C70100000048C7C68007000048C7C20D0000000F05686B110000C3
# No syscall
1190 : 48C7C00100000048C7C70100000048C7C6C011000048C7C20D000000686B110000C3
# String data to print from trampoline instruction
11C0 : "Hello, World!"
# Initial jump to trampoline
#1160 : 6880060000C3
#1160 : 6890110000C3
2004 : "Hello, Patch!"

12
testing/src/functions.c Normal file
View File

@ -0,0 +1,12 @@
int main() {
return 0;
}
int my_function() {
return 0;
}
int another_function() {
return 0;
}