The executable

As was mentioned earlier, we have to create the executable first. It appeared to be a relatively hard task to find a real-life example simple enough to fit the chapter, so the decision was made to take a real-life problem and wrap it with simplistic code. We will write the code for our executable in C and compile with Visual Studio 2017 when on Windows and GCC when on Linux. The code will be as simple as this:

As we may see, the only thing this code is capable of is reading user input as a string into a 128-byte buffer, allocating an internal buffer specifically for the input string, copying the input string there, and printing it from the internal buffer.

Create a new solution in Visual Studio 2017, name it Legacy, and fill the preceding illustrated code to its main.cpp file. Personally, I prefer to use the .c extension when writing in C and set the Compile As option (which can be found by navigating to Configuration Properties | C/C++ | Advanced in the project properties window) to C.

The process of building the executable out of the preceding code is quite straightforward, except for one detail with Visual Studio 2017. As we are attempting to fake a Legacy executable, we need to disable Linker's Dynamic Base option. While in Visual Studio, right-click on the project and select Properties. The following screenshot illustrates where the Dynamic Base option may be found:

Once this option has been disabled, simply click on Build or Build All.

On Linux, however, we may simply build the executable the usual way by entering one of the following commands in the terminal (ignore the warning for now):

# As we are interested in 32-bit executable 
# on a 32-bit platform we will type:
gcc -o legacy legacy.c

# and on a 64-bit platform we will type:
gcc -o legacy legacy.c -m32

In this chapter, we will begin by patching the Windows executable first, then we will proceed to the Linux executable and see how the problem may be solved in the case of ELF. Oh, and most importantly; forget about the C sources and pretend that we do not have them.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset