Skip to content

Commit

Permalink
add GOT overwrite section to README
Browse files Browse the repository at this point in the history
  • Loading branch information
lapla-cogito committed Aug 20, 2024
1 parent a9c411c commit 053486b
Showing 1 changed file with 30 additions and 0 deletions.
30 changes: 30 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,36 @@ Hex dump of section '.comment':
0x00000020 00000000 00000000 000000 ...........
```

## GOT overwrite

Overwrites the GOT section with a specified value

```
$ cattleya -i bin/got --got --got-l system --got-f secret -o obfuscated
$ ./obfuscated
secret function called
```

As shown below, only the system function is called in the main function as far as disassembly is concerned:

```
$ objdump -d obfuscated
...
00000000004011d2 <main>:
4011d2: f3 0f 1e fa endbr64
4011d6: 55 push %rbp
4011d7: 48 89 e5 mov %rsp,%rbp
4011da: 48 83 ec 10 sub $0x10,%rsp
4011de: 48 8d 05 36 0e 00 00 lea 0xe36(%rip),%rax # 40201b <_IO_stdin_used+0x1b>
4011e5: 48 89 c7 mov %rax,%rdi
4011e8: e8 73 fe ff ff call 401060 <system@plt>
4011ed: 89 45 fc mov %eax,-0x4(%rbp)
4011f0: b8 00 00 00 00 mov $0x0,%eax
4011f5: c9 leave
4011f6: c3 ret
...
```

# Recursive option

By specifying the directory name in the recursive option, the same obfuscation can be applied to all ELF files in that directory:
Expand Down

0 comments on commit 053486b

Please sign in to comment.