I’ll note that another approach, if the patch is small enough (e.g. under 1k), is to place it within the existing executable PT_LOAD segment, overwriting the stretch of padding bytes after the last section. Since each loadable segment needs to be page-aligned – and since this alignment needs to be reflected in the file’s image – there is often a nice chunk (on average, ~2k) of unused padding bytes between the .text and .rodata sections.
I’ll note that another approach, if the patch is small enough (e.g. under 1k), is to place it within the existing executable
PT_LOADsegment, overwriting the stretch of padding bytes after the last section. Since each loadable segment needs to be page-aligned – and since this alignment needs to be reflected in the file’s image – there is often a nice chunk (on average, ~2k) of unused padding bytes between the.textand.rodatasections.(See the
infectprogram in https://www.muppetlabs.com/~breadbox/software/elfkickers.html for some sample code that does this.)That said, I love this approach too. The idea of hijacking one of the
PT_NOTEsegments is a good one!