8000 Binary data is incorrect, maximum possible value is 560 · Issue #1 · thinkycx/elfguard · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Binary data is incorrect, maximum possible value is 560 #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
thinkycx opened this issue Apr 5, 2019 · 0 comments
Open

Binary data is incorrect, maximum possible value is 560 #1

thinkycx opened this issue Apr 5, 2019 · 0 comments
Labels
bug Something isn't working

Comments

@thinkycx
Copy link
Owner
thinkycx commented Apr 5, 2019
edited
Loading

description

When use the IDA to load heapcreator.expanded, it failed.

Output

image

log

//... 
  bytes   pages size description
--------- ----- ---- --------------------------------------------
   262144    32 8192 allocating memory for b-tree...
    65536     8 8192 allocating memory for virtual array...
   262144    32 8192 allocating memory for name pointers...
-----------------------------------------------------------------
   589824            total memory allocated

Loading file 'samples/heapcreator.expanded' into database...
Detected file format: ELF64 for x86-64 (Executable)
Loading processor module /Applications/IDA Pro 7.0/ida64.app/Contents/MacOS/procs/pc64.dylib for metapc...OK
Autoanalysis subsystem has been initialized.
/Applications/IDA Pro 7.0/ida64.app/Contents/MacOS/plugins/vmlinux.py: PLUGIN_ENTRY was not defined or the class name 'Keypatch_Plugin_t' was already used in 'keypatch.py'
  0. Creating a new segment  (0000000000400000-00000000004012AC) ... ... OK
  1. Creating a new segment  (00000000004034A8-000000000040379B) ... ... OK
Unloading IDP module /Applications/IDA Pro 7.0/ida64.app/Contents/MacOS/procs/pc64.dylib...

other info

The key point is in addSegment function. When add the p_filesz 0xc3 in order to load the shellcode , the IDA will display this error.

		# add new PT_LOAD to load new Program Header Table and maybe shellcode in future
			# todo IDA cannot load it and pwntools command: got  is also failed
			segAlign = (len(phdr_table) + e_phentsize) % 0x10
			if u32(phdr[i][0:4]) == 0x1:
				log.info("\t find first PT_LOAD, going to add a new PT_LOAD...")
				log.info("\t len(phdr_table) + e_phentsize : %x", len(phdr_table) + e_phentsize);
				new_phdr = phdr[i]
				new_phdr = util.replaceStr(new_phdr, 0x4, p32(0x5))                                      # p_flags 7
				new_phdr = util.replaceStr(new_phdr, 0x8, p64(raw_filesize))                             # p_offset
				new_phdr = util.replaceStr(new_phdr, 0x10, p64(0x400000 + raw_filesize))                 # p_pvaddr
				new_phdr = util.replaceStr(new_phdr, 0x18, p64(0x400000 + raw_filesize))                 # p_paddr
				new_phdr = util.replaceStr(new_phdr, 0x20, p64(len(phdr_table) + e_phentsize + 0xc3))    # p_filesz
				new_phdr = util.replaceStr(new_phdr, 0x28, p64(len(phdr_table) + e_phentsize + segAlign + 0xc3))# p_memsz
				phdr.insert(i+1, new_phdr)
				break
@thinkycx thinkycx added the bug Something isn't working label Apr 5, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@thinkycx
0