Patching ELF executables is a bit more difficult than patching their PE counterparts as ELF files tend to have no spare space in their sections, thus leaving no other choice but to either add a section, which is not as simple as with PE files, or inject a shared object.

Adding a section requires a good knowledge of the ELF format (specifications can be found at http://www.skyfree.org/linux/references/ELF_Format.pdf), which, although quite interesting, resides, in its fullness, outside the scope of this book. The most noticeable problem is in the way sections and headers are arranged within an ELF executable and in the way an ELF structure is treated by Linux, which makes it hard to append data as we did in the case of PE patching.

Injection of a shared object, on the other hand, is much simpler to implement and easy to use, so let's proceed this way.