第一步:添加Section Header信息
/** * 添加section header信息 * 原理: * 找到String Section的位置,然后获取他偏移值 * 将section添加到文件末尾 */ public static byte[] addSectionHeader(byte[] src){ /** * public byte[] sh_name = new byte[4]; public byte[] sh_type = new byte[4]; public byte[] sh_flags = new byte[4]; public byte[] sh_addr = new byte[4]; public byte[] sh_offset = new byte[4]; public byte[] sh_size = new byte[4]; public byte[] sh_link = new byte[4]; public byte[] sh_info = new byte[4]; public byte[] sh_addralign = new byte[4]; public byte[] sh_entsize = new byte[4]; */ byte[] newHeader = new byte[sectionSize]; //构建一个New Section Header newHeader = Utils.replaceByteAry(newHeader, 0, Utils.int2Byte(addSectionStartAddr - stringSectionOffset)); newHeader = Utils.replaceByteAry(newHeader, 4, Utils.int2Byte(ElfType32.SHT_PROGBITS));//type=PROGBITS newHeader = Utils.replaceByteAry(newHeader, 8, Utils.int2Byte(ElfType32.SHF_ALLOC)); newHeader = Utils.replaceByteAry(newHeader, 12, Utils.int2Byte(addSectionStartAddr + newSectionNameLen)); newHeader = Utils.replaceByteAry(newHeader, 16, Utils.int2Byte(addSectionStartAddr + newSectionNameLen)); newHeader = Utils.replaceByteAry(newHeader, 20, Utils.int2Byte(newSectionSize)); newHeader = Utils.replaceByteAry(newHeader, 24, Utils.int2Byte(0)); newHeader = Utils.replaceByteAry(newHeader, 28, Utils.int2Byte(0)); newHeader = Utils.replaceByteAry(newHeader, 32, Utils.int2Byte(4)); newHeader = Utils.replaceByteAry(newHeader, 36, Utils.int2Byte(0)); //在末尾增加Section byte[] newSrc = new byte[src.length + newHeader.length]; newSrc = Utils.replaceByteAry(newSrc, 0, src); newSrc = Utils.replaceByteAry(newSrc, src.length, newHeader); return newSrc; }这里我们需要详细介绍一下SectionHeader中的各个字段的含义了:
还是看那个pdf文档说的最详细了
1)、sh_name:这个字段是Section name,这个值一般保存在.strtab段中的,但是这个值是section name在.strtab段中的偏移值,所以值是:new section的起始地址减去String Section的偏移值
那么new section的起始地址是多少呢?
这个我们刚刚说过了,这个段是加载文件的末尾处的,所以new section的起始地址就是文件的总长度:0x3078
那String Section的偏移值是多少呢?这个也简单,因为我们在之前的一篇文章中介绍了如何解析elf文件
那里我们解析出了所有的Section Header信息,然后我们在定位String Section在这个header列表中的位置即可,这个位置在elf文件的头部信息中有,就是这个字段:e_shstrndx
那么我们就可以找到String Section的偏移值了:0x3075
2)、sh_type:段的类型,这个字段我们需要把和设置的和.rodata段的类型相同即可,取值如下:
/****************sh_type********************/ public static final int SHT_NULL = 0; public static final int SHT_PROGBITS = 1; public static final int SHT_SYMTAB = 2; public static final int SHT_STRTAB = 3; public static final int SHT_RELA = 4; public static final int SHT_HASH = 5; public static final int SHT_DYNAMIC = 6; public static final int SHT_NOTE = 7; public static final int SHT_NOBITS = 8; public static final int SHT_REL = 9; public static final int SHT_SHLIB = 10; public static final int SHT_DYNSYM = 11; public static final int SHT_NUM = 12; public static final int SHT_LOPROC = 0x70000000; public static final int SHT_HIPROC = 0x7fffffff; public static final int SHT_LOUSER = 0x80000000; public static final int SHT_HIUSER = 0xffffffff; public static final int SHT_MIPS_LIST = 0x70000000; public static final int SHT_MIPS_CONFLICT = 0x70000002; public static final int SHT_MIPS_GPTAB = 0x70000003; public static final int SHT_MIPS_UCODE = 0x70000004;