Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

elfdiff #78

Closed
wants to merge 1 commit into from
Closed

elfdiff #78

wants to merge 1 commit into from

Conversation

zachriggle
Copy link
Member

After patching some NOPs into /bin/bash

$ elfdiff /bin/bash mybash
2,3c2,3
< /bin/bash:     file format elf64-x86-64
< /bin/bash

---
> mybash:     file format elf64-x86-64
> mybash
7702c7702
<  41dac0 ff251a18 2d006859 000000e9 50faffff  .%..-.hY....P...

---
>  41dac0 90909090 90006859 000000e9 50faffff  ......hY....P...
63991,63993c63991,64002
<   41dac0:     ff 25 1a 18 2d 00       jmpq   *0x2d181a(%rip)        # 6ef2e0 <_rl_possible_control_prefixes+0x21c9c0>
<   41dac6:     68 59 00 00 00          pushq  $0x59
<   41dacb:     e9 50 fa ff ff          jmpq   41d520 <_init+0x20>

---
>   41dac0:     90                      nop
>   41dac1:     90                      nop
>   41dac2:     90                      nop
>   41dac3:     90                      nop
>   41dac4:     90                      nop
>   41dac5:     00 68 59                add    %ch,0x59(%rax)
>   41dac8:     00 00                   add    %al,(%rax)
>   41daca:     00 e9                   add    %ch,%cl
>   41dacc:     50                      push   %rax
>   41dacd:     fa                      cli    
>   41dace:     ff                      (bad)  
>   41dacf:     ff                      (bad)

@br0ns
Copy link
Contributor

br0ns commented Aug 28, 2014

I tried testing these locally for a binary I had, and ran into a few problems. I would like to have at least some of these features before accepting:

  • You do not clean up the temporary files.
  • The first two lines of the diff is just based on the filename. It is silly to output those.
  • If there is a change in the build id, you output those.
  • You output only the virtual addresses -- it would be nice to have the file offsets too.
  • It would be nice to know what sections the changes are in.

In conclusion: We might not want to simply use objdump and diff.

Closing until next version.

@br0ns br0ns closed this Aug 28, 2014
@zachriggle zachriggle deleted the elfdiff branch August 28, 2014 16:45
TethysSvensson pushed a commit that referenced this pull request Jul 2, 2016
@zachriggle
Merge pull request #78 from Manouchehri/patch-2
348456e 
libffi-dev is required.
Kyle-Kyle pushed a commit to Kyle-Kyle/pwntools that referenced this pull request Apr 25, 2021
@anthraxx @zachriggle
Less aggressive faulty source line detection (fixes Gallopsled#78) (G…
8d5982b 
…allopsled#80)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@zachriggle @br0ns