linux-injector

Utility for injecting executable code into a running process on x86/x64 Linux. It uses ptrace() to attach to a process, then mmap()'s memory regions for the injected code, a new stack, and space for trampoline shellcode. Finally, the trampoline in the target process is used to create a new thread and execute the chosen shellcode, so the main thread is allowed to continue. This project borrows from a number of other projects and research, see References below.

Requirements

fasm, the flat assembler

Building

With fasm installed in your PATH, simply run:

make

Included programs and files

print: Test program for executing shellcode using a variety of techniques: fork(), clone(), clone syscall with inline assembly.
dummy: A trivial program for injecting into. Prints a message every second, then sleeps.
injector: The main program for injecting executable code into a running process. Simply provide it with the PID of the process to inject into, and the shellcode to execute:

./injector 1234 print64.bin
clone64.asm, clone32.asm, mmap64.asm, mmap32.asm: Shellcode stubs used by the injector.
print64.asm, print32.asm: Sample shellcode for printing a single line to stdout. Useful for testing the injector.

References

Further work

I plan on expanding this project to be a full ELF shared library injector. While this tool could theoretically be used as-is to inject a statically-compiled, position-independent ELF library, I want to be able to parse libraries with dynamically-loaded dependencies and load those dependencies as part of the injection process. The following resources are a useful starting point:

dismantl/linux-injector

dismantl

Reviews

Repository Details