From 7e8bd04389875d8569463f42923792557edc2908 Mon Sep 17 00:00:00 2001
From: Orfeas <38209077+0xfea5@users.noreply.github.com>
Date: Tue, 16 Apr 2024 22:14:29 +0300
Subject: Write other process' memory

---
 src/main.c | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

(limited to 'src/main.c')

diff --git a/src/main.c b/src/main.c
index ee33aac..667ca4c 100644
--- a/src/main.c
+++ b/src/main.c
@@ -8,6 +8,20 @@
 #include "util.h"
 #include "vm.h"
 
+void hex2bytes(char *hex)
+{
+  size_t len = strlen(hex);
+  char bytes[len + 1];
+
+  for (size_t i = 0; i < len; ++i) {
+    char hdig[3] = { hex[i*2], hex[i*2+1], '\0' };
+    sscanf(hdig, "%hhx", &bytes[i]);
+  }
+
+  memcpy(hex, bytes, len);
+  hex[len] = '\0';
+}
+
 int main(int argc, char *argv[])
 {
   if (argc < 2) {
@@ -23,7 +37,7 @@ int main(int argc, char *argv[])
   waitpid(pid, NULL, __WALL);
   LOG("Attached to process %d\n", pid);
 
-  char *byte_seq = "secret text";
+  char *byte_seq = "DEADBEEF";
   size_t byte_seq_len = strlen(byte_seq);
   MemscanResult *head = memscan(pid, (uint8_t*)byte_seq, byte_seq_len);
   MemscanResult *cur = head;
@@ -39,7 +53,18 @@ int main(int argc, char *argv[])
 	   cur->mapping->name);
     cur = cur->next;
   }
+
   printf("\n\n");
+
+  char *buf = "CAFEBABE";
+  size_t len = strlen(buf);
+  cur = head;
+  while (cur) {
+    void *address = cur->mapping->begin + cur->offset;
+    memwrite(pid, address, (uint8_t*)buf, len);
+    cur = cur->next;
+  }
+
   ptrace(PTRACE_DETACH, pid, NULL, NULL);
   LOG("Detached from process %d\n", pid);
 
-- 
cgit v1.2.3