fix: unable to extract data from file/mem

jm33-m0 · Mar 25, 2022 · eff9574 · eff9574
1 parent 6788b35
commit eff9574
Showing 1 changed file with 41 additions and 6 deletions.
diff --git a/core/lib/util/mem.go b/core/lib/util/mem.go
@@ -6,15 +6,50 @@ import (
 	"io/ioutil"
 	"log"
 	"os"
+	"runtime"
 	"strings"
 
 	emp3r0r_data "github.com/jm33-m0/emp3r0r/core/lib/data"
 )
 
+// ExtractData extract embedded data from args[0] or process memory
+func ExtractData() (data []byte, err error) {
+	data, err = DigEmbeddedDataFromExe()
+	if err != nil {
+		e := err
+		log.Printf("Extract ELF from args[0]: %v", err)
+		data, err = DigEmbededDataFromMem()
+		if err != nil {
+			err = fmt.Errorf("Extract data from args[0]: %v. from memory: %v", e, err)
+			return
+		}
+		log.Printf("Found %d bytes in memory", len(data))
+	} else {
+		log.Printf("Found %d bytes in %s", len(data), os.Args[0])
+	}
+
+	if len(data) <= 0 {
+		err = fmt.Errorf("No data extracted")
+	}
+	return
+}
+
+// GetProcessExe dump executable of target process
+func GetProcessExe(pid int) (exe_data []byte, err error) {
+	if runtime.GOOS != "linux" {
+		err = fmt.Errorf("Only Linux is supported as of now")
+		return
+	}
+	exe_data, err = ioutil.ReadFile(fmt.Sprintf("/proc/%d/exe", pid))
+
+	return
+}
+
 // DigEmbededDataFromFile search args[0] file content for data embeded between two separators
 // separator is MagicString*3
-func DigEmbeddedDataFromArg0() ([]byte, error) {
-	wholeStub, err := ioutil.ReadFile(os.Args[0])
+func DigEmbeddedDataFromExe() ([]byte, error) {
+	wholeStub, err := GetProcessExe(os.Getpid())
+	log.Printf("Read %d bytes from process executable", len(wholeStub))
 	if err != nil {
 		return nil, err
 	}
@@ -25,18 +60,18 @@ func DigEmbeddedDataFromArg0() ([]byte, error) {
 // DigEmbeddedData search for embedded data in given []byte buffer
 func DigEmbeddedData(data []byte) (embedded_data []byte, err error) {
 	sep := []byte(strings.Repeat(emp3r0r_data.MagicString, 3))
-	err = fmt.Errorf("DigEmbeddedData: No magic string found")
 
 	// locate embedded_data
 	split := bytes.Split(data, sep)
 	if len(split) < 2 {
+		err = fmt.Errorf("Cannot locate magic string from %d of given data", len(data))
 		return
 	}
-	data = split[1]
-	if len(data) <= 0 {
+	embedded_data = split[1]
+	if len(embedded_data) <= 0 {
+		err = fmt.Errorf("Digged nothing from %d of given data", len(data))
 		return
 	}
-	err = nil
 	return
 }