Closed
Description
Tried to make a simple packer using lief, but it turns out I was never able to make a working binary while using lief.ELF.add_segment() function.
Reproduction steps are easy, just follow https://lief.quarkslab.com/doc/tutorials/05_elf_infect_plt_got.html and at step Injecting the hook, lief failed to add the segment on debian unstable.
On some other tests, binaries were successfully written but could not be executed. This seems to happen when adding a segment to a static binary.
Here is a sample program:
#include <stdio.h>
int main(void)
{
puts("Hello World");
return 0;
}
Then:
laxa:tmp.eJeAIIAtPd:14:23:41$ gcc hello_world.c -static
laxa:tmp.eJeAIIAtPd:14:24:00$ checksec --file a.out
[*] '/tmp/tmp.eJeAIIAtPd/a.out'
Arch: amd64-64-little
RELRO: Partial RELRO
Stack: No canary found
NX: NX enabled
PIE: No PIE (0x400000)
Then using the following lief script:
import lief
binary = lief.parse('a.out')
segment = lief.ELF.Segment()
segment = lief.ELF.Segment()
segment.type = lief.ELF.SEGMENT_TYPES.LOAD
segment.flag = lief.ELF.SEGMENT_FLAGS.PF_R | lief.ELF.SEGMENT_FLAGS.PF_W | lief.ELF.SEGMENT_FLAGS.PF_X
segment.content = [1, 2, 3]
segment.alignment = 8
segment = binary.add_segment(segment, base=0xA0000000)
binary.write('a.out.bin')
And doing that right after fails:
laxa:tmp.eJeAIIAtPd:14:24:31$ python test_lief.py
laxa:tmp.eJeAIIAtPd:14:25:18$ chmod +x a.out.bin
laxa:tmp.eJeAIIAtPd:14:25:23$ ./a.out.bin
Segmentation fault
laxa:tmp.eJeAIIAtPd:14:25:25$ strace ./a.out.bin
execve("./a.out.bin", ["./a.out.bin"], [/* 51 vars */]) = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x400930} ---
+++ killed by SIGSEGV +++
Segmentation fault
Metadata
Metadata
Assignees
Labels
No labels