/* * *[elfrip.c - By PoWeR_PoRK of netric (http://www.netric.org)] * Tiny cat-like utility for ripping the code section out * of an elf executable image. * * compile with "gcc elfrip.c -o elfrip" * do a "./elfrip -h" for help with usage * * Made for scripting shellcode production sequences more * easily. Used for nasm generated code, not tested with gas * generated code but should work just as well (well, gas sucks * so it might not ;)) * */ #include #define voffset 0x08048000 char usage[] = "Usage: ./elfrip [-h][-i ]\n" "cat like utility for ripping the code segment out of nasm generated elfs.\n" "Example: ./elfrip -i shellcode.elf > shellcode.bin\n" "This rips the code section of the elf image shellcode.elf into shellcode.bin\n\n" "-h See this usage overview.\n" "-i Set for rip and set the path of the source elf image to rip from.\n"; int main(int argc, char **argv[]) { char elfpath[41]; int count = 0; unsigned int vaddr = 0; unsigned int phdroffset = 0; unsigned int codesize = 0; FILE * elffile; if(argc <= 1){ printf("%s", &usage); exit(0); }else if(argc > 1){ if(!strncmp(argv[1], "-h", 2)){ printf("%s", &usage); exit(0); }else if(argc == 3){ }else{ printf("%s", &usage); exit(0); } }else{ printf("%s", &usage); } elffile = fopen((char *)argv[2], "r"); if(elffile == NULL){ perror("Error:Opening of file failed (typo?)"); exit(1); } fseek(elffile, 24, SEEK_SET); fread(&vaddr, 1, 4, elffile); fread(&phdroffset, 1, 4, elffile); fseek(elffile, phdroffset+16, SEEK_SET); fread(&codesize, 1, 4, elffile); fseek(elffile, (vaddr - voffset), SEEK_SET); if((codesize - (vaddr - voffset)) < 0){ perror("Error: Code segment size mixup, " "prolly just a big assed gcc generated elf, use nasm instead"); exit(1); } for(count = 0; count < (codesize - (vaddr - voffset));count++){ if(feof(elffile) == 0){ putchar(fgetc(elffile)); }else{ perror("Error: EOF encountered during elf load, prolly not an elf " "(either a gnome or just a particularly small person)"); exit(1); } } return 0; }