padding

77e1ac96 · Chu · 7ac48631 · 77e1ac96 · 77e1ac96
Commit 77e1ac96 authored Jan 03, 2020 by Chu
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 8 deletions

.gitignore .gitignore +1 -0

process.cpp inject/process.cpp +9 -8

No files found.
--- a/.gitignore
+++ b/.gitignore
+.DS_Store
 .idea
 cmake-build-*
--- a/inject/process.cpp
+++ b/inject/process.cpp
@@ -132,22 +132,23 @@ void Process::set_registers(const user_regs_struct &registers)
 void Process::call_func(const void *address, std::array<const void *, 6> args)
 {
    check_for_attached();
-    // 0:   48 83 e4 f0                         and $0xfffffffffffffff0, %rsp
-    // 4:   48 bb ef be ad de ef be ad de       movabs $0xdeadbeefdeadbeef, %rbx
-    // e:   ff d3                               callq *%rbx
-    // 10:  cc                                  int3
+    // 0:   90 90 90 90                         nop
+    // 4:   48 83 e4 f0                         and $0xfffffffffffffff0, %rsp
+    // 8:   48 bb ef be ad de ef be ad de       movabs $0xdeadbeefdeadbeef, %rbx
+    // 12:  ff d3                               callq *%rbx
+    // 14:  cc                                  int3
    // https://stackoverflow.com/questions/44613592/shared-library-injection-dl-relocate-object-segfaults
-    std::vector<unsigned char> shellcode = {0x48, 0x83, 0xe4, 0xf0, 0x48, 0xbb, 0xef, 0xbe, 0xad,
-                                            0xde, 0xef, 0xbe, 0xad, 0xde, 0xff, 0xd3, 0xcc};
+    std::vector<unsigned char> shellcode = {0x90, 0x90, 0x90, 0x90, 0x48, 0x83, 0xe4, 0xf0, 0x48, 0xbb, 0xef,
+                                            0xbe, 0xad, 0xde, 0xef, 0xbe, 0xad, 0xde, 0xff, 0xd3, 0xcc};
    while (shellcode.size() % sizeof(void *) != 0)
        shellcode.emplace_back(0x90);
-    std::memcpy(shellcode.data() + 6, &address, sizeof(address));
+    std::memcpy(shellcode.data() + 10, &address, sizeof(address));
    auto rx_area = find_rx_area();
    auto original_code = read(rx_area, shellcode.size());
    write(rx_area, shellcode);
    auto original_registers = get_registers();
    auto registers = original_registers;
-    registers.rip = reinterpret_cast<decltype(registers.rip)>(rx_area);
+    registers.rip = reinterpret_cast<decltype(registers.rip)>(rx_area) + 4;
    registers.rdi = reinterpret_cast<decltype(registers.rdi)>(args[0]);
    registers.rsi = reinterpret_cast<decltype(registers.rsi)>(args[1]);
    registers.rdx = reinterpret_cast<decltype(registers.rdx)>(args[2]);