README.md 2.82 KB
Newer Older
1
2
3
4
5
6
7
8
9
An example program, demonstrating how to automatically patch a binary, in order
to access "hidden" static data inside a function - that you are not allowed to
modify due to legacy reasons.

The function `foo` inside `old_library_code.c` contains static, hidden data:

    void foo()
    {
        static int data[128];
Thanassis Tsiodras's avatar
Thanassis Tsiodras committed
10
11
12
13
        int i;
        for(i=0; i<128; i++)
            data[i] = i;
    }
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

We can't touch this function, for whatever reason. But we do want to access 
the data from new code we have written:

    int main()
    {
    ...
        for(i=0; i<128; i++)
            printf("%d ", thanassis_data[i]);
    }

We do this via `thanassis_data` - which we will somehow force,
 to be semantically identical to `data`.

How?

Look at `patch_binary` - we extract the address of the hidden symbol (which
we see in the `nm old_library_code.o` output is named `data.0` - and we
then patch the binary via GDB, to set `thanassis_data` to *point to the 
same address*.

Example run:

    (master)$ make
    sparc-elf-gcc -c -o newcode.o newcode.c
    sparc-elf-gcc -c -o old_library_code.o old_library_code.c
    sparc-elf-gcc -o example newcode.o old_library_code.o
    ./patch_binary
    [-] The static variable is at memory offset:    4000a86c
    [-] Patching binary with GDB...
    [-] Done!
    
    (master)*$ taste-simulate-leon3 ./example
    GNU gdb (GDB) 8.2.1
    Copyright (C) 2018 Free Software Foundation, Inc.
    License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.
    Type "show copying" and "show warranty" for details.
    This GDB was configured as "--host=x86_64-linux-gnu --target=sparc-rtems5".
    Type "show configuration" for configuration details.
    For bug reporting instructions, please see:
    <http://www.gnu.org/software/gdb/bugs/>.
    Find the GDB manual and other documentation resources online at:
        <http://www.gnu.org/software/gdb/documentation/>.
    
    For help, type "help".
    Type "apropos word" to search for commands related to "word"...
    Reading symbols from ./example...done.
    (gdb) Connected to the simulator.
    (gdb) (gdb) Starting program: /home/taste/GitLocal/access_static_data/example
    0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 [Inferior 1 (process 42000) exited normally]
    (gdb) quit
    
As you can see, we extract the data of the static - as they were set inside
the function `foo`.