From: krinkin.m.u@gmail.com (Mike Krinkin)
To: kernelnewbies@lists.kernelnewbies.org
Subject: Inject custom code or data into running process
Date: Tue, 3 Jan 2017 23:11:09 +0300 [thread overview]
Message-ID: <20170103201107.GB29904@gmail.com> (raw)
In-Reply-To: <1268311483473295@web40m.yandex.ru>
On Tue, Jan 03, 2017 at 10:54:55PM +0300, Sayutin Dmitry wrote:
> This sounds like a solution, but it's a bit complicated one.
>
> I would prefer to implement injection in kernel space, because it should be more simple.
> Thank you for your idea nevertheless =)
you are welcome, if you really want to implement injection in kernel
space (IMHO, i'm not sure that it would be easier), you can look at
here:
http://man7.org/linux/man-pages/man7/vdso.7.html
Kernel maps vdso in user space app memory (though it's possible to
disable vdso all together, AFAIK), so if you can add your injection
in vdso, kernel will map your code in an application address space.
>
> 03.01.2017, 22:45, "Mike Krinkin" <krinkin.m.u@gmail.com>:
> > On Tue, Jan 03, 2017 at 10:24:11PM +0300, Sayutin Dmitry wrote:
> >> ?Hello, how one should inject code or data into allready running process?
> >
> > If you have enough priviledges to use ptrace you can write in a target
> > process memory. Though, AFAIK, you can only overwrite existing memory and
> > can't create new mapping using ptrace, so in order to overcome this you
> > need to save original code first, rewrite it with your injection bootstrap
> > code (bootstrap code for example can load a shared library), execute it
> > and then return original code back.
> >
> >> ?There is no need to start code execution at this point, but it should appear in it's virtual memory.
> >>
> >> ?Moreover, i want this data to persist across execve's or clone's (probably can be implemented as hook on appropriate kernel methodes)
> >>
> >> ?(If you want to know motivation for this -- I want to implement some new idea on sandboxing).
> >>
> >> ?Thanks in advance, Sayutin Dmitry <cdkrot@yandex.ru>
> >>
> >> ?_______________________________________________
> >> ?Kernelnewbies mailing list
> >> ?Kernelnewbies at kernelnewbies.org
> >> ?https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>
> -----
> Sayutin Dmitry <cdkrot@yandex.com>
next prev parent reply other threads:[~2017-01-03 20:11 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-03 19:24 Inject custom code or data into running process Sayutin Dmitry
2017-01-03 19:45 ` Mike Krinkin
2017-01-03 19:54 ` Sayutin Dmitry
2017-01-03 20:11 ` Mike Krinkin [this message]
[not found] ` <114118.1483472426@turing-police.cc.vt.edu>
2017-01-03 19:49 ` Sayutin Dmitry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170103201107.GB29904@gmail.com \
--to=krinkin.m.u@gmail.com \
--cc=kernelnewbies@lists.kernelnewbies.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.