http://pastebin.com/eLCzVwxRThat is a program I made in nasm, all it does is exit(6)... But I made the entire ELF executable with nasm, I'm suprised it worked as well as it did. Here was original file:
bits 64
segment .text
global _start
_start:
mov rdi, 6
mov rax, 3ch
syscall
; exit(6)
I assembled/linked it, then I started work on the other file. All the values were found using "readelf"(GNU tool) and <elf.h>.
Now the pastebin code is 7.1Kb of ASM, compared to 79 bytes of original. No need to link it though, nasm will do all work:
$ nasm -f bin elf.asm
$ chmod +x elf
$ ./elf
$ echo $?
6
$
What's coolest between those 2 files is they are now __identical__:
$ cmp test elf
$ md5sum test
cba74b68c8cf9b6db5b46e1555575e26 test
$ md5sum elf
cba74b68c8cf9b6db5b46e1555575e26 elf
I'm thinking of making a type of disassembler that would take an ELF file and output a file in this nasm format. The files are easy to modify compared to binary. Say we wanna add a line of code to a binary file:
_start:
nop
mov rdi, 6
mov rax, 3ch
syscall
Works in theory, but actually it screws the entire executable. the .text section doesn't contain same # of bytes, all the offsets of later sections/labels are moved up a byte and you wind up with a broken file. This nasm code can be modified very easily, just add the line & re-assemble.
Any thoughts, comments?
