• Welcome to Valhalla Legends Archive.
 

Extending the size of a data structure within .bss section (solved)

Started by defcore, April 26, 2006, 02:55 PM

Previous topic - Next topic
Print
|
Go Down Pages1
User actions

defcore

April 26, 2006, 02:55 PM Last Edit: April 27, 2006, 08:29 PM by defcore
I am playing with a linux (ELF) file server programmed in C. Unfortunately I do not have the source, so I've been poking around in it with IDA, in hopes to add some additional functionality.

I am wanting to increase the size of the following data structure:

Code Select
.bss:081960C8 ; void dword_81960C8
.bss:081960C8 dword_81960C8   dd ?                    ; DATA XREF: sub_8049694+76o
.bss:081960C8                                         ; sub_8049694+FBCo ...
.bss:081960CC                 db    ? ;
.bss:081960CD                 db    ? ;
.bss:081960CE                 db    ? ;
.bss:081960CF                 db    ? ;
.bss:081960D0                 db    ? ;
.bss:081960D1                 db    ? ;
.bss:081960D2                 db    ? ;
.bss:081960D3                 db    ? ;
.bss:081960D4                 db    ? ;
.bss:081960D5                 db    ? ;
.bss:081960D6                 db    ? ;
.bss:081960D7                 db    ? ;
.bss:081960D8                 db    ? ;
.bss:081960D9                 db    ? ;
.bss:081960DA                 db    ? ;
.bss:081960DB                 db    ? ;
.bss:081960DC                 db    ? ;
.bss:081960DD                 db    ? ;
.bss:081960DE                 db    ? ;
.bss:081960DF                 db    ? ;
.bss:081960E0                 db    ? ;
.bss:081960E1                 db    ? ;
.bss:081960E2                 db    ? ;
.bss:081960E3                 db    ? ;
.bss:081960E4                 db    ? ;
.bss:081960E5                 db    ? ;
.bss:081960E6                 db    ? ;
.bss:081960E7                 db    ? ;
.bss:081960E8 dword_81960E8   dd ?                    ; DATA XREF: sub_804E688+38w


It is currently 32 bytes (081960C8 - 081960E7), and I'd like to extend it to 64 bytes. I'm not really sure on how to go about doing this.

I am guessing that I'll have to (in theory) edit the ELF header, increase the size of my .bss section, and accordingly update the affected offsets? I don't know how to start doing this, and I'd appreciate any information.

Thanks.

(SOLVED)

Solution:

I had to read up on the format of the elf header. It took some time figuring out how it worked and how to edit it.
I edited the ELF header to increase the size of the .bss section by 100 bytes. Then I relocated my data structure to my newly created space and updated all the offsets to point to my newly created data structure.

Works like a charm.

Kp

#1
April 26, 2006, 07:03 PM
I have to ask: how'd you manage to end up with a Linux program that you can modify, yet not have its source?  Most closed source things specify no tampering.  I'd be surprised to see a closed source file server outside a corporate environment, and a corporate setup would be a lot more worried about violating anti-tampering provisions than a home user would.
[19:20:23] (BotNet) <[vL]Kp> Any idiot can make a bot with CSB, and many do!

defcore

#2
April 26, 2006, 07:29 PM
Actually, the file server is a "demo" application developed by some guys in the "Georgia Tech's Reverse Engineering Group". They have submitted various challenges and reverse-me's on the local newsgroups on campus. I've also posted this question on the newsgroups, but they haven't been very active lately, probably due to the semester ending soon.

I'm just doing this for the sake of learning.
Print
|
Go Up Pages1
User actions