SlideShare a Scribd company logo

bh-europe-01-clowes

Download as PPT, PDF
G
guest3e5046
TechnologyEducation
1 of 117
injectso Modifying and Spying on running processes under Linux and Solaris Shaun Clowes – shaun@securereality.com.au
Overview – Part 1 ,[object Object],[object Object],[object Object],[object Object]
Overview – Part 2 ,[object Object],[object Object],[object Object],[object Object],[object Object]
Introduction to InjLib ,[object Object],[object Object],[object Object],[object Object],[object Object]
InjLib ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
InjLib – Basic Process ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
InjLib – Step 1 ,[object Object],[object Object],[object Object],[object Object]
InjLib – Step 1 ,[object Object],[object Object],[object Object]
InjLib – Step 1 ,[object Object],[object Object],[object Object],[object Object]
InjLib – Step 2 ,[object Object],[object Object],[object Object],[object Object]
InjLib – Step 3 ,[object Object],[object Object],[object Object],[object Object],[object Object]
InjLib – Step 4 ,[object Object],[object Object],[object Object],[object Object]
InjLib – Step 5 ,[object Object],[object Object],[object Object],[object Object],[object Object]
InjLib – Step 6 ,[object Object],[object Object]
InjLib – Result ,[object Object],[object Object],[object Object],[object Object]
InjLib – What next? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Introduction to injectso ,[object Object],[object Object],[object Object],[object Object]
Modifying Programs/Processes ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Modifying Programs/Processes under Unix ,[object Object],[object Object],[object Object],[object Object]
Breakdown of ELF ,[object Object],[object Object],[object Object],[object Object],[object Object]
Breakdown of ELF ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
ELF ‘Views’ ,[object Object],[object Object],[object Object]
ELF ‘Views’ – Split
ELF Linking View ,[object Object],[object Object],[object Object],[object Object],[object Object]
ELF Linking View – Important Sections Procedure linkage table .plt String tables .strtab, .dynstr Relocations for section x .rel.<x> Code .text Symbols (static/dynamic) .symtab, .dynsym Dynamic linking information .dynamic Requested Dynamic linker .interp
ELF Linking View ,[object Object],[object Object],[object Object],[object Object]
ELF Loading View ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
ELF Loading View – Segment Types Segment loaded into memory LOAD Dynamic linking information DYNAMIC Dynamic linker for this executable INTERP
ELF ‘Views’ - Linking to Loading
ELF Loading View ,[object Object],[object Object]
Loading and Executing an ELF Executable ,[object Object],[object Object],[object Object],[object Object]
The Dynamic Section/Segment ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Dynamic Segment Record Tags Name of a required shared library DT_NEEDED Pointer to debugging information from dynamic linker DT_DEBUG Address of relocation entries associated with the PLT DT_JMPREL
Loading and Executing an ELF Executable ,[object Object],[object Object],[object Object],[object Object]
The Procedure Linkage Table ,[object Object],[object Object],[object Object],[object Object],[object Object]
The Procedure Linkage Table
The Procedure Linkage Table ,[object Object],[object Object]
Dynamic Symbols/Relocations ,[object Object],[object Object],[object Object]
The Global Offset Table ,[object Object],[object Object],[object Object],[object Object],[object Object]
DT_DEBUG Record ,[object Object],[object Object],[object Object],[object Object],[object Object]
Binary Patching ,[object Object],[object Object],[object Object],[object Object]
Binary Patching – Inserting Code ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Binary Patching – Inserting Code ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Binary Patching – Adding a Segment
Binary Patching – Patch what? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Binary Patching - Demo ,[object Object]
Binary Patching - Advantages ,[object Object],[object Object],[object Object],[object Object]
Binary Patching - Disadvantages ,[object Object],[object Object],[object Object],[object Object],[object Object]
Binary Patching - Disadvantages ,[object Object],[object Object],[object Object],[object Object]
In Core Patching ,[object Object],[object Object]
In Core Patching ,[object Object],[object Object],[object Object]
In Core Patching ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
In Core Patching ,[object Object],[object Object]
In Core Patching - Demo ,[object Object]
In Core Patching - Advantages ,[object Object],[object Object],[object Object],[object Object]
In Core Patching - Disadvantages ,[object Object],[object Object],[object Object],[object Object]
Dynamic Loader Environment ,[object Object],[object Object],[object Object],[object Object]
Dynamic Loader Tricks ,[object Object],[object Object],[object Object]
Dynamic Loader Tricks – Process View
Dynamic Linker Tricks - Resolution ,[object Object],[object Object],[object Object],[object Object],[object Object]
Dynamic Linker – Function Call Interception ,[object Object],[object Object],[object Object]
Dynamic Linker – Getting in First ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Dynamic Linker – Getting in First ,[object Object],[object Object],[object Object]
Dynamic Linker – Calling Real Function ,[object Object],[object Object],[object Object],[object Object]
Dynamic Linker Tricks - Demo ,[object Object]
Dynamic Linker Tricks - Advantages ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Dynamic Linker Tricks - Disadvantages ,[object Object],[object Object],[object Object],[object Object],[object Object]
injectso - End Part 1 Questions?
injectso - Part 2
Re-Overview – Part 2 ,[object Object],[object Object],[object Object],[object Object],[object Object]
injectso Teaser ,[object Object],[object Object],[object Object]
injectso – Simple Demo ,[object Object]
injectso Vs InjLib ,[object Object],[object Object],[object Object]
injectso Vs Injlib ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
injectso Vs Injlib ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
injectso – Conceptual Steps ,[object Object],[object Object]
injectso – Conceptual Steps ,[object Object],[object Object],[object Object],[object Object],[object Object]
Step 1. Attaching to Process ,[object Object],[object Object],[object Object],[object Object],[object Object]
Step 1. Attaching to Process ,[object Object],[object Object],[object Object],[object Object],[object Object]
Step 2. Library Open Functions ,[object Object],[object Object],[object Object],[object Object]
Step 2. Library Open Functions ,[object Object],[object Object],[object Object]
Step 2. Library Open Functions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Step 2. Library Open Functions ,[object Object]
Step 2. Locating Library Functions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Step 2. Locating Library Functions ,[object Object],[object Object],[object Object]
Step 2. Locating Library Functions ,[object Object],[object Object],[object Object],[object Object],[object Object]
Step 2. Locating Library Functions
Step 3. Calling the Loader Routine ,[object Object],[object Object],[object Object]
Step 3. Calling the Loader Routine ,[object Object],[object Object],[object Object],[object Object],[object Object]
Step 3a. Syscall Interruption ,[object Object],[object Object],[object Object],[object Object]
Step 3a. Syscall Interruption ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Step 3a. Syscall Interruption ,[object Object],[object Object],[object Object],[object Object],[object Object]
Step 3a. Syscall Interruption ,[object Object],[object Object],[object Object],[object Object]
Step 3a. Syscall Interruption ,[object Object],[object Object],[object Object]
Step 3b. Calling Function ,[object Object],[object Object],[object Object],[object Object],[object Object]
Step 3b. Calling Function ,[object Object],[object Object],[object Object],[object Object]
Step 3b. Calling Function ,[object Object],[object Object],[object Object],[object Object],[object Object]
Step 3b. Calling Function ,[object Object],[object Object],[object Object],[object Object],[object Object]
injectso - Success ,[object Object],[object Object],[object Object]
injectso - Demo ,[object Object]
injectso – Issues ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
injectso – What next? ,[object Object],[object Object],[object Object],[object Object]
injectso – User Function Call ,[object Object],[object Object],[object Object],[object Object],[object Object]
Intercept.o – Intercepting Function Calls ,[object Object],[object Object],[object Object],[object Object]
Intercept.o – Intercepting Function Calls
Intercept.o – Intercepting Function Calls ,[object Object],[object Object],[object Object]
injectso – Demo - Interception ,[object Object]
injectso – Protecting Applications ,[object Object],[object Object],[object Object]
injectso – Demo - Protection ,[object Object]
injectso – Subverting Applications ,[object Object],[object Object],[object Object]
injectso – Demo - Subversion ,[object Object]
injectso - Advantages ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
injectso – Advantages ,[object Object],[object Object],[object Object],[object Object]
injectso - Disadvantages ,[object Object],[object Object]
Protecting against injectso ,[object Object],[object Object],[object Object],[object Object]
injectso – The Future ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Thank you for listening! ,[object Object],[object Object],[object Object],[object Object],[object Object]

Recommended

Embedded c
Embedded cEmbedded c
Embedded cAmi Prakash
 
Linker and loader upload
Linker and loader uploadLinker and loader upload
Linker and loader uploadBin Yang
 
loaders and linkers
loaders and linkers loaders and linkers
loaders and linkersTemesgen Molla
 
Introduction to systems programming
Introduction to systems programmingIntroduction to systems programming
Introduction to systems programmingMukesh Tekwani
 
Hs P005 Reflective Dll Injection
Hs P005 Reflective Dll InjectionHs P005 Reflective Dll Injection
Hs P005 Reflective Dll InjectionKarlFrank99
 
Compilation
CompilationCompilation
CompilationDavid Halliday
 
Dynamic Linker
Dynamic LinkerDynamic Linker
Dynamic LinkerSanjiv Malik
 
10 implementing subprograms
10 implementing subprograms10 implementing subprograms
10 implementing subprogramsMunawar Ahmed
 

Recommended

Embedded c
Embedded cEmbedded c
Embedded cAmi Prakash
 
Linker and loader upload
Linker and loader uploadLinker and loader upload
Linker and loader uploadBin Yang
 
loaders and linkers
loaders and linkers loaders and linkers
loaders and linkersTemesgen Molla
 
Introduction to systems programming
Introduction to systems programmingIntroduction to systems programming
Introduction to systems programmingMukesh Tekwani
 
Hs P005 Reflective Dll Injection
Hs P005 Reflective Dll InjectionHs P005 Reflective Dll Injection
Hs P005 Reflective Dll InjectionKarlFrank99
 
Compilation
CompilationCompilation
CompilationDavid Halliday
 
Dynamic Linker
Dynamic LinkerDynamic Linker
Dynamic LinkerSanjiv Malik
 
10 implementing subprograms
10 implementing subprograms10 implementing subprograms
10 implementing subprogramsMunawar Ahmed
 
System verilog important
System verilog importantSystem verilog important
System verilog importantelumalai7
 
Loaders ( system programming )
Loaders ( system programming ) Loaders ( system programming )
Loaders ( system programming ) Adarsh Patel
 
Compiler Design Material
Compiler Design MaterialCompiler Design Material
Compiler Design MaterialDr. C.V. Suresh Babu
 
Chapter One
Chapter OneChapter One
Chapter Onebolovv
 
Linking in MS-Dos System
Linking in MS-Dos SystemLinking in MS-Dos System
Linking in MS-Dos SystemSatyamevjayte Haxor
 
Loaders and Linkers
Loaders and LinkersLoaders and Linkers
Loaders and Linkerskunj desai
 
Loader and Its types
Loader and Its typesLoader and Its types
Loader and Its typesParth Dodiya
 
Compiler unit 1
Compiler unit 1Compiler unit 1
Compiler unit 1BBDITM LUCKNOW
 
System verilog control flow
System verilog control flowSystem verilog control flow
System verilog control flowPushpa Yakkala
 
Loaders
LoadersLoaders
LoadersMohd Arif
 
Linux Internals - Interview essentials - 1.0
Linux Internals - Interview essentials - 1.0Linux Internals - Interview essentials - 1.0
Linux Internals - Interview essentials - 1.0Emertxe Information Technologies Pvt Ltd
 
Linux binary analysis and exploitation
Linux binary analysis and exploitationLinux binary analysis and exploitation
Linux binary analysis and exploitationDharmalingam Ganesan
 
Lecture 01 introduction to compiler
Lecture 01 introduction to compilerLecture 01 introduction to compiler
Lecture 01 introduction to compilerIffat Anjum
 
LD_PRELOAD Exploitation - DC9723
LD_PRELOAD Exploitation - DC9723LD_PRELOAD Exploitation - DC9723
LD_PRELOAD Exploitation - DC9723Iftach Ian Amit
 
Linkers And Loaders
Linkers And LoadersLinkers And Loaders
Linkers And LoadersSatpal Parmar
 
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCUpgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCFPGA Central
 
How to Connect SystemVerilog with Octave
How to Connect SystemVerilog with OctaveHow to Connect SystemVerilog with Octave
How to Connect SystemVerilog with OctaveAmiq Consulting
 
Embedded C - Lecture 1
Embedded C - Lecture 1Embedded C - Lecture 1
Embedded C - Lecture 1Mohamed Abdallah
 
The compilation process
The compilation processThe compilation process
The compilation processAlexander Bollbach
 
Session 9 advance_verification_features
Session 9 advance_verification_featuresSession 9 advance_verification_features
Session 9 advance_verification_featuresNirav Desai
 
In the lands of corrupted elves - Breaking ELF software with Melkor fuzzer
In the lands of corrupted elves - Breaking ELF software with Melkor fuzzerIn the lands of corrupted elves - Breaking ELF software with Melkor fuzzer
In the lands of corrupted elves - Breaking ELF software with Melkor fuzzerAlejandro Hernández
 
Linkers in compiler
Linkers in compilerLinkers in compiler
Linkers in compilerAsaad Al-nour
 

More Related Content

What's hot

System verilog important
System verilog importantSystem verilog important
System verilog importantelumalai7
 
Loaders ( system programming )
Loaders ( system programming ) Loaders ( system programming )
Loaders ( system programming ) Adarsh Patel
 
Chapter One
Chapter OneChapter One
Chapter Onebolovv
 
Loaders and Linkers
Loaders and LinkersLoaders and Linkers
Loaders and Linkerskunj desai
 
Loader and Its types
Loader and Its typesLoader and Its types
Loader and Its typesParth Dodiya
 
System verilog control flow
System verilog control flowSystem verilog control flow
System verilog control flowPushpa Yakkala
 
Linux binary analysis and exploitation
Linux binary analysis and exploitationLinux binary analysis and exploitation
Linux binary analysis and exploitationDharmalingam Ganesan
 
Lecture 01 introduction to compiler
Lecture 01 introduction to compilerLecture 01 introduction to compiler
Lecture 01 introduction to compilerIffat Anjum
 
LD_PRELOAD Exploitation - DC9723
LD_PRELOAD Exploitation - DC9723LD_PRELOAD Exploitation - DC9723
LD_PRELOAD Exploitation - DC9723Iftach Ian Amit
 
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCUpgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCFPGA Central
 
How to Connect SystemVerilog with Octave
How to Connect SystemVerilog with OctaveHow to Connect SystemVerilog with Octave
How to Connect SystemVerilog with OctaveAmiq Consulting
 
Session 9 advance_verification_features
Session 9 advance_verification_featuresSession 9 advance_verification_features
Session 9 advance_verification_featuresNirav Desai
 

What's hot (20)

System verilog important
System verilog importantSystem verilog important
System verilog important
 
Loaders ( system programming )
Loaders ( system programming ) Loaders ( system programming )
Loaders ( system programming )
 
Compiler Design Material
Compiler Design MaterialCompiler Design Material
Compiler Design Material
 
Chapter One
Chapter OneChapter One
Chapter One
 
Linking in MS-Dos System
Linking in MS-Dos SystemLinking in MS-Dos System
Linking in MS-Dos System
 
Loaders and Linkers
Loaders and LinkersLoaders and Linkers
Loaders and Linkers
 
Loader and Its types
Loader and Its typesLoader and Its types
Loader and Its types
 
Compiler unit 1
Compiler unit 1Compiler unit 1
Compiler unit 1
 
System verilog control flow
System verilog control flowSystem verilog control flow
System verilog control flow
 
Loaders
LoadersLoaders
Loaders
 
Linux Internals - Interview essentials - 1.0
Linux Internals - Interview essentials - 1.0Linux Internals - Interview essentials - 1.0
Linux Internals - Interview essentials - 1.0
 
Linux binary analysis and exploitation
Linux binary analysis and exploitationLinux binary analysis and exploitation
Linux binary analysis and exploitation
 
Lecture 01 introduction to compiler
Lecture 01 introduction to compilerLecture 01 introduction to compiler
Lecture 01 introduction to compiler
 
LD_PRELOAD Exploitation - DC9723
LD_PRELOAD Exploitation - DC9723LD_PRELOAD Exploitation - DC9723
LD_PRELOAD Exploitation - DC9723
 
Linkers And Loaders
Linkers And LoadersLinkers And Loaders
Linkers And Loaders
 
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCUpgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
 
How to Connect SystemVerilog with Octave
How to Connect SystemVerilog with OctaveHow to Connect SystemVerilog with Octave
How to Connect SystemVerilog with Octave
 
Embedded C - Lecture 1
Embedded C - Lecture 1Embedded C - Lecture 1
Embedded C - Lecture 1
 
The compilation process
The compilation processThe compilation process
The compilation process
 
Session 9 advance_verification_features
Session 9 advance_verification_featuresSession 9 advance_verification_features
Session 9 advance_verification_features
 

Viewers also liked

In the lands of corrupted elves - Breaking ELF software with Melkor fuzzer
In the lands of corrupted elves - Breaking ELF software with Melkor fuzzerIn the lands of corrupted elves - Breaking ELF software with Melkor fuzzer
In the lands of corrupted elves - Breaking ELF software with Melkor fuzzerAlejandro Hernández
 
[2007 CodeEngn Conference 01] seaofglass - Linux Virus Analysis
[2007 CodeEngn Conference 01] seaofglass - Linux Virus Analysis[2007 CodeEngn Conference 01] seaofglass - Linux Virus Analysis
[2007 CodeEngn Conference 01] seaofglass - Linux Virus AnalysisGangSeok Lee
 
LLVM Register Allocation (2nd Version)
LLVM Register Allocation (2nd Version)LLVM Register Allocation (2nd Version)
LLVM Register Allocation (2nd Version)Wang Hsiangkai
 
GNU gettext簡介 - 以C語言為範例
GNU gettext簡介 - 以C語言為範例GNU gettext簡介 - 以C語言為範例
GNU gettext簡介 - 以C語言為範例Wen Liao
 
A hands-on introduction to the ELF Object file format
A hands-on introduction to the ELF Object file formatA hands-on introduction to the ELF Object file format
A hands-on introduction to the ELF Object file formatrety61
 
SSA - PHI-functions Placements
SSA - PHI-functions PlacementsSSA - PHI-functions Placements
SSA - PHI-functions PlacementsWang Hsiangkai
 
Snapshots, Replication, and Boot-Environments by Kris Moore
Snapshots, Replication, and Boot-Environments by Kris Moore Snapshots, Replication, and Boot-Environments by Kris Moore
Snapshots, Replication, and Boot-Environments by Kris Moore eurobsdcon
 
Learn python in 20 minutes
Learn python in 20 minutesLearn python in 20 minutes
Learn python in 20 minutesSidharth Nadhan
 
Automatic tool for static analysis
Automatic tool for static analysisAutomatic tool for static analysis
Automatic tool for static analysisChong-Kuan Chen
 
LLVM Register Allocation
LLVM Register AllocationLLVM Register Allocation
LLVM Register AllocationWang Hsiangkai
 

Viewers also liked (20)

In the lands of corrupted elves - Breaking ELF software with Melkor fuzzer
In the lands of corrupted elves - Breaking ELF software with Melkor fuzzerIn the lands of corrupted elves - Breaking ELF software with Melkor fuzzer
In the lands of corrupted elves - Breaking ELF software with Melkor fuzzer
 
Linkers in compiler
Linkers in compilerLinkers in compiler
Linkers in compiler
 
[2007 CodeEngn Conference 01] seaofglass - Linux Virus Analysis
[2007 CodeEngn Conference 01] seaofglass - Linux Virus Analysis[2007 CodeEngn Conference 01] seaofglass - Linux Virus Analysis
[2007 CodeEngn Conference 01] seaofglass - Linux Virus Analysis
 
LLVM Register Allocation (2nd Version)
LLVM Register Allocation (2nd Version)LLVM Register Allocation (2nd Version)
LLVM Register Allocation (2nd Version)
 
GNU gettext簡介 - 以C語言為範例
GNU gettext簡介 - 以C語言為範例GNU gettext簡介 - 以C語言為範例
GNU gettext簡介 - 以C語言為範例
 
Smqa unit iii
Smqa unit iiiSmqa unit iii
Smqa unit iii
 
A hands-on introduction to the ELF Object file format
A hands-on introduction to the ELF Object file formatA hands-on introduction to the ELF Object file format
A hands-on introduction to the ELF Object file format
 
Intro reverse engineering
Intro reverse engineeringIntro reverse engineering
Intro reverse engineering
 
SSA - PHI-functions Placements
SSA - PHI-functions PlacementsSSA - PHI-functions Placements
SSA - PHI-functions Placements
 
Introduction to Perf
Introduction to PerfIntroduction to Perf
Introduction to Perf
 
Snapshots, Replication, and Boot-Environments by Kris Moore
Snapshots, Replication, and Boot-Environments by Kris Moore Snapshots, Replication, and Boot-Environments by Kris Moore
Snapshots, Replication, and Boot-Environments by Kris Moore
 
Insertion machine elevator buffer hewei
Insertion machine elevator buffer heweiInsertion machine elevator buffer hewei
Insertion machine elevator buffer hewei
 
Learn python in 20 minutes
Learn python in 20 minutesLearn python in 20 minutes
Learn python in 20 minutes
 
Smqa unit iv
Smqa unit iv Smqa unit iv
Smqa unit iv
 
Addios!
Addios!Addios!
Addios!
 
Automatic tool for static analysis
Automatic tool for static analysisAutomatic tool for static analysis
Automatic tool for static analysis
 
Security events in 2014
Security events in 2014Security events in 2014
Security events in 2014
 
LLVM Register Allocation
LLVM Register AllocationLLVM Register Allocation
LLVM Register Allocation
 
ELF 101
ELF 101ELF 101
ELF 101
 
GCC GENERIC
GCC GENERICGCC GENERIC
GCC GENERIC
 

Similar to bh-europe-01-clowes

Os7 2
Os7 2Os7 2
Os7 2issbp
 
Purdue CS354 Operating Systems 2008
Purdue CS354 Operating Systems 2008Purdue CS354 Operating Systems 2008
Purdue CS354 Operating Systems 2008guestd9065
 
Ppt project process migration
Ppt project process migrationPpt project process migration
Ppt project process migrationjaya380
 
The Role Of The Cpu
The Role Of The CpuThe Role Of The Cpu
The Role Of The Cpugavhays
 
Address Binding Scheme
Address Binding SchemeAddress Binding Scheme
Address Binding SchemeRajesh Piryani
 
Introduction to node.js
Introduction to node.jsIntroduction to node.js
Introduction to node.jsSu Zin Kyaw
 
IntelliJ IDEA Architecture and Performance
IntelliJ IDEA Architecture and PerformanceIntelliJ IDEA Architecture and Performance
IntelliJ IDEA Architecture and Performanceintelliyole
 
brief intro to Linux device drivers
brief intro to Linux device driversbrief intro to Linux device drivers
brief intro to Linux device driversAlexandre Moreno
 
ISI work
ISI workISI work
ISI workdgarijo
 
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...CODE BLUE
 
embeddedc-lecture1-160404055102.pptx
embeddedc-lecture1-160404055102.pptxembeddedc-lecture1-160404055102.pptx
embeddedc-lecture1-160404055102.pptxsangeetaSS
 
Operating System Chapter 4 Multithreaded programming
Operating System Chapter 4 Multithreaded programmingOperating System Chapter 4 Multithreaded programming
Operating System Chapter 4 Multithreaded programmingguesta40f80
 
Whirlwind tour of the Runtime Dynamic Linker
Whirlwind tour of the Runtime Dynamic LinkerWhirlwind tour of the Runtime Dynamic Linker
Whirlwind tour of the Runtime Dynamic LinkerGonçalo Gomes
 
Play framework : A Walkthrough
Play framework : A WalkthroughPlay framework : A Walkthrough
Play framework : A Walkthroughmitesh_sharma
 
DLL Tutor maXbox starter28
DLL Tutor maXbox starter28DLL Tutor maXbox starter28
DLL Tutor maXbox starter28Max Kleiner
 

Similar to bh-europe-01-clowes (20)

Os7 2
Os7 2Os7 2
Os7 2
 
Purdue CS354 Operating Systems 2008
Purdue CS354 Operating Systems 2008Purdue CS354 Operating Systems 2008
Purdue CS354 Operating Systems 2008
 
Ppt project process migration
Ppt project process migrationPpt project process migration
Ppt project process migration
 
The Role Of The Cpu
The Role Of The CpuThe Role Of The Cpu
The Role Of The Cpu
 
Address Binding Scheme
Address Binding SchemeAddress Binding Scheme
Address Binding Scheme
 
Introduction to node.js
Introduction to node.jsIntroduction to node.js
Introduction to node.js
 
IntelliJ IDEA Architecture and Performance
IntelliJ IDEA Architecture and PerformanceIntelliJ IDEA Architecture and Performance
IntelliJ IDEA Architecture and Performance
 
brief intro to Linux device drivers
brief intro to Linux device driversbrief intro to Linux device drivers
brief intro to Linux device drivers
 
ISI work
ISI workISI work
ISI work
 
Windows Kernel-
Windows Kernel-Windows Kernel-
Windows Kernel-
 
Mach-O Internals
Mach-O InternalsMach-O Internals
Mach-O Internals
 
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...
 
embeddedc-lecture1-160404055102.pptx
embeddedc-lecture1-160404055102.pptxembeddedc-lecture1-160404055102.pptx
embeddedc-lecture1-160404055102.pptx
 
Mc7404 np final
Mc7404 np finalMc7404 np final
Mc7404 np final
 
Design
DesignDesign
Design
 
Operating System Chapter 4 Multithreaded programming
Operating System Chapter 4 Multithreaded programmingOperating System Chapter 4 Multithreaded programming
Operating System Chapter 4 Multithreaded programming
 
Whirlwind tour of the Runtime Dynamic Linker
Whirlwind tour of the Runtime Dynamic LinkerWhirlwind tour of the Runtime Dynamic Linker
Whirlwind tour of the Runtime Dynamic Linker
 
Play framework : A Walkthrough
Play framework : A WalkthroughPlay framework : A Walkthrough
Play framework : A Walkthrough
 
DLL Tutor maXbox starter28
DLL Tutor maXbox starter28DLL Tutor maXbox starter28
DLL Tutor maXbox starter28
 
Readme
ReadmeReadme
Readme
 

Recently uploaded

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 

Recently uploaded (20)

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 

bh-europe-01-clowes

  • 1. injectso Modifying and Spying on running processes under Linux and Solaris Shaun Clowes – shaun@securereality.com.au
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 24.
  • 25. ELF Linking View – Important Sections Procedure linkage table .plt String tables .strtab, .dynstr Relocations for section x .rel.<x> Code .text Symbols (static/dynamic) .symtab, .dynsym Dynamic linking information .dynamic Requested Dynamic linker .interp
  • 26.
  • 27.
  • 28. ELF Loading View – Segment Types Segment loaded into memory LOAD Dynamic linking information DYNAMIC Dynamic linker for this executable INTERP
  • 29. ELF ‘Views’ - Linking to Loading
  • 30.
  • 31.
  • 32.
  • 33. Dynamic Segment Record Tags Name of a required shared library DT_NEEDED Pointer to debugging information from dynamic linker DT_DEBUG Address of relocation entries associated with the PLT DT_JMPREL
  • 34.
  • 35.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44. Binary Patching – Adding a Segment
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55.
  • 56.
  • 57.
  • 58.
  • 59. Dynamic Loader Tricks – Process View
  • 60.
  • 61.
  • 62.
  • 63.
  • 64.
  • 65.
  • 66.
  • 67.
  • 68. injectso - End Part 1 Questions?
  • 70.
  • 71.
  • 72.
  • 73.
  • 74.
  • 75.
  • 76.
  • 77.
  • 78.
  • 79.
  • 80.
  • 81.
  • 82.
  • 83.
  • 84.
  • 85.
  • 86.
  • 87. Step 2. Locating Library Functions
  • 88.
  • 89.
  • 90.
  • 91.
  • 92.
  • 93.
  • 94.
  • 95.
  • 96.
  • 97.
  • 98.
  • 99.
  • 100.
  • 101.
  • 102.
  • 103.
  • 104.
  • 105. Intercept.o – Intercepting Function Calls
  • 106.
  • 107.
  • 108.
  • 109.
  • 110.
  • 111.
  • 112.
  • 113.
  • 114.
  • 115.
  • 116.
  • 117.