R3x
commented
4 years ago Also missing - Makefile
Closed adityavardhanpadala closed 3 years ago
R3x
commented
4 years ago Also missing - Makefile
adityavardhanpadala
commented
4 years ago @R3x I modified the skeleton code to trace the function calls and added necessary utility functions. Couldn't add the rest of the code as I was having compile issues will fix and send the changes soon
adityavardhanpadala
commented
4 years ago The current output is as follows we just need to find a way to compare the call address and ptrace address. Then we can patch the program in the detach routine.
0x7f49516c74ba call 0x7f49516d14e0
0x7f49516bfed1 call qword ptr [rip+0x1d099]
0x7f49516bff58 call qword ptr [r14]
0x5620d3bb0122 call 0x5620d3bb0040
0x7f493d1641f6 call 0x7f493d1b1a80
0x5620d3bb0127 call 0x5620d3bb0090
0x7f49516bff7b call rax
0x7f49516bfdc1 call qword ptr [rip+0x1d1a1]
0x7f493d163ace call 0x7f493d13f330
0x7f493d163b30 call qword ptr [rbx]
0x7f493d1aff04 call 0x7f493d1afbb0
0x7f493d1afc08 call rax
0x7f493d1aff3e call rax
0x7f493d163b3d call 0x7f493d200100
Done Execution Ptrace at 7f493d232890
Looks like this doesn't have any functionality yet. Remove all the unnecessary code. And we can merge it.