10. Code Modification

So now we know the tools to analyze our programs and find functions of interest to us even in programs without sourcecode. We can understand the assembly that makes them up, and can write assembly of our own to do what we want. We know how a program looks on the disk and how that corresponds to what the program looks like in memory. Knowledge is power, and we know a lot. TODO: Read this: http://hcunix.org/hcunix/terran.txt

10.1. Reasons for Code Modification

Code modification is most useful if we wish to change the behavior of closed-source programs written by unenlightened authors. It is also handy when trying to skirt copy protection of various kinds.

10.2. Instruction Modification

Since the smallest unit of code is the instruction, it follows that the simplest form of code modification is instruction modification. In instruction modification, we are looking to change some property of a specific instruction. Recall from the assembly section that each instruction has 2 parts: The mnemonic and the arguments. So our choices are limited.

The best way to modify instructions is through HT Editor, which was mentioned earlier in the ELF section. HTE has a hex editor mode where we can edit the hex value of an instruction and see the assembly updated in real time. (TODO: instructions, screenshots of HTE)

10.3. Single Instruction Insertion

10.4. Single Function Insertion

Use unused space as found by disasm.pl (be careful about main)

10.5. Multiple Function Insertion

Trickery.. We're working on a util to modify ELF programs and insert functions. What about using MMAP?? (P.S. Can you unmap executable memory to modify it... if they are doing an MD5 of their executable)

10.6. Attacking copy protection

Lest I be accused of hiding in my ivory tower, lets look a concrete application of these ideas, and some techniques (: