load and execute

master
JoYo 2016-01-12 20:05:45 -05:00
parent 1faad74d59
commit 70d068db22
2 changed files with 64 additions and 39 deletions

View File

@ -1,48 +1,53 @@
#include <stdio.h> #include <stdio.h>
#include <time.h>
#include <stdlib.h> #include <stdlib.h>
#include <sys/mman.h> #include <malloc.h>
#include <time.h>
#include <string.h> #include <string.h>
#include <errno.h> #include <errno.h>
#include <sysexits.h> #include <sysexits.h>
#include <sys/mman.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include <openssl/sha.h> #include <openssl/sha.h>
#include <openssl/bio.h>
#include <openssl/evp.h>
#include <openssl/buffer.h>
#pragma comment(lib, "openssl/sha.lib") #pragma comment(lib, "openssl/sha.lib")
void picProto(void *picAddr, size_t picSize, void *clonePtr, char *checksum) {
char *picProto(void *picAddr, size_t picSize, void *clonePtr) { void (*cloneFunc)(void *, size_t, char *) = clonePtr;
char *(*cloneFunc)(void *, size_t) = clonePtr; cloneFunc(picAddr, picSize, checksum);
return cloneFunc(picAddr, picSize); return;
} }
char *clone(void *picAddr, size_t picSize) { void clone(void *picAddr, size_t picSize, char *checksum) {
auto retVal = EX_SOFTWARE; auto retVal = EX_SOFTWARE;
srand((unsigned int)time(NULL)); srand(time(NULL));
unsigned int picOffset = (rand() % (picSize + 1)); unsigned int picOffset = (rand() % (picSize + 1));
unsigned char picFlip = ((char *)picAddr)[picOffset] & (rand() % 1);
((char *)picAddr)[picOffset] = ((char *)picAddr)[picOffset] & (rand() % 1); ((char *)picAddr)[picOffset] = picFlip;
unsigned char *digest = NULL; unsigned char digest[SHA_DIGEST_LENGTH];
SHA_CTX sha; SHA1(picAddr, picSize, digest);
SHA1_Init(&sha); for (int iter = 0; iter < SHA_DIGEST_LENGTH; iter++) {
SHA1_Update(&sha, picAddr, picSize); sprintf(&checksum[iter * 2], "%02x", digest[iter]);
SHA1_Final(digest, &sha); }
char *fileOutPath = NULL; FILE *fileOutHandle = fopen(checksum, "w+");
sprintf(fileOutPath, "./%s_%x.bin", digest, rand());
FILE *fileOutHandle = fopen(fileOutPath, "wb");
if (NULL == fileOutHandle) { if (NULL == fileOutHandle) {
retVal = EX_SOFTWARE; retVal = errno;
goto CLONE_CLEANUP; goto CLONE_CLEANUP;
} }
retVal = fwrite(picAddr, 1, picSize, fileOutHandle); retVal = fwrite(picAddr, 1, picSize, fileOutHandle);
if (retVal != picSize) { if (retVal != picSize) {
retVal = EX_SOFTWARE; retVal = errno;
goto CLONE_CLEANUP; goto CLONE_CLEANUP;
} }
@ -51,7 +56,7 @@ CLONE_CLEANUP:
if (fileOutHandle) { if (fileOutHandle) {
fclose(fileOutHandle); fclose(fileOutHandle);
} }
return fileOutPath; return;
} }
int main(int argc, const char **argv) { int main(int argc, const char **argv) {
@ -60,34 +65,33 @@ int main(int argc, const char **argv) {
FILE *fileInHandle = fopen(fileInPath, "rb"); FILE *fileInHandle = fopen(fileInPath, "rb");
if (NULL == fileInHandle) { if (NULL == fileInHandle) {
retVal = EX_SOFTWARE; retVal = errno;
goto MAIN_CLEANUP; goto MAIN_CLEANUP;
} }
fseek(fileInHandle, 0L, SEEK_END); struct stat picStat;
size_t picBuffer_len = ftell(fileInHandle); fstat(fileno(fileInHandle), &picStat);
fseek(fileInHandle, 0L, SEEK_SET); if (-1 == picStat.st_size) {
if (0 >= picBuffer_len) { retVal = errno;
retVal = EX_SOFTWARE;
goto MAIN_CLEANUP; goto MAIN_CLEANUP;
} }
void *picBuffer = malloc(picBuffer_len); void *picBuffer = memalign(getpagesize(), picStat.st_size);
if (NULL == picBuffer) { if (NULL == picBuffer) {
retVal = EX_SOFTWARE; retVal = errno;
goto MAIN_CLEANUP; goto MAIN_CLEANUP;
} }
memset(&picBuffer, 0, picBuffer_len); retVal =
retVal = mprotect(picBuffer, picBuffer_len, PROT_EXEC); mprotect(picBuffer, picStat.st_size, PROT_READ | PROT_WRITE | PROT_EXEC);
if (0 == retVal) { if (0 != retVal) {
retVal = EX_SOFTWARE; retVal = errno;
goto MAIN_CLEANUP; goto MAIN_CLEANUP;
} }
retVal = fread(picBuffer, 1, picBuffer_len, fileInHandle); retVal = fread(picBuffer, 1, picStat.st_size, fileInHandle);
if (retVal != picBuffer_len) { if (retVal != picStat.st_size) {
retVal = EX_SOFTWARE; retVal = errno;
goto MAIN_CLEANUP; goto MAIN_CLEANUP;
} }
@ -95,10 +99,11 @@ int main(int argc, const char **argv) {
fclose(fileInHandle); fclose(fileInHandle);
} }
char *(*cloneFunc)(void *, size_t) = clone; char checksum[(SHA_DIGEST_LENGTH * 2) + 1];
void *(*picFunc)(void *, size_t, void *) = picBuffer; void (*cloneFunc)(void *, size_t, char *) = clone;
void (*picFunc)(void *, size_t, void *, char *) = picBuffer;
char *childPath = picFunc(picBuffer, picBuffer_len, cloneFunc); picFunc(picBuffer, picStat.st_size, cloneFunc, &checksum);
retVal = EX_OK; retVal = EX_OK;
MAIN_CLEANUP: MAIN_CLEANUP:

20
scrap.asm Normal file
View File

@ -0,0 +1,20 @@
[BITS 64]
push rbp
mov rbp,rsp
sub rsp,0x30
mov QWORD [rbp-0x18],rdi
mov QWORD [rbp-0x20],rsi
mov QWORD [rbp-0x28],rdx
mov QWORD [rbp-0x30],rcx
mov rax,QWORD [rbp-0x28]
mov QWORD [rbp-0x8],rax
mov rdx,QWORD [rbp-0x30]
mov rsi,QWORD [rbp-0x20]
mov rcx,QWORD [rbp-0x18]
mov rax,QWORD [rbp-0x8]
mov rdi,rcx
call rax
nop
leave
ret