Changes

6 bytes removed ,  18:16, 1 December 2014
no edit summary
Line 3: Line 3:  
Parasite code is a binary blob of code built in [http://en.wikipedia.org/wiki/Position-independent_code PIE] format for execution inside another process address space. As result in a sake of simplicity parasite code utilize native system calls only.
 
Parasite code is a binary blob of code built in [http://en.wikipedia.org/wiki/Position-independent_code PIE] format for execution inside another process address space. As result in a sake of simplicity parasite code utilize native system calls only.
   −
=== Bootstrapping the parasite ===
+
=== Running the parasite ===
    
Injection of a parasite code may be spitted into two phases
 
Injection of a parasite code may be spitted into two phases
Line 14: Line 14:  
Parasite code injection is simple: because we have a shared memory slab allocated inside victim space we can scan <code>/proc/$pid/map_files/</code> directory and open this slab inside CRIU address space. Once opened we simply copy parasite code there with '''memcpy'''.
 
Parasite code injection is simple: because we have a shared memory slab allocated inside victim space we can scan <code>/proc/$pid/map_files/</code> directory and open this slab inside CRIU address space. Once opened we simply copy parasite code there with '''memcpy'''.
   −
At this moment we can run parasite code adjusting CS:IP of the victim and call '''ptctl''' again. After that parasite is spinning listening the socket for commands from outside world.
+
At this moment we can run parasite code adjusting CS:IP of the victim and call '''prctl''' again. After that parasite is spinning listening the socket for commands from outside world.
    
[[Category: Under the hood]]
 
[[Category: Under the hood]]