3

I was reading this CTF write up and wanted to know more than the author cared to explain.

I actually just patched the PLT entries of getenv(), ptrace() and sleep(), as sleeps get pretty annoying during debug

What I wanted to know is what's the best way of going about patching PLT or GOT entries directly into the binary?

Improve this question

3 Answers 3

Reset to default
2

You could use radare2 to do this. First open the binary in "write" mode.

radare2 -w ./binaryname

Now you need to seek to the address you wish to modify: 

s 0x8048739

Assuming that you wished to write out, say 5 NOPs for whatever reason, you could do:

wx 9090909090

Finally to save and quit:

q
Improve this answer
2

You could use a hex editor like HxD or HIEW to modify the binary directly. Find the hex bytes that you want to change and lookup the opcodes that you want to change them to. Also, you can patch directly from IDA if you want as well, which is made easier with the idapatcher plug in.

https://thesprawl.org/projects/ida-patcher/

Improve this answer
1

You can do this pretty easily with Pwntools:

from pwn import * elf = ELF('./your-binary') elf.asm(elf.symbols.ptrace, 'xor eax, eax; ret') elf.save('./your-patched-binary')
Improve this answer
1
  • Is that a typo in max instead of eax? Commented Sep 28, 2020 at 21:37

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.