-
Notifications
You must be signed in to change notification settings - Fork 65
/
Copy pathTODO
executable file
·53 lines (36 loc) · 1.9 KB
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
## TOP PRIORITY
Fix all parsing bugs in crashes. I have some more fixing and testing to go before I update
the release tag of this alpha version, so this last commit is not a complete update to
the code base, but resolves quite a number of the existing issues.
## Handle SCOP (Secure code partitioning)
We must determine how functions such as elf_text_base are going to work
when there are multiple LOAD segments in SCOP linked binaries.
## Merge in Ignacios work for code injection
## 9/17/2018
Make sure that we take into account dynamic segments that exist in
gcc -nostdlib linked binaries. The dynamic segment exists but only
partially. We must account for this in various spots. Otherwise it
can lead to assuming we found DT_PLTREL* etc. which has led to FPE
bugs.
## TODO 5/24/2017
* If there are no section headers then make sure to use dynamic segment to setup
* symtab and other items (.i.e plt/got)
-- status: complete
* We should be able to load any file that the kernel can load, and reconstruct
* finer-grained meta data such as sections
based on techniques we used in ECFS, etc.
-- status: complete
## FINISHED - * elf_plt_by_name()
## FINISHED - * Write a tool for printing the PLT entries for every JUMP_SLOT
symbol
## FINISHED - * elf_plt_iterator_next prints "PLT-0" as its final (extra)
iteration.
* userland execve based debugging (userland ptrace) with breakpoint, peek, poke,
* continue, attach, etc. (20% complete).
* Display forensically reconstructed sections in ascending order by sh_addr
rather than the order they were reconstructed in.
# eh_frame symbol reconstruction with text padding viruses
With a text padding Virus, the parasite ends up in the last section header, which is
on x86 usually .eh_frame. Because of this, libelfmaster sees the .eh_frame section
and continues parsing into the parasite code resulting in corrupted FDE data and
therefore fails. We must handle this situation somehow!