1. 16
  1. 1

    I’ll note that another approach, if the patch is small enough (e.g. under 1k), is to place it within the existing executable PT_LOAD segment, overwriting the stretch of padding bytes after the last section. Since each loadable segment needs to be page-aligned – and since this alignment needs to be reflected in the file’s image – there is often a nice chunk (on average, ~2k) of unused padding bytes between the .text and .rodata sections.

    (See the infect program in https://www.muppetlabs.com/~breadbox/software/elfkickers.html for some sample code that does this.)

    That said, I love this approach too. The idea of hijacking one of the PT_NOTE segments is a good one!