Help: wondering some code snippets' implement.

[Squirre17]

drow/src/elf_patch.c

Line 129 in 30ed509

if (shtable[j+1].sh_addr - shtable[j].sh_addr+shtable[j].sh_size >= patch_size+stager_size) {

I plot a layout like the following:

        |------------------| <-- shtable[j].sh_addr
        |                  |                     ↑
        |                  |                     |
        |    content of    |              shtable[j].sh_size
        |     section      |                     |
        |                  |                     ↓
        |------------------| <-------------------|
        |      vacuum      |
        |    for  payload  |
        |      inject      |
        |------------------| <-- shtable[j+1].sh_addr

patch_size and stager_size together represent the total size of the payload. Therefore, I believe that the correct condition would be shtable[j+1].sh_addr - shtable[j].sh_addr - shtable[j].sh_size >= patch_size + stager_size. However, please let me know if I have misunderstood the implementation or if there are any errors in my statement."

[Risminator]

I think you are absolutely right! I've been testing it for a while now, and the initial condition is, indeed, incorrect: drow says that the injection is successful when, in fact, it is not, as there is not enough space. But using your corrected condition, drow makes accurate predictions whether the injection will be successful or not, the space needed is calculated as it should be.

Tested on edge cases when the target program goes from successful execution to segmenetation fault on start.