As part of my project, I have to insert portions of code(called checksum guards) to protect some function. This process has to be automated i.e. I need to write a script to insert these guards in an assembly. I do have the guard template with me, I am not sure how to proceed.
How do I write a shell script to insert code in the assembly file generated from a source file in C?
EDIT:
This is the paper which I am trying to implement. cerias.purdue.edu/assets/pdf/bibtex_archive/2001-49.pdf The authors have mentioned that they have modified the binary to insert the guards but that seemed tough. So, I thought of modifying the assembly code.
Here is a guard template:
guard:
add ebp, -checksum
mov eax, client_addr
for:
cmp eax, client_end
jg end
mov ebx, dword[eax]
add ebp, ebx
add eax, 4
jmp for
end:
where client_addr and client_end mark the beginning and ending of the code to protect respectively.
I realize that my understanding of the paper is not complete and I am still unclear about various issues, but I am trying to figure it out.
How do I give the various functions(to protect) as an input to the shellscript?
But after inserting the checksum guard, the addresses would change so I think giving the name would be a better idea. Is it so?
I am new to SO, and therefore still need to learn a lot about the correct ways to post a question. But Thank you for helping and guiding me.
答案 0 :(得分:-1)
自动执行此操作可能是一项真正的挑战,但我认为这是不可能的。
在结构化语言中,相对容易找到(通过解析和计算C中的花括号,例如)函数开始或结束的位置,因此应插入函数序言和结尾。
在汇编程序中,这是不可能的 - 标签不一定是函数的开头而且是" ret"不一定是结束。
你最好的选择是为prologue和epilogue建立自己的宏并手动插入它们。
你的问题中的一些弱提示使我认为你正在使用的汇编程序代码可能是从C编译器生成的 - 在这种情况下,实际上可能通过分析发出的asm代码是否可以重新构造C功能界限。
经过一些澄清后编辑:
我不明白为什么需要在汇编程序中完成这一点以及为什么需要对编译后生成的.asm文件进行处理 - C只会做得很好而且(简单的)保护代码片段可以简单地通过注入一个宏(可能可能使用内联汇编)。总而言之,如果你在原始资源中这样做,那将会更容易。而且,对于由编译器生成的asm源,您也需要访问C(或其他)源。
在另一条评论中,您正在说"他们正在修改二进制文件本身并添加警卫。" - 将一些插入二进制文件是一项非常复杂的任务 - 您将代码移动到更高的地址,并且需要先找到该段代码的所有调用者,然后调整地址。甚至没有病毒程序员这样做:)。他们用jsr指令将一段现有代码替换为"背包"放在二进制文件的末尾。我认为链接文件中的图片有点误导。