Changes

Jump to navigation Jump to search
165 bytes added ,  14:00, 25 November 2016
Line 52: Line 52:  
After this the <code>parasite.h</code> file should be included into the infecting program and compiled with it.
 
After this the <code>parasite.h</code> file should be included into the infecting program and compiled with it.
   −
== Communicating ==
+
== Running parasite code ==
   −
There are several ways to pass parameters to the parasite code.
+
So, in order to infect a task with parasite one must.
   −
If you run the parasite binary from CLI, the command line arguments after <code>--</code> are passed into the parasite's <code>main()</code> function.
+
* Stop the task with <code>compel_stop_task(int pid)</code> call and keep the return value if it's positive (it contains the task state)
 
+
* Prepare the infection handler with <code>compel_prepare(int pid)</code> call. The return value is an opaque pointer to <code>struct parasite_ctl()</code>
<pre>
+
* Run the remote code
$ compel run -f foo.compel.o -p 123 -- arg1 arg2 arg3
+
** Just execute a system call with <code>compel_syscall(ctl, int syscall_nr, long *ret, int arg ... (6 of them))</code>
</pre>
+
** Infect victim with parasite blob with <code>compel_infect(ctl, nr_thread, size_of_args_area)</code>
 
+
* Cure the victim with <code>compel_cure(ctl)</code> and stop using the ctl pointer as it's freed by the call
In <code>main()</code>, the standard <code>argc</code> and <code>argv</code> can be obtained using the following code:
+
* Resume the task with <code>compel_resume_task(pid)</code>
 
  −
<source lang="C">
  −
argc = std_argc(arg_p);
  −
argv = std_argv(arg_p, argc);
  −
</source>
  −
 
  −
These calls are available in <code>argv</code> [[compel plugins|plugin]]. Now, argc and argv can be handled as usual.
      
== See also ==
 
== See also ==

Navigation menu