Closed elsisoft closed 3 years ago
kubo
commented
3 years ago Could you use LD_PRELOAD instead?
I made this just for PoC. I don't intend to make it suitable for production because it may stop processes forever. See caveats. However patches welcome.
elsisoft
commented
3 years ago Ok, I solve it, need only make liitle more than I thinked before. need make fork() + ptrace(PTRACE_TRACEME, 0, 0, 0) + execv), after waiting first SIGTRAP. here need set breakpoint to oep (because at this moment libraries has not been loaded) and continue execution, on OEP breakpoint we can use inject library (only without PTRACE_ATTACH) and all working ok.
Hi can you add option to run app with injection shared library on start? for sample, we start app in freeze mode (as fork() + ptrace(PTRACE_TRACEME, 0, 0, 0) + execv), after waiting SIGTRAP, do inject shared library and continue execute app? (as for windows like CreateProcess suspend and inject) I think this will be very helpful options too. Thanks