B
bingbang
Hi all,
Beginner here. I am trying to figure out how to modify a running
process on a linux system using Python.
Example: I have a python program that takes in as an argument a PID.
My goal is to use this PID and get info about the running process with
that PID. (1) Find where it is located in memory (2) Where is the
instruction pointer (3) Modify the program such that the next executed
instruction is something else (4) Return the pointer back to the next
legitimate instruction (5) Let the original process execute as it
should have
I am trying to develop a POC to show how a small piece of code can be
injected into a running process to just print 'hello' to stdout and
not disturb the rest of the process. Before you tear you hair out. The
program I want to "infect" will be an infinite loop with a sleep in it
and the "malware" will be a " print 'infected' " kind of program. Not
looking to do anything malicious, just trying to learn.
I looked up trace and some other modules but they all seem to do with
following the currently executing python process. Also looked at
pyhook, but its mainly to trap signals from keyboards etc.. Looked at
gray hat python - tuned towards windows.
Can anyone please point me to some modules that might be useful, or
some code samples. I tried googling for "python inspect process PID"
etc.. did not get anything very useful. I know I can run gdb -a pid
from within python and such but I am looking for a non os.popen ish
kind of a way. Is there a module that will be helpful.
Let's assume I have sudo/root privileges and that the POC code "only
needs to work in linux".
Any help is very appreciated.
[Also posted on StackOverflow] - no real good leads from there
Thanks!
Beginner here. I am trying to figure out how to modify a running
process on a linux system using Python.
Example: I have a python program that takes in as an argument a PID.
My goal is to use this PID and get info about the running process with
that PID. (1) Find where it is located in memory (2) Where is the
instruction pointer (3) Modify the program such that the next executed
instruction is something else (4) Return the pointer back to the next
legitimate instruction (5) Let the original process execute as it
should have
I am trying to develop a POC to show how a small piece of code can be
injected into a running process to just print 'hello' to stdout and
not disturb the rest of the process. Before you tear you hair out. The
program I want to "infect" will be an infinite loop with a sleep in it
and the "malware" will be a " print 'infected' " kind of program. Not
looking to do anything malicious, just trying to learn.
I looked up trace and some other modules but they all seem to do with
following the currently executing python process. Also looked at
pyhook, but its mainly to trap signals from keyboards etc.. Looked at
gray hat python - tuned towards windows.
Can anyone please point me to some modules that might be useful, or
some code samples. I tried googling for "python inspect process PID"
etc.. did not get anything very useful. I know I can run gdb -a pid
from within python and such but I am looking for a non os.popen ish
kind of a way. Is there a module that will be helpful.
Let's assume I have sudo/root privileges and that the POC code "only
needs to work in linux".
Any help is very appreciated.
[Also posted on StackOverflow] - no real good leads from there
Thanks!