Revision as of 12:40, 8 February 2016 by Xemul (talk | contribs)
Jump to navigation Jump to search


Usage ideas

One thing parasite code can do is call clone() and create thread having access to main process VM, FDT, FS, etc. The new thread can then

  • Check socket FDs to get stuck/closed, re-open them and dup2() into original places
    • Problem: how to inform the original process about this change

Another is to do some activity on the victim and then just unload. With this we can

  • Death detection. Open pipe/socket and pass the other end outside. Once the victim dies the pipe/socket will wake up.
  • Binary updates. E.g. live patching or libr relink