Changes

161 bytes added ,  20:12, 2 December 2014
no edit summary
Line 16: Line 16:  
At this moment we can run parasite code adjusting CS:IP of the victim and call '''prctl''' again. After that parasite is spinning listening the socket for commands from outside world.
 
At this moment we can run parasite code adjusting CS:IP of the victim and call '''prctl''' again. After that parasite is spinning listening the socket for commands from outside world.
    +
=== Parasite internal structure ===
 +
 +
Internally parasite code is represented as two blocks
 +
 +
# a head written in assembly language
 +
# a body written in C language
 
[[Category: Under the hood]]
 
[[Category: Under the hood]]