1,067
edits
Changes
Jump to navigation
Jump to search
Line 54:
Line 54: − + − + − + − + − + − + − + − + − + − + Line 74:
Line 74: − + − + Line 85:
Line 85: − +
→Running parasite code: slight rewording
== Running parasite code ==
== Running parasite code ==
So, in order to infect a task with parasite one must.
So, in order to infect a task with parasite one must do the following.
* Stop the task with <code>compel_stop_task(int pid)</code> call and keep the return value if it's positive (it contains the task state)
* Stop the task. This is done by calling <code>compel_stop_task(int pid)</code>. Its return value should be saved in case it's positive (it contains the task state).
* Prepare the infection handler with <code>compel_prepare(int pid)</code> call. The return value is an opaque pointer to <code>struct parasite_ctl</code>
* Prepare the infection handler. This is done by calling <code>compel_prepare(int pid)</code>. The return value is an opaque pointer to <code>struct parasite_ctl</code>.
* Run the remote code
* Run the remote code:
** Just execute a system call with <code>compel_syscall(ctl, int syscall_nr, long *ret, int arg ... (6 of them))</code>
** Execute a system call with <code>compel_syscall(ctl, int syscall_nr, long *ret, int arg ...)</code> (all 6 parameters)
** Infect victim with parasite blob with <code>compel_infect(ctl, nr_thread, size_of_args_area)</code>
** Infect the victim with the parasite blob by calling <code>compel_infect(ctl, nr_thread, size_of_args_area)</code>
* Cure the victim with <code>compel_cure(ctl)</code> and stop using the ctl pointer as it's freed by the call
* Cure the victim by calling <code>compel_cure(ctl)</code>. Note that <code>ctl</code> pointer is freed by the call so it should not be used thereafter.
* Resume the task with <code>compel_resume_task(pid, orig_state, state)</code> with the saved state value
* Resume the task by calling <code>compel_resume_task(pid, orig_state, state)</code> with the saved state value from the first step.
=== Infecting ===
=== Infecting ===
Infecting the victim with parasite blob needs some special treatment.
Infecting the victim with a parasite blob needs some special treatment.
First, the ctl should be configured with the blob information. Currently there's only one type of blobs, generated by <code>compel hgen</code>. To put this info into ctl one should call <code>compel_parasite_blob_desc(ctl)</code> to get a pointer on <code>struct parasite_blob_desc</code> and fill in the fields of this strucure
First, the <code>ctl</code> should be configured with the blob information. Currently there is only one type of blobs, generated by <code>compel hgen</code>. To put this info into ctl, one should call <code>compel_parasite_blob_desc(ctl)</code> to get a pointer on <code>struct parasite_blob_desc</code> and fill in the fields of this strucure:
* <code>.parasite_type</code> should be set to <code>COMPEL_BLOB_CHEADER</code>
* <code>.parasite_type</code> should be set to <code>COMPEL_BLOB_CHEADER</code>
* <code>.hdr.bsize</code> should be set to the sizeof(this symbol)
* <code>.hdr.bsize</code> should be set to the sizeof(this symbol)
* <code>.hdr.nr_gotpcrel</code> should be set to the <code>parasite_nr_gotpcrel</code> of hgen
* <code>.hdr.nr_gotpcrel</code> should be set to the <code>parasite_nr_gotpcrel</code> of hgen
* Three offsets below should be set to respective offsets generated with the <code>parasite_sym</code> value
* The following three offsets should be set to respective offsets generated with the <code>parasite_sym</code> value
** <code>.hdr.parasite_ip_off</code> to <code>COMPEL_H_PARASITE_HEAD(parasite_sym)</code>
** <code>.hdr.parasite_ip_off</code> to <code>COMPEL_H_PARASITE_HEAD(parasite_sym)</code>
** <code>.hdr.addr_cmd_off</code> to <code>COMPEL_H_PARASITE_CMD(parasite_sym)</code>
** <code>.hdr.addr_cmd_off</code> to <code>COMPEL_H_PARASITE_CMD(parasite_sym)</code>
** <code>.hdr.addr_arg_off</code> to <code>COMPEL_H_PARASITE_ARGS(paraste_sym)</code>
** <code>.hdr.addr_arg_off</code> to <code>COMPEL_H_PARASITE_ARGS(paraste_sym)</code>
* <code>.hdr.relocs</code> should be set to <code>parasite_relocs</code> argument (it's an array)
* <code>.hdr.relocs</code> should be set to <code>parasite_relocs</code> argument (it's an array)
* <code>.hdr.nr_relocs</code> should be set to the number of elements in this array (<code>sizeof(arr)/sizeof(arr[0])</code>)
* <code>.hdr.nr_relocs</code> should be set to a number of elements in this array (<code>sizeof(arr)/sizeof(arr[0])</code>)
Second, when infecting a parasite one should specify the amount of threads it will mess with (1, if only the thread leader will be accessed) and the maximum size of the memory area shared between infecting task and parasite used for arguments/result passing.
Second, when infecting a parasite one should specify the amount of threads it will mess with (1, if only the thread leader will be accessed) and the maximum size of the memory area shared between infecting task and parasite used for arguments/result passing.
=== Arguments passing ===
=== Arguments passing ===
To pass arguments between the infecting code and parasite one may call <code>compel_parasite_args(ctl, type)</code> and get the pointer where it can put data. Subsequent calls to <code>compel_rpc_call[_sync]()</code> would result int this data visible in <code>void *arg</code> address of the <code>parasite_daemon_cmd()</code>.
To pass arguments between the infecting code and parasite, one may call <code>compel_parasite_args(ctl, type)</code> and get the pointer where it can put data. Subsequent calls to <code>compel_rpc_call[_sync]()</code> will result in this data visible in <code>void *arg</code> address of the <code>parasite_daemon_cmd()</code>.
== See also ==
== See also ==