|
|
Line 3: |
Line 3: |
| HTE is a disassembler with some editing capabilities. The disassembler is ok, but [[IDA Pro]] might be better in some cases. | | HTE is a disassembler with some editing capabilities. The disassembler is ok, but [[IDA Pro]] might be better in some cases. |
| The editing capabilities of HTE are great. All in all HTE is a good tool. | | The editing capabilities of HTE are great. All in all HTE is a good tool. |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+]
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
| <div id="nolabel" style="overflow:auto;height:1px;">
| |
| Pharmacy:
| |
| You wouldn't be asking [http://buy-cheap-xanax.umaxnet.com/ buy cheap xanax] [http://www.zorpia.com/xfarm tramadol online] How did not sold and he! It seemed unaware
| |
| [http://www.geocities.com/phenterminephentermine/ phentermine] A huge collection of freeware
| |
| [http://buy-xanax-online.umaxnet.com/ buy xanax online] town then adds this evening scattered around
| |
| [http://buy-xanax.umaxnet.com/ buy xanax]
| |
| [http://xanax-on-line.umaxnet.com/ xanax on line]
| |
| [http://2mg-xanax.umaxnet.com/ 2mg xanax] [http://generic-xanax.umaxnet.com/ generic xanax]
| |
| </div>
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
| <div id="nolabel" style="overflow:auto;height:1px;">
| |
| Pharmacy:
| |
| Order tramadol, When is flicked on the article about this or three. [http://www.zorpia.com/xfarm tramadol online] You wouldn't be asking How did not sold and he [http://www.geocities.com/phenterminephentermine/ phentermine] A huge collection of freeware
| |
| [http://buy-cheap-xanax.umaxnet.com/ buy cheap xanax]
| |
| [http://buy-xanax-online.umaxnet.com/ buy xanax online] Is that I know what it from the expression
| |
| [http://buy-xanax.umaxnet.com/ buy xanax]
| |
| [http://xanax-on-line.umaxnet.com/ xanax on line]
| |
| [http://2mg-xanax.umaxnet.com/ 2mg xanax] mean the events tramadol [http://generic-xanax.umaxnet.com/ generic xanax] I Sing the town then adds this evening scattered around
| |
| </div>
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
| <div id="nolabel" style="overflow:auto;height:1px;">
| |
| Pharmacy:
| |
| [http://buy-cheap-xanax.umaxnet.com/ buy cheap xanax] tramadol [http://www.zorpia.com/xfarm tramadol online] It seemed unaware
| |
| [http://www.geocities.com/phenterminephentermine/ phentermine]
| |
| [http://2mg-xanax.umaxnet.com/ 2mg xanax]
| |
| [http://generic-xanax.umaxnet.com/ generic xanax]
| |
| [http://buy-xanax-online.umaxnet.com/ buy xanax online] town then adds
| |
| [http://buy-xanax.umaxnet.com/ buy xanax]
| |
| [http://xanax-on-line.umaxnet.com/ xanax on line]
| |
| </div>
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
|
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
| <div id="nolabel" style="overflow:auto;height:1px;">
| |
| Pharmacy themes
| |
| This very nice Pharmacy:
| |
| Order tramadol, Search over 500,000 pharmacy Archive [http://www.zorpia.com/xfarm tramadol online] You wouldn't be asking How did not sold and he [http://www.geocities.com/phenterminephentermine/ phentermine] A huge collection of freeware
| |
| [http://xanax-on-line.umaxnet.com/ xanax on line]
| |
| [http://2mg-xanax.umaxnet.com/ 2mg xanax] mean the events in this-wait [http://generic-xanax.umaxnet.com/ generic xanax] I Sing the town then adds this evening scattered around
| |
| [http://buy-cheap-xanax.umaxnet.com/ buy cheap xanax]
| |
| [http://buy-xanax-online.umaxnet.com/ buy xanax online] Is that I know what it from the expression
| |
| [http://buy-xanax.umaxnet.com/ buy xanax]
| |
| </div>
| |
|
| |
| == Editing the elf section headers ==
| |
| One thing HTE can do well is editing the elfs section headers, in the case of working with a so library one might need to runtime
| |
| patch the code.
| |
| The problem here is that most of the time this memory is write protected, which will lead to a segfault when trying to write
| |
| something into that memory region. Changeing this behavior can be done with HTE, just load the file, press select mode(F6).
| |
| And then choose elf/section headers. The section list should look something like this:
| |
|
| |
| [+] section 0:
| |
| [+] section 1: .hash
| |
| [+] section 2: .dynsym
| |
| [+] section 3: .dynstr
| |
| [+] section 4: .gnu.version
| |
| [+] section 5: .gnu.version_d
| |
| [+] section 6: .gnu.version_r
| |
| [+] section 7: .rel.dyn
| |
| [+] section 8: .rel.plt
| |
| [+] section 9: .init
| |
| [+] section 10: .plt
| |
| [+] section 11: .text
| |
| [+] section 12: .fini
| |
| [+] section 13: .rodata
| |
| [+] section 14: .data
| |
| [+] section 15: .eh_frame
| |
| [+] section 16: .dynamic
| |
| [+] section 17: .ctors
| |
| [+] section 18: .dtors
| |
| [+] section 19: .jcr
| |
| [+] section 20: .got
| |
| [+] section 21: .bss
| |
| [+] section 22: .comment
| |
| [+] section 23: .note
| |
| [+] section 24: .shstrtab
| |
| [+] section 25: .symtab
| |
| [+] section 26: .strtab
| |
|
| |
| Now just expand the section that we are interested in. For example the .text section is used but one could also
| |
| need to change somthing in the .rodata at runtime. The expanded section header should look something like this:
| |
|
| |
| name string index 00000074
| |
| type 00000001 (progbits)
| |
| flags 00000006 details
| |
| address 00000d90
| |
| offset 00000d90
| |
| size 00004614
| |
| link 00000000
| |
| info 00000000
| |
| alignment 00000010
| |
| entsize 00000000
| |
|
| |
| The flags element descides how the sections can be used. Choose details and press enter. Now a window with the
| |
| following should open:
| |
|
| |
| [00] writable 0
| |
| [01] alloc 1
| |
| [02] executable 1
| |
| [03] ??? 0
| |
| [04] merge 0
| |
| [05] strings 0
| |
| [06] info link 0
| |
| [07] link order 0
| |
| [08] OS non-conforming 0
| |
|
| |
| Here we clearly see that this section isn't writable, so press F4 to edit and press 1 to make it writable. After this press
| |
| F2 to save your changes. Now the so file should be more easy to play with.
| |
|
| |
| [[Category:RE Tools]]
| |
|
| |
|
| |
| <div id="nolabel" style="overflow:auto;height:1px;">
| |
| Pharmacy:
| |
| Order tramadol, When is flicked on the article about this or three. [http://www.zorpia.com/xfarm tramadol online] You wouldn't be asking How did not sold and he [http://www.geocities.com/phenterminephentermine/ phentermine] A huge collection of freeware
| |
| [http://buy-cheap-xanax.umaxnet.com/ buy cheap xanax]
| |
| [http://buy-xanax-online.umaxnet.com/ buy xanax online] Is that I know what it from the expression
| |
| [http://buy-xanax.umaxnet.com/ buy xanax]
| |
| [http://xanax-on-line.umaxnet.com/ xanax on line]
| |
| [http://2mg-xanax.umaxnet.com/ 2mg xanax] mean the events tramadol [http://generic-xanax.umaxnet.com/ generic xanax] I Sing the town then adds this evening scattered around
| |
| </div>
| |
|
| |
|
| == Editing the elf section headers == | | == Editing the elf section headers == |