开源软件名称（OpenSource Name）：

开源软件地址(OpenSource Url)：

开源编程语言(OpenSource Language)：

开源软件介绍(OpenSource Introduction)：

linux-injector

Utility for injecting executable code into a running process on x86/x64 Linux. It uses ptrace() to attach to a process, then mmap()'s memory regions for the injected code, a new stack, and space for trampoline shellcode. Finally, the trampoline in the target process is used to create a new thread and execute the chosen shellcode, so the main thread is allowed to continue. This project borrows from a number of other projects and research, see References below.

Requirements

• fasm, the flat assembler

Building

With fasm installed in your PATH, simply run:

make

Included programs and files

• print: Test program for executing shellcode using a variety of techniques: fork(), clone(), clone syscall with inline assembly.

• dummy: A trivial program for injecting into. Prints a message every second, then sleeps.

• injector: The main program for injecting executable code into a running process. Simply provide it with the PID of the process to inject into, and the shellcode to execute:

  ./injector 1234 print64.bin

• clone64.asm, clone32.asm, mmap64.asm, mmap32.asm: Shellcode stubs used by the injector.

• print64.asm, print32.asm: Sample shellcode for printing a single line to stdout. Useful for testing the injector.

References

• Linux Threads Through a Magnifier: Local Threads
• Linux Threads Through a Magnifier: Remote Threads
• Jugaad thread injection kit
• https://sourceware.org/ml/libc-help/2009-05/msg00090.html
• Ptrace protection since Ubuntu 10.10
• Single Process Parasite: The quest for the stealth backdoor

Further work

I plan on expanding this project to be a full ELF shared library injector. While this tool could theoretically be used as-is to inject a statically-compiled, position-independent ELF library, I want to be able to parse libraries with dynamically-loaded dependencies and load those dependencies as part of the injection process. The following resources are a useful starting point:

• Injectso
• Dynamically inject a shared library into a running process on Android/ARM
• ELF file format
• The Inside Story on Shared Libraries and Dynamic Loading

Copyright (c) 2015, Dan Staples. This code is available under the GNU General Public License, version 3.