Now emp3r0r agent reads its config info by parsing os.Args[0], which works in most cases. However, sometimes os.Args[0] is not guaranteed to be the (unmodified) agent binary itself, instead, it can be the executable file of injected process, or some packed agent binary.
To address this issue, it's better that we read config data from somewhere reliable, for example, we can wrap the data with our MagicString, and append it to stub.exe. When reading the config, we read /proc/self/mem and search for the magic string, split and extract our config data.
Now emp3r0r agent reads its config info by parsing
os.Args[0]
, which works in most cases. However, sometimesos.Args[0]
is not guaranteed to be the (unmodified) agent binary itself, instead, it can be the executable file of injected process, or some packed agent binary.https://github.com/jm33-m0/emp3r0r/blob/5a1dcd4e8fc5be35f6e7d4ed96d1b975d9e98d9b/core/lib/agent/config.go#L22
To address this issue, it's better that we read config data from somewhere reliable, for example, we can wrap the data with our
MagicString
, and append it tostub.exe
. When reading the config, we read/proc/self/mem
and search for the magic string, split and extract our config data.