linux-injector

Utility for injecting executable code into a running process on x86/x64 Linux. It uses

ptrace()

mmap()

Requirements

• fasm, the flat assembler

Building

With fasm installed in your

PATH

make

Included programs and files

• print: Test program for executing shellcode using a variety of techniques:

  fork()

  ,

  clone()

  , clone syscall with inline assembly.
• dummy: A trivial program for injecting into. Prints a message every second, then sleeps.
• injector: The main program for injecting executable code into a running process. Simply provide it with the PID of the process to inject into, and the shellcode to execute:

./injector 1234 print64.bin

• clone64.asm, clone32.asm, mmap64.asm, mmap32.asm: Shellcode stubs used by the injector.
• print64.asm, print32.asm: Sample shellcode for printing a single line to stdout. Useful for testing the injector.

References

• Linux Threads Through a Magnifier: Local Threads
• Linux Threads Through a Magnifier: Remote Threads
• Jugaad thread injection kit
• https://sourceware.org/ml/libc-help/2009-05/msg00090.html
• Ptrace protection since Ubuntu 10.10
• Single Process Parasite: The quest for the stealth backdoor

Further work

I plan on expanding this project to be a full ELF shared library injector. While this tool could theoretically be used as-is to inject a statically-compiled, position-independent ELF library, I want to be able to parse libraries with dynamically-loaded dependencies and load those dependencies as part of the injection process. The following resources are a useful starting point: * Injectso * Dynamically inject a shared library into a running process on Android/ARM * ELF file format * The Inside Story on Shared Libraries and Dynamic Loading

Copyright (c) 2015, Dan Staples. This code is available under the GNU General Public License, version 3.