433
edits
Changes
Jump to navigation
Jump to search
Line 3:
Line 3: − + Line 14:
Line 14: − +
no edit summary
Parasite code is a binary blob of code built in [http://en.wikipedia.org/wiki/Position-independent_code PIE] format for execution inside another process address space. As result in a sake of simplicity parasite code utilize native system calls only.
Parasite code is a binary blob of code built in [http://en.wikipedia.org/wiki/Position-independent_code PIE] format for execution inside another process address space. As result in a sake of simplicity parasite code utilize native system calls only.
=== Bootstrapping the parasite ===
=== Running the parasite ===
Injection of a parasite code may be spitted into two phases
Injection of a parasite code may be spitted into two phases
Parasite code injection is simple: because we have a shared memory slab allocated inside victim space we can scan <code>/proc/$pid/map_files/</code> directory and open this slab inside CRIU address space. Once opened we simply copy parasite code there with '''memcpy'''.
Parasite code injection is simple: because we have a shared memory slab allocated inside victim space we can scan <code>/proc/$pid/map_files/</code> directory and open this slab inside CRIU address space. Once opened we simply copy parasite code there with '''memcpy'''.
At this moment we can run parasite code adjusting CS:IP of the victim and call '''ptctl''' again. After that parasite is spinning listening the socket for commands from outside world.
At this moment we can run parasite code adjusting CS:IP of the victim and call '''prctl''' again. After that parasite is spinning listening the socket for commands from outside world.
[[Category: Under the hood]]
[[Category: Under the hood]]