| Current | v9 | v8 | v7 | v6 | v5 | v4 | v3 | v2 | v1 | All | About |
Next: The Algorithm
Up: Linux Improvised Userland Scheduler
Previous: Improvising a Userland Scheduler
Contents
Runtime Process Infection
Runtime infection is done using the notorious ptrace() syscall, which allows a process to attach to another process, assuming of course, that it has root privileges or has a father-child relationship with some exceptions to it. Once the attached process gets into debugging mode, it is possible to modify its registers and write/read from its address space. These are features that are required to slip in the virus code and activate it. For an in-depth review of the ptrace() injection method, refer to the "Building ptrace Injecting Shellcodes" article in Phrack 59[1].
Subsections