1 files changed, 65 insertions, 0 deletions
diff --git a/crash/header_screwer.c b/crash/header_screwer.c
new file mode 100644
index 0000000..735aecd
--- /dev/null
+++ b/crash/header_screwer.c
@@ -0,0 +1,65 @@
+/*
+ * Elf header screwer, based on an idea of svenka's crackme, named Thellurik (http://crackmes.de/users/svenka/thellurik/)
+ * Unfortunately for me, ioactive was quicker than me : http://blog.ioactive.com/2012/12/striking-back-gdb-and-ida-debuggers.html
+ * Kudos to them !
+ *
+ */
+#include <stdio.h>
+#include <sys/mman.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <elf.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/procfs.h>
+#include <fcntl.h>
+int main(int argc, char** argv){
+    int f;
+    static Elf32_Ehdr* header;
+    printf(".: Elf corrupt :.\n");
+    if(argc < 2){
+        printf("Usage: %s file", argv[0]);
+        return 1;
+    }
+    if((f = open(argv[1], O_RDWR)) < 0){
+        perror("open");
+        return 1;
+    }
+    //MAP_SHARED is required to actually update the file
+    if((header = (Elf32_Ehdr *) mmap(NULL, sizeof(header), PROT_READ | PROT_WRITE, MAP_SHARED, f, 0)) == MAP_FAILED){
+        perror("mmap");
+        close(f);
+        return 1;
+    }
+    printf("[*] Current header values:\n");
+    printf("\te_shoff:%d\n\te_shnum:%d\n\te_shstrndx:%d\n",
+            header->e_shoff, header->e_shnum, header->e_shstrndx);
+    header->e_shoff = 0xffff;
+    header->e_shnum = 0xffff;
+    header->e_shstrndx = 0xffff;
+    printf("[*] Patched header values:\n");
+    printf("\te_shoff:%d\n\te_shnum:%d\n\te_shstrndx:%d\n",
+            header->e_shoff, header->e_shnum, header->e_shstrndx);
+    if(msync(NULL, 0, MS_SYNC) == -1){
+        perror("msync");
+        close(f);
+        return 1;
+    }
+    close(f);
+    munmap(header, 0);
+    printf("You should no more be able to run \"%s\" inside GDB\n", argv[1]);
+    return 0;
+}

diff --git a/crash/header_screwer.c b/crash/header_screwer.c new file mode 100644 index 0000000..735aecd --- /dev/null +++ b/crash/header_screwer.c
@@ -0,0 +1,65 @@
	1	/*
	2	* Elf header screwer, based on an idea of svenka's crackme, named Thellurik (http://crackmes.de/users/svenka/thellurik/)
	3	* Unfortunately for me, ioactive was quicker than me : http://blog.ioactive.com/2012/12/striking-back-gdb-and-ida-debuggers.html
	4	* Kudos to them !
	5	*
	6	*/
	7
	8
	9	#include <stdio.h>
	10	#include <sys/mman.h>
	11	#include <unistd.h>
	12	#include <stdlib.h>
	13	#include <elf.h>
	14	#include <sys/stat.h>
	15	#include <sys/types.h>
	16	#include <sys/procfs.h>
	17	#include <fcntl.h>
	18
	19
	20	int main(int argc, char** argv){
	21	int f;
	22	static Elf32_Ehdr* header;
	23
	24	printf(".: Elf corrupt :.\n");
	25
	26	if(argc < 2){
	27	printf("Usage: %s file", argv[0]);
	28	return 1;
	29	}
	30
	31	if((f = open(argv[1], O_RDWR)) < 0){
	32	perror("open");
	33	return 1;
	34	}
	35
	36	//MAP_SHARED is required to actually update the file
	37	if((header = (Elf32_Ehdr *) mmap(NULL, sizeof(header), PROT_READ \| PROT_WRITE, MAP_SHARED, f, 0)) == MAP_FAILED){
	38	perror("mmap");
	39	close(f);
	40	return 1;
	41	}
	42
	43	printf("[*] Current header values:\n");
	44	printf("\te_shoff:%d\n\te_shnum:%d\n\te_shstrndx:%d\n",
	45	header->e_shoff, header->e_shnum, header->e_shstrndx);
	46
	47	header->e_shoff = 0xffff;
	48	header->e_shnum = 0xffff;
	49	header->e_shstrndx = 0xffff;
	50
	51	printf("[*] Patched header values:\n");
	52	printf("\te_shoff:%d\n\te_shnum:%d\n\te_shstrndx:%d\n",
	53	header->e_shoff, header->e_shnum, header->e_shstrndx);
	54
	55	if(msync(NULL, 0, MS_SYNC) == -1){
	56	perror("msync");
	57	close(f);
	58	return 1;
	59	}
	60
	61	close(f);
	62	munmap(header, 0);
	63	printf("You should no more be able to run \"%s\" inside GDB\n", argv[1]);
	64	return 0;
	65	}