Modify asm instructions in an ELF binary

Question

I have the following ASM code from a simple obfuscated C program given to me as an assignment.

   0x00000000004006a0 <+147>:   lea    -0x20(%rbp),%rax
   0x00000000004006a4 <+151>:   mov    %rdx,%rsi
   0x00000000004006a7 <+154>:   mov    %rax,%rdi
   0x00000000004006aa <+157>:   callq  0x400713 <SECRET>   <======
   0x00000000004006af <+162>:   movl   $0x0,-0x24(%rbp)
   0x00000000004006b6 <+169>:   jmp    0x4006d8 <main+203>
   0x00000000004006b8 <+171>:   mov    -0x24(%rbp),%eax

The goal is find and remove a function (patch the program binary) that is causing a Segmentation Fault. I have found what function is causing the segfault, but I don't know how to patch the binary.

My problem is how to patch

 0x00000000004006aa <+157>:   callq  0x400713 <SECRET>

so that I wont call SECRET function.

If I use gdb to skip/jump SECRET by modifying the program counter while single-stepping at run-time, the program finishes execution and gives me the the output I want.

What I want is a permanently-modified copy of the executable binary file that always skips without using a debugger.

Answer 1

I was curious on what else I can do with GDB. I managed to change the assembly with GDB and the patched program is working as it should.

I tried using nop but it didn't work then I looked to jump function. How my patch works is:

(gdb) set {unsigned char *}0x4006aa = 0xEB
(gdb) set {unsigned char *}0x4006ab = 0x0C

I am doing is a short jump. Short jump opcode is EB XX where XX is the relative jump from the IP / PC. So in this case I have to jump ahead 12 bytes, also the instruction is 2 bytes, so I write it in consecutive memory locations. I write the new modified binary to hard drive and everything great.

It took me a day of experimentation but at the end I learned a lot. :D