#include <bfd.h>
#include <dlfcn.h>
#include <elf.h>
#include <errno.h>
#include <fcntl.h>
#include <getopt.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/mman.h>
#include <sys/procfs.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/ucontext.h>
#include <unistd.h>
#include <utlist.h>
#include <ctype.h>
#include <libelf.h>
#include <gelf.h>
#include <nametotype.h>
#include <nametoalign.h>
#include <nametoentsz.h>
#include <nametolink.h>
#include <nametoinfo.h>
#include <arch.h>
#include <inttypes.h>
#include <config.h>
#include <capstone/capstone.h>

Data Structures
struct	msec_t

struct	mseg_t

struct	ctx_t

struct	symaddr

struct	gimport_t

Macros
#define	__USE_GNU

#define	_GNU_SOURCE

#define	DEFAULT_STRNDX_SIZE 4096

#define	FLAG_BSS 1

#define	FLAG_NOBIT 2

#define	FLAG_NOWRITE 4

#define	FLAG_TEXT 8

#define	ifis(x) if(!strncmp(name, x, strlen(x)))

#define	elis(x) else if(!strncmp(name, x, strlen(x)))

#define	MAXPADLEN 20

#define	EXTRA_CREATED_SECTIONS 4

#define	RELOC_X86_64 1

#define	RELOC_X86_32 2

#define	Elf_Ehdr Elf32_Ehdr

#define	Elf_Shdr Elf32_Shdr

#define	Elf_Sym Elf32_Sym

#define	Elf_Addr Elf32_Addr

#define	Elf_Sword Elf64_Sword

#define	Elf_Section Elf32_Half

#define	ELF_ST_BIND ELF32_ST_BIND

#define	ELF_ST_TYPE ELF32_ST_TYPE

#define	Elf_Rel Elf32_Rel

#define	Elf_Rela Elf32_Rela

#define	ELF_R_SYM ELF32_R_SYM

#define	ELF_R_TYPE ELF32_R_TYPE

#define	ELF_R_INFO ELF32_R_INFO

#define	Elf_Phdr Elf32_Phdr

#define	Elf_Xword Elf32_Xword

#define	Elf_Word Elf32_Word

#define	Elf_Off Elf32_Off

#define	ELFCLASS ELFCLASS32

#define	ELFMACHINE EM_386

#define	CS_MODE CS_MODE_32

#define	RELOC_MODE RELOC_X86_32

#define	nullstr "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"

Typedefs
typedef struct msec_t	msec_t

typedef struct mseg_t	mseg_t

typedef struct ctx_t	ctx_t

typedef struct gimport_t	gimport_t

Functions
int	craft_section (ctx_t ctx, msec_t m)

unsigned int	secindex_from_name (ctx_t ctx, const char name)

msec_t *	section_from_name (ctx_t ctx, char name)

msec_t *	section_from_addr (ctx_t *ctx, unsigned long int addr)

int	print_bfd_sections (ctx_t *ctx)

msec_t *	section_from_index (ctx_t *ctx, unsigned int index)

unsigned int	secindex_from_name_after_strip (ctx_t ctx, const char name)

int	analyze_text (ctx_t ctx, char data, unsigned int datalen, unsigned long int addr)

int	save_reloc (ctx_t ctx, Elf_Rela r, unsigned int sindex, int has_addend)

unsigned int	protect_perms (unsigned int perms)

void	add_symaddr (ctx_t ctx, const char name, int addr, char symclass)

int	add_extra_symbols (ctx_t *ctx)

int	rd_symbols (ctx_t *ctx)

int	entszfromname (const char *name)

unsigned int	max (unsigned int a, unsigned int b)

char *	sec_name_from_index_after_strip (ctx_t *ctx, unsigned int index)

int	link_from_name (ctx_t ctx, const char name)

int	info_from_name (ctx_t ctx, const char name)

int	typefromname (const char *name)

unsigned int	alignfromname (const char *name)

unsigned int	ptype_from_section (msec_t *ms)

unsigned int	pflag_from_section (msec_t *ms)

int	phdr_cmp_premerge (mseg_t a, mseg_t b)

int	phdr_cmp (mseg_t a, mseg_t b)

int	sort_phdrs (ctx_t *ctx)

int	sort_phdrs_premerge (ctx_t *ctx)

mseg_t *	alloc_phdr (msec_t *ms)

int	create_phdrs (ctx_t *ctx)

int	merge_phdrs (ctx_t *ctx)

int	adjust_baseaddress (ctx_t *ctx)

msec_t *	mk_section (void)

char *	reloc_htype_x86_64 (int thetype)

char *	reloc_htype_x86_32 (int thetype)

char *	reloc_htype (int thetype)

int	fixup_strtab_and_symtab (ctx_t *ctx)

int	fixup_text (ctx_t *ctx)

unsigned int	append_sym (Elf_Sym *s)

unsigned int	append_strtab (char *str)

void	hexdump (unsigned char *data, size_t size)

unsigned int	open_best (ctx_t *ctx)

int	open_target (ctx_t *ctx)

int	copy_body (ctx_t *ctx)

int	load_binary (ctx_t *ctx)

int	flags_from_name (const char *name)

int	print_msec (ctx_t *ctx)

int	rd_sections (ctx_t *ctx)

int	save_dynstr (ctx_t ctx, GElf_Shdr shdr, char binary)

int	save_dynsym (ctx_t ctx, GElf_Shdr shdr, char binary)

int	patch_symbol_index (ctx_t ctx, Elf_Sym s)

int	fixup_symtab_section_index (ctx_t *ctx)

int	append_reloc (Elf_Rela *r)

int	save_global_import (ctx_t ctx, char sname, msec_t sec, Elf_Rela r, unsigned int sindex)

int	check_global_import (unsigned long int addr)

int	internal_function_store (ctx_t *ctx, unsigned long long int addr)

int	rd_symtab (ctx_t *ctx)

int	rm_section (ctx_t ctx, char name)

int	strip_binary_reloc (ctx_t *ctx)

unsigned int	libify (ctx_t *ctx)

int	print_maps (void)

ctx_t *	ctx_init (void)

int	usage (char *name)

int	print_version (void)

int	desired_arch (ctx_t ctx, char name)

int	ctx_getopt (ctx_t ctx, int argc, char *argv)

int	main (int argc, char **argv)

Variables
unsigned int	maxoldsec = 0

unsigned int	maxnewsec = 0

unsigned int	deltastrtab = 0

char *	allowed_sections []

char *	blnames []

char *	globalsymtab = 0

int	globalsymtablen = 0

unsigned int	globalsymtableoffset = 0

char *	globalstrtab = 0

unsigned int	globalstrtablen = 0

unsigned int	globalstrtableoffset = 0

unsigned int	globalsymindex = 0

char *	globalreloc = 0

unsigned int	globalreloclen = 0

unsigned int	globalrelocoffset = 0

unsigned long int	mintext = -1

unsigned long int	maxtext = 0

unsigned long int	textvma = 0

unsigned long int	mindata = -1

unsigned long int	maxdata = 0

unsigned long int	datavma = 0

unsigned long int	orig_text = 0

unsigned long int	orig_sz = 0

struct symaddr *	symaddrs

gimport_t **	gimports = 0

unsigned int	gimportslen = 0

Macro Definition Documentation

#define __USE_GNU

Witchcraft Compiler Collection

Author: Jonathan Brossard - endra.nosp@m.zine.nosp@m.@gmai.nosp@m.l.co.nosp@m.m

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Definition at line 31 of file wcc.c.

#define _GNU_SOURCE

Definition at line 32 of file wcc.c.

#define CS_MODE CS_MODE_32

Definition at line 134 of file wcc.c.

#define DEFAULT_STRNDX_SIZE 4096

Definition at line 72 of file wcc.c.

#define Elf_Addr Elf32_Addr

Definition at line 118 of file wcc.c.

#define Elf_Ehdr Elf32_Ehdr

Definition at line 115 of file wcc.c.

#define Elf_Off Elf32_Off

Definition at line 131 of file wcc.c.

#define Elf_Phdr Elf32_Phdr

Definition at line 128 of file wcc.c.

#define ELF_R_INFO ELF32_R_INFO

Definition at line 127 of file wcc.c.

#define ELF_R_SYM ELF32_R_SYM

Definition at line 125 of file wcc.c.

#define ELF_R_TYPE ELF32_R_TYPE

Definition at line 126 of file wcc.c.

#define Elf_Rel Elf32_Rel

Definition at line 123 of file wcc.c.

#define Elf_Rela Elf32_Rela

Definition at line 124 of file wcc.c.

#define Elf_Section Elf32_Half

Definition at line 120 of file wcc.c.

#define Elf_Shdr Elf32_Shdr

Definition at line 116 of file wcc.c.

#define ELF_ST_BIND ELF32_ST_BIND

Definition at line 121 of file wcc.c.

#define ELF_ST_TYPE ELF32_ST_TYPE

Definition at line 122 of file wcc.c.

#define Elf_Sword Elf64_Sword

Definition at line 119 of file wcc.c.

#define Elf_Sym Elf32_Sym

Definition at line 117 of file wcc.c.

#define Elf_Word Elf32_Word

Definition at line 130 of file wcc.c.

#define Elf_Xword Elf32_Xword

Definition at line 129 of file wcc.c.

#define ELFCLASS ELFCLASS32

Definition at line 132 of file wcc.c.

#define ELFMACHINE EM_386

Definition at line 133 of file wcc.c.

#define elis ( x ) else if(!strncmp(name, x, strlen(x)))

Definition at line 81 of file wcc.c.

#define EXTRA_CREATED_SECTIONS 4

Definition at line 85 of file wcc.c.

#define FLAG_BSS 1

Definition at line 75 of file wcc.c.

#define FLAG_NOBIT 2

Definition at line 76 of file wcc.c.

#define FLAG_NOWRITE 4

Definition at line 77 of file wcc.c.

#define FLAG_TEXT 8

Definition at line 78 of file wcc.c.

#define ifis ( x ) if(!strncmp(name, x, strlen(x)))

Definition at line 80 of file wcc.c.

#define MAXPADLEN 20

Definition at line 83 of file wcc.c.

#define nullstr "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"

Definition at line 139 of file wcc.c.

#define RELOC_MODE RELOC_X86_32

Definition at line 135 of file wcc.c.

#define RELOC_X86_32 2

Definition at line 89 of file wcc.c.

#define RELOC_X86_64 1

Definition at line 88 of file wcc.c.

Typedef Documentation

typedef struct ctx_t ctx_t

typedef struct gimport_t gimport_t

typedef struct msec_t msec_t

Meta section header

typedef struct mseg_t mseg_t

Meta segment header

Function Documentation

int add_extra_symbols ( ctx_t * ctx )

Add extra symbols

Definition at line 561 of file wcc.c.

void add_symaddr	(	ctx_t *	ctx,
		const char *	name,
		int	addr,
		char	symclass
	)

Append name to global string table

Append symbol to global symbol table

Definition at line 423 of file wcc.c.

int adjust_baseaddress ( ctx_t * ctx )

Definition at line 1108 of file wcc.c.

unsigned int alignfromname ( const char * name )

Return a section alignment from its name

Definition at line 881 of file wcc.c.

mseg_t* alloc_phdr ( msec_t * ms )

Allocate Phdr

Definition at line 1009 of file wcc.c.

int analyze_text	(	ctx_t *	ctx,
		char *	data,
		unsigned int	datalen,
		unsigned long int	addr
	)

Definition at line 3395 of file wcc.c.

int append_reloc ( Elf_Rela * r )

Definition at line 2740 of file wcc.c.

unsigned int append_strtab ( char * str )

Append a string to symbol table, reports offset in strtab where this symbol will start

Definition at line 1776 of file wcc.c.

unsigned int append_sym ( Elf_Sym * s )

Append a symbol to global symbol table

Definition at line 1755 of file wcc.c.

int check_global_import ( unsigned long int addr )

Return index in global import matching this address

Definition at line 2818 of file wcc.c.

int copy_body ( ctx_t * ctx )

Write sections to disk

Definition at line 2459 of file wcc.c.

int craft_section	(	ctx_t *	ctx,
		msec_t *	m
	)

Forwardd prototypes declarations

Craft Section header

Definition at line 2500 of file wcc.c.

int create_phdrs ( ctx_t * ctx )

Create Program Headers based on ELF section headers

Definition at line 1032 of file wcc.c.

int ctx_getopt	(	ctx_t *	ctx,
		int	argc,
		char **	argv
	)

Definition at line 3847 of file wcc.c.

ctx_t* ctx_init ( void )

Initialize a reversing context

Set default values

Definition at line 3775 of file wcc.c.

int desired_arch	(	ctx_t *	ctx,
		char *	name
	)

Definition at line 3827 of file wcc.c.

int entszfromname ( const char * name )

Return section entry size from name

Definition at line 682 of file wcc.c.

int fixup_strtab_and_symtab ( ctx_t * ctx )

check if name is in blacklist

Definition at line 1638 of file wcc.c.

int fixup_symtab_section_index ( ctx_t * ctx )

Definition at line 2720 of file wcc.c.

int fixup_text ( ctx_t * ctx )

Definition at line 1694 of file wcc.c.

int flags_from_name ( const char * name )

Return section flags from its name

Definition at line 2486 of file wcc.c.

void hexdump	(	unsigned char *	data,
		size_t	size
	)

Simple hexdump routine

Definition at line 2346 of file wcc.c.

int info_from_name	(	ctx_t *	ctx,
		const char *	name
	)

Return a section info from its name

Definition at line 843 of file wcc.c.

int internal_function_store	(	ctx_t *	ctx,
		unsigned long long int	addr
	)

Definition at line 3289 of file wcc.c.

unsigned int libify ( ctx_t * ctx )

Main routine

LOAD OPERATIONS

Load each section of binary using bfd

Print BFD sections

Read .text segment boundaries

Open target binary

Read sections from disk

Read symtab + strtab : BFD doesn't do this

Read symbols

Add extra symbols

Parse relocations

Fix section indexes in symtab

PROCESSING

Copy each section content in output file

Relocation stripping

Create Program Headers

FINAL WRITE OPERATIONS

Write strtab and symtab

Add section headers to output file

Add segment headers to output file

Add ELF Header to output file

Finalize/Close/Cleanup

Definition at line 3597 of file wcc.c.

int link_from_name	(	ctx_t *	ctx,
		const char *	name
	)

Return a section link from its name

Definition at line 820 of file wcc.c.

int load_binary ( ctx_t * ctx )

Load a binary using bfd

Definition at line 2472 of file wcc.c.

int main	(	int	argc,
		char **	argv
	)

Application Entry Point

Definition at line 4014 of file wcc.c.

unsigned int max	(	unsigned int	a,
		unsigned int	b
	)

Return max of two unsigned integers

Definition at line 697 of file wcc.c.

int merge_phdrs ( ctx_t * ctx )

Merge two consecutive Phdrs if:

their vma ranges overlap
Permissions match
Type of segment matches

Note: assume phdrs have been sorted by increasing p_vaddr first

Definition at line 1073 of file wcc.c.

msec_t* mk_section ( void )

Definition at line 1330 of file wcc.c.

unsigned int open_best ( ctx_t * ctx )

Open a binary the best way we can

Definition at line 2373 of file wcc.c.

int open_target ( ctx_t * ctx )

Open destination binary

Definition at line 2405 of file wcc.c.

int patch_symbol_index	(	ctx_t *	ctx,
		Elf_Sym *	s
	)

Definition at line 2701 of file wcc.c.

unsigned int pflag_from_section ( msec_t * ms )

Return Segment flags based on a section

Definition at line 943 of file wcc.c.

int phdr_cmp	(	mseg_t *	a,
		mseg_t *	b
	)

Helper sort routine for ELF Phdrs

Definition at line 982 of file wcc.c.

int phdr_cmp_premerge	(	mseg_t *	a,
		mseg_t *	b
	)

Helper sort routine for ELF Phdrs (pre-merge)

Definition at line 971 of file wcc.c.

int print_bfd_sections ( ctx_t * ctx )

Display BFD memory sections

Definition at line 2288 of file wcc.c.

int print_maps ( void )

Print content of /proc/pid/maps

Definition at line 3763 of file wcc.c.

int print_msec ( ctx_t * ctx )

Display sections

Definition at line 2633 of file wcc.c.

int print_version ( void )

Definition at line 3821 of file wcc.c.

unsigned int protect_perms ( unsigned int perms )

Convert octal permissions into permissions consumable by mprotect()

Definition at line 381 of file wcc.c.

unsigned int ptype_from_section ( msec_t * ms )

Return Segment ptype

Definition at line 896 of file wcc.c.

int rd_sections ( ctx_t * ctx )

Read sections from input binary

Definition at line 2650 of file wcc.c.

int rd_symbols ( ctx_t * ctx )

Read symbol table. This is a two stages process : allocate the table, then read it

Process symbol table

Process dynamic symbol table

Definition at line 574 of file wcc.c.

int rd_symtab ( ctx_t * ctx )

Read original symtab + strtab. BDF doesn't do this

Definition at line 3443 of file wcc.c.

char* reloc_htype ( int thetype )

Definition at line 1535 of file wcc.c.

char* reloc_htype_x86_32 ( int thetype )

Definition at line 1474 of file wcc.c.

char* reloc_htype_x86_64 ( int thetype )

Definition at line 1391 of file wcc.c.

int rm_section	(	ctx_t *	ctx,
		char *	name
	)

Suppress a given section

Definition at line 3533 of file wcc.c.

int save_dynstr	(	ctx_t *	ctx,
		GElf_Shdr	shdr,
		char *	binary
	)

Definition at line 2663 of file wcc.c.

int save_dynsym	(	ctx_t *	ctx,
		GElf_Shdr	shdr,
		char *	binary
	)

Definition at line 2681 of file wcc.c.

int save_global_import	(	ctx_t *	ctx,
		char *	sname,
		msec_t *	sec,
		Elf_Rela *	r,
		unsigned int	sindex
	)

Definition at line 2781 of file wcc.c.

int save_reloc	(	ctx_t *	ctx,
		Elf_Rela *	r,
		unsigned int	sindex,
		int	has_addend
	)

Convert relocation depending on type and source section

Definition at line 2835 of file wcc.c.

char* sec_name_from_index_after_strip	(	ctx_t *	ctx,
		unsigned int	index
	)

Definition at line 791 of file wcc.c.

unsigned int secindex_from_name	(	ctx_t *	ctx,
		const char *	name
	)

Return a section index from its name

Definition at line 753 of file wcc.c.

unsigned int secindex_from_name_after_strip	(	ctx_t *	ctx,
		const char *	name
	)

Return a section index (after strip) from its name

Definition at line 770 of file wcc.c.

msec_t * section_from_addr	(	ctx_t *	ctx,
		unsigned long int	addr
	)

Return a section from its address

Definition at line 720 of file wcc.c.

msec_t * section_from_index	(	ctx_t *	ctx,
		unsigned int	index
	)

Return a section from its index

Definition at line 736 of file wcc.c.

msec_t * section_from_name	(	ctx_t *	ctx,
		char *	name
	)

Return a section from its name

Definition at line 705 of file wcc.c.

int sort_phdrs ( ctx_t * ctx )

Reorganise Program Headers : sort by p_offset

Definition at line 991 of file wcc.c.

int sort_phdrs_premerge ( ctx_t * ctx )

Helper sort routine for ELF Phdrs

Definition at line 1000 of file wcc.c.

int strip_binary_reloc ( ctx_t * ctx )

Strip binary relocation data

Definition at line 3560 of file wcc.c.

int typefromname ( const char * name )

Return a section type from its name

Definition at line 866 of file wcc.c.

int usage ( char * name )

Definition at line 3795 of file wcc.c.

Variable Documentation

char* allowed_sections[]

Initial value:

= {
  ".rodata",
  ".data",
  ".text",
  ".load",
  ".strtab",
  ".symtab",
  ".comment",
  ".note.GNU-stack",
  ".rsrc",
  ".bss",
}

Definition at line 143 of file wcc.c.

char* blnames[]

Definition at line 158 of file wcc.c.

unsigned long int datavma = 0

Definition at line 358 of file wcc.c.

unsigned int deltastrtab = 0

Definition at line 141 of file wcc.c.

gimport_t** gimports = 0

Definition at line 2778 of file wcc.c.

unsigned int gimportslen = 0

Definition at line 2779 of file wcc.c.

char* globalreloc = 0

Definition at line 348 of file wcc.c.

unsigned int globalreloclen = 0

Definition at line 349 of file wcc.c.

unsigned int globalrelocoffset = 0

Definition at line 350 of file wcc.c.

char* globalstrtab = 0

Definition at line 342 of file wcc.c.

unsigned int globalstrtablen = 0

Definition at line 343 of file wcc.c.

unsigned int globalstrtableoffset = 0

Definition at line 344 of file wcc.c.

unsigned int globalsymindex = 0

Definition at line 346 of file wcc.c.

char* globalsymtab = 0

Globals

Definition at line 338 of file wcc.c.

int globalsymtablen = 0

Definition at line 339 of file wcc.c.

unsigned int globalsymtableoffset = 0

Definition at line 340 of file wcc.c.

unsigned long int maxdata = 0

Definition at line 357 of file wcc.c.

unsigned int maxnewsec = 0

Definition at line 140 of file wcc.c.

unsigned int maxoldsec = 0

Definition at line 140 of file wcc.c.

unsigned long int maxtext = 0

Definition at line 353 of file wcc.c.

unsigned long int mindata = -1

Definition at line 356 of file wcc.c.

unsigned long int mintext = -1

Definition at line 352 of file wcc.c.

unsigned long int orig_sz = 0

Definition at line 361 of file wcc.c.

unsigned long int orig_text = 0

Definition at line 360 of file wcc.c.

struct symaddr * symaddrs

unsigned long int textvma = 0

Definition at line 354 of file wcc.c.

Data Structures

Macros

Typedefs

Functions

Variables

Macro Definition Documentation

Typedef Documentation

Function Documentation

Variable Documentation