433
edits
Changes
Jump to navigation
Jump to search
no edit summary
Line 3:
Line 3:
Parasite code is a binary blob of code built in [http://en.wikipedia.org/wiki/Position-independent_code PIE] format for execution inside another process address space. As result in a sake of simplicity parasite code utilize native system calls only.
Parasite code is a binary blob of code built in [http://en.wikipedia.org/wiki/Position-independent_code PIE] format for execution inside another process address space. As result in a sake of simplicity parasite code utilize native system calls only.
−=== Bootstrapping the parasite ===
+=== Running the parasite ===
Injection of a parasite code may be spitted into two phases
Injection of a parasite code may be spitted into two phases
Line 14:
Line 14:
Parasite code injection is simple: because we have a shared memory slab allocated inside victim space we can scan <code>/proc/$pid/map_files/</code> directory and open this slab inside CRIU address space. Once opened we simply copy parasite code there with '''memcpy'''.
Parasite code injection is simple: because we have a shared memory slab allocated inside victim space we can scan <code>/proc/$pid/map_files/</code> directory and open this slab inside CRIU address space. Once opened we simply copy parasite code there with '''memcpy'''.
−At this moment we can run parasite code adjusting CS:IP of the victim and call '''ptctl''' again. After that parasite is spinning listening the socket for commands from outside world.
+At this moment we can run parasite code adjusting CS:IP of the victim and call '''prctl''' again. After that parasite is spinning listening the socket for commands from outside world.
[[Category: Under the hood]]
[[Category: Under the hood]]