Comments (7)
lunixbochs
commented on July 17, 2024
Add -v flag to patch
from patchkit.
Ver0n1ca
commented on July 17, 2024
Hi, this is the output of adding -v on my 'segmentation fault' computer:
$ ./patch -v simple test_patch.py
[*] test_patch.py
[+] patch()
[INJECT] @0x801000-0x80100c
68656c6c6f20776f726c640a
[INJECT] @0x80100c-0x801033
0x80100c: 50 push rax
0x80100d: 57 push rdi
0x80100e: 56 push rsi
0x80100f: 52 push rdx
0x801010: 48c7c001000000 mov rax, 1
0x801017: 48c7c701000000 mov rdi, 1
0x80101e: 48c7c600108000 mov rsi, 0x801000
0x801025: 48c7c20c000000 mov rdx, 0xc
0x80102c: 0f05 syscall
0x80102e: 5a pop rdx
0x80102f: 5e pop rsi
0x801030: 5f pop rdi
0x801031: 58 pop rax
0x801032: c3 ret
[HOOK] @0x400629 -> 0x80100c
[!] Segment made writable: 0x400000-0x40082c
[INJECT] @0x80104b-0x801072
0x80104b: e8c616b907 call 0x8392716
0x801050: 57 push rdi
0x801051: 56 push rsi
0x801052: 51 push rcx
0x801053: 488d3d5997e6fb lea rdi, [rip - 0x41968a7]
0x80105a: 488d35d8ffffff lea rsi, [rip - 0x28]
0x801061: 48c7c112000000 mov rcx, 0x12
0x801068: f3a4 rep movsb byte ptr [rdi], byte ptr [rsi]
0x80106a: 59 pop rcx
0x80106b: 5e pop rsi
0x80106c: 5f pop rdi
0x80106d: e90f489903 jmp 0x4195881
[INJECT] @0x801072-0x801094
0x801072: 57 push rdi
0x801073: 56 push rsi
0x801074: 51 push rcx
0x801075: 488d3dbf96e6fb lea rdi, [rip - 0x4196941]
0x80107c: 488d358cffffff lea rsi, [rip - 0x74]
0x801083: 48c7c112000000 mov rcx, 0x12
0x80108a: f3a4 rep movsb byte ptr [rdi], byte ptr [rsi]
0x80108c: 59 pop rcx
0x80108d: 5e pop rsi
0x80108e: 5f pop rdi
0x80108f: e9f4479903 jmp 0x4195888
[PATCH] @0x801033-0x80103f | "hook stage 1"
- 000000000000000000000000
+ 0x801033: e94b21f907 jmp 0x8793183
+ 0x801038: 9090 nop (x2)
+ 0x80103a: b800000000 mov eax, 0
[PATCH] @0x80103f-0x80104b | "hook stage 2"
- 000000000000000000000000
+ 0x80103f: 7e11 jle 0x801052
+ 0x801041: bff7064000 mov edi, 0x4006f7
+ 0x801046: e9e321f907 jmp 0x879322e
[PATCH] @0x400629-0x400635 | "hook entry point"
- 0x400629: 7e11 jle 0x40063c
- 0x40062b: bff7064000 mov edi, 0x4006f7
- 0x400630: b800000000 mov eax, 0
+ 0x400629: e94b21f907 jmp 0x8392779
+ 0x40062e: 9090 nop (x2)
+ 0x400630: b800000000 mov eax, 0
[+] Saving binary to: /home/ver0n1ca/Desktop/patchkit/simple.patched
I'm still not sure about how to fix this...
Thanks.
from patchkit.
lunixbochs
commented on July 17, 2024
What’s the output on the computer that works?
from patchkit.
Ver0n1ca
commented on July 17, 2024
The output on the computer that works:
$ ./patch -v test/simple test_patch.py
[*] test_patch.py
[+] patch()
[INJECT] @0x801000-0x80100c
68656c6c6f20776f726c640a
[INJECT] @0x80100c-0x801033
0x80100c: 50 push rax
0x80100d: 57 push rdi
0x80100e: 56 push rsi
0x80100f: 52 push rdx
0x801010: 48c7c001000000 mov rax, 1
0x801017: 48c7c701000000 mov rdi, 1
0x80101e: 48c7c600108000 mov rsi, 0x801000
0x801025: 48c7c20c000000 mov rdx, 0xc
0x80102c: 0f05 syscall
0x80102e: 5a pop rdx
0x80102f: 5e pop rsi
0x801030: 5f pop rdi
0x801031: 58 pop rax
0x801032: c3 ret
[HOOK] @0x400629 -> 0x80100c
[!] Segment made writable: 0x400000-0x40082c
[INJECT] @0x80104b-0x801072
0x80104b: e8bcffffff call 0x80100c
0x801050: 57 push rdi
0x801051: 56 push rsi
0x801052: 51 push rcx
0x801053: 488d3dcff5bfff lea rdi, [rip - 0x400a31]
0x80105a: 488d35deffffff lea rsi, [rip - 0x22]
0x801061: 48c7c10c000000 mov rcx, 0xc
0x801068: f3a4 rep movsb byte ptr [rdi], byte ptr [rsi]
0x80106a: 59 pop rcx
0x80106b: 5e pop rsi
0x80106c: 5f pop rdi
0x80106d: e9b7f5bfff jmp 0x400629
[INJECT] @0x801072-0x801094
0x801072: 57 push rdi
0x801073: 56 push rsi
0x801074: 51 push rcx
0x801075: 488d3dadf5bfff lea rdi, [rip - 0x400a53]
0x80107c: 488d35b0ffffff lea rsi, [rip - 0x50]
0x801083: 48c7c10c000000 mov rcx, 0xc
0x80108a: f3a4 rep movsb byte ptr [rdi], byte ptr [rsi]
0x80108c: 59 pop rcx
0x80108d: 5e pop rsi
0x80108e: 5f pop rdi
0x80108f: e99cf5bfff jmp 0x400630
[PATCH] @0x801033-0x80103f | "hook stage 1"
- 000000000000000000000000
+ 0x801033: e91d0a4000 jmp 0xc01a55
+ 0x801038: 9090 nop (x2)
+ 0x80103a: b800000000 mov eax, 0
[PATCH] @0x80103f-0x80104b | "hook stage 2"
- 000000000000000000000000
+ 0x80103f: 7e11 jle 0x801052
+ 0x801041: bff7064000 mov edi, 0x4006f7
+ 0x801046: e93d0a4000 jmp 0xc01a88
[PATCH] @0x400629-0x400635 | "hook entry point"
- 0x400629: 7e11 jle 0x40063c
- 0x40062b: bff7064000 mov edi, 0x4006f7
- 0x400630: b800000000 mov eax, 0
+ 0x400629: e91d0a4000 jmp 0x80104b
+ 0x40062e: 9090 nop (x2)
+ 0x400630: b800000000 mov eax, 0
[+] Saving binary to: /home/ver0n1ca/Desktop/patchkit-master/test/simple.patched
Thanks!
from patchkit.
lunixbochs
commented on July 17, 2024
What's your patch script?
from patchkit.
Ver0n1ca
commented on July 17, 2024
My patch script:
def patch(pt):
hello, size = pt.inject(raw='hello world\n', size=True)
addr = pt.inject(asm=r'''
push rax
push rdi
push rsi
push rdx
mov rax, 1 # SYS_write
mov rdi, 1 # fd
mov rsi, %d # buf
mov rdx, %d # size
syscall
pop rdx
pop rsi
pop rdi
pop rax
ret
''' % (hello, size))
pt.hook(0x400629, addr)Thanks a lot.
from patchkit.
Ver0n1ca
commented on July 17, 2024
This problem is solved in the latest dyn branch. Thanks!
from patchkit.
Related Issues (20)
- The hook api HOT 3
- Can the patched file size be reduced? HOT 5
- sample to static link a compiled dynamic library into a compiled binary HOT 1
- sample to doctor a file
- test on radare2 test bins
- evaluate LIEF HOT 14
- Patching leads to a crash in dl_main HOT 3
- keystone has a symbol resolver!?
- why。 NameError: name 'KS_ARCH_X86' is not defined? HOT 8
- Replacing a C function Error, Can't injecode c code to elf file HOT 4
- dyn branch symbol versioning
- Elffile clobbers .bss if there is only one loadable segment
- How to hook the end of a function HOT 7
- powerpc hook support HOT 2
- replacing a C function doesn't work HOT 6
- Error when patching a arm binary HOT 16
- A problem when patching arm binary with dyn branch
- elf segment offset error HOT 4
- ELF patched by newly installed patchkit always fails segmentation fault HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from patchkit.