Informative Information for the Uninformed | ||||||||||||||
|
||||||||||||||
Code injectionThe concept of using the Mach API in order to inject code into another task has been demonstrated numerous times. The most well known implementation is named mach_inject[4]. This code uses task_for_pid() to get a port for the chosen pid. The thread_create_running() function is used to create a thread in the task and set the register state. In this way control of execution is gained. This code has been rewritten using the same method for the intel platform[5]. It's also pretty easy to set the thread starting state to point to the dlopen() function and load a dylib from disk. Or even vm_map() an object file into the process space by hand and fix up relocations yourself.
|