0x00pf
August 31, 2020, 7:31pm
5
Hi @digitalXmage ,
Are you maybe working with PIE binaries?. Check this out.
Had a question about this tutorial:
I’ve tried double-checking the code several times. Even tried pulling it off this github to ensure I wasn’t missing anything:
https://raw.githubusercontent.com/0x00pf/0x00sec_code/master/crypter/polycrypt.c
Every time I try to run it I get the following though:
$ ./polycrypt
mprotect:: Cannot allocate memory
Segmentation fault
At first I thought this may be some security feature on my device that was preventing that. However, I was able to execute the…
and this
So i’ve been reading through and understanding pico’s elf file injector tutorial. Everything so far i’m understanding, however when it comes to the patching of the entry points etc in the:
elfi_mem_subst() function within the tutorial code.
From my understanding once the .text section of the payload has been written to the code cave after the .text section within the target file, we then have to use the elfi_mem_subst function to patch the return address to be the original entry point of the f…
The method doesn’t work with PIE, it needs to be updated to use a RIP relative jump instead of the absolute jump used in the original post, because an absolute jump doesn’t work on a PIE binary as it may be anywhere in memory
1 Like