sigonasr2/MemoryOverwriter
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Write values directly to a memory address.

Browse Source 
Co-authored-by: sigonasr2 <sigonasr2@gmail.com>
This commit is contained in:
sigonasr2, Sig, Sigo 2022-07-05 17:25:47 +00:00
parent 2f2199b31e
commit 0996dc4e7c
8 changed files with 109 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
C/scripts/build.sh
View File

@ -2,6 +2,6 @@
#C
printf "Running program...\n\n\n"
if gcc $(find . -type f -name "*.c") ${CUSTOM_PARAMS} -o ${PROJECT_NAME}; then
./${PROJECT_NAME} "$@"
sudo ./${PROJECT_NAME} "$@"
fi
printf "\n\n"

48
main.c
View File

@ -1,17 +1,21 @@
#include <stdio.h>
#include <sys/uio.h>
#include <stdlib.h>
#include <errno.h>
#include <fcntl.h>
#include <unistd.h>
#include <string.h>
unsigned long strToLong(char*str) {
unsigned long long strToLong(char*str) {
int counter=0;
char c;
unsigned long val=0;
int base=10;
while ((c=str[counter++])!='\0') {
if (counter==1&&c=='0') {
if (c=='0'&&val==0&&base==10) {
base=8;
continue;
} else
if (counter==2&&c=='x') {
if (c=='x'&&val==0&&base==8) {
base=16;
continue;
}
@ -29,8 +33,8 @@ unsigned long strToLong(char*str) {
}
int main(int argc,char**argv) {
unsigned int pid;
unsigned long addr;
long unsigned int pid;
unsigned long long addr;
unsigned long val;
unsigned int interval=1000;
if (argc<4) {
@ -43,9 +47,33 @@ int main(int argc,char**argv) {
if (argc>=5) {
interval=strToLong(argv[4]);
}
printf("\nPID: %lu",pid);
printf("\nAddress: %lu",addr);
printf("\nValue: %lu",val);
printf("\nInterval: %lu",interval);
printf("\nPID: %lu",pid);
printf("\nAddress: 0x%08llx",addr);
printf("\nValue: %lu",val);
printf("\nInterval: %d",interval);
char*proc_mem = malloc(50);
sprintf(proc_mem,"/proc/%ld/mem",pid);
int fd_proc_mem=open(proc_mem,O_RDWR);
if (fd_proc_mem==-1) {
printf("Could not open %s\n",proc_mem);
exit(1);
}
char*buf=malloc(sizeof(unsigned int));
lseek(fd_proc_mem,addr,SEEK_SET);
read(fd_proc_mem,buf,sizeof(unsigned int));
while (1) {
sprintf(buf,"%d",(int)val++);
lseek(fd_proc_mem,addr,SEEK_SET);
if (write(fd_proc_mem,buf,sizeof(unsigned int))==-1) {
printf("Error while writing\n");
exit(1);
}
printf("\nWrite %d",(int)val-1);
sleep(2);
}
free(buf);
free(proc_mem);
}
}

BIN
memovr
View File

Binary file not shown.

2
sig
View File

@ -1,4 +1,4 @@
export AUTO_UPDATE=true
export AUTO_UPDATE=false
source utils/define.sh

BIN
testProgram Executable file
View File

Binary file not shown.

20
testProgram. Normal file
View File

@ -0,0 +1,20 @@
#include <stdio.h>
#include <unistd.h>
#include <string.h>
int main() {
char foo[] = "This is some text from proc-1";
printf("Now execute\n");
printf(" sudo ./testProgram2 %d %lx %lu\n", getpid(), (long unsigned int) foo, strlen(foo)+1);
printf("Press any key\n");
while (1) {
getchar();
printf("foo has changed to: %s\n", foo);
}
}

BIN
testProgram2 Executable file
View File

Binary file not shown.

49
testProgram2. Normal file
View File

@ -0,0 +1,49 @@
#include <stdio.h>
#include <stdlib.h>
// #include <sys/mman.h>
#include <fcntl.h>
#include <errno.h>
#include <unistd.h>
#include <string.h>
int main(int argc, char* argv[]) {
if (argc != 4) {
printf("proc-2 pid addr length\n");
exit(1);
}
int pid = strtol (argv[1], NULL, 10);
unsigned long addr = strtoul(argv[2], NULL, 16);
int len = strtol (argv[3], NULL, 10);
char* proc_mem = malloc(50);
sprintf(proc_mem, "/proc/%d/mem", pid);
printf("opening %s, address is %ld\n", proc_mem, addr);
int fd_proc_mem = open(proc_mem, O_RDWR);
if (fd_proc_mem == -1) {
printf("Could not open %s\n", proc_mem);
exit(1);
}
char* buf = malloc(len);
lseek(fd_proc_mem, addr, SEEK_SET);
read (fd_proc_mem, buf , len );
printf("String at %ld in process %d is:\n", addr, pid);
printf(" %s\n", buf);
printf("\nNow, this string is modified\n");
strncpy(buf, "Hello from proc-2", len);
lseek(fd_proc_mem, addr, SEEK_SET);
if (write (fd_proc_mem, buf , len ) == -1) {
printf("Error while writing\n");
exit(1);
}
free(buf);
free(proc_mem);
}