Extreme care must be taken if any code in a binary is to be relocated.
Moving any instruction may require updates to relative jump offsets or require
computation of new absolute address values.
NOTE Two common means of referring to addresses in assembly language
are relative offsets and absolute addresses. An absolute address is an
unambiguous location assigned to an instruction or to data. In absolute terms
you might refer to the instruction at location 12345. A relative offset describes
a location as the distance from some reference location (often the current instruction) to
the desired location. In relative terms you might refer to the instruction that precedes the
current instruction by 45 bytes.
Figure 19-2
Patching into a
file hole
Gray Hat Hacking: The Ethical Hacker??™s Handbook
490
A second problem arises when it becomes necessary to replace one function call with
another. This may not always be easily achievable depending on the binary being patched.
Take, for example, a program that contains an exploitable call to the strcpy() function. If
the ideal solution is to change the program to call strncpy(), then there are several things
to consider. The first challenge is to find a hole in the binary so that an additional parameter
(the length parameter of strncpy()) can be pushed on the stack.
Pages:
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859