参考网上文章:http://www.freebuf.com/articles/system/6388.html
按照文章,实现了代码的动态注入,即对一个正在运行的进程,在不重启的情况下执行一段不在原程序内的代码。
我的实验环境:
Ubuntu 14.10系统
1.Makefile编译:
ALL:
gcc -g -Wall dynlib.c -fPIC -shared -o libdynlib.so
gcc app.c -g -o app -ldynlib -L./
gcc -Wall injection.c -c -o injection.o
CLEAN:
rm -f libdynlib.so
2.我的实验记录:
gdb) call open("injection.o",2)
$2 = 3
(gdb) call mmap(0, 1056, 1|2|4, 1, 3, 0)
$3 = -1216774144
(gdb) p &print
$4 = (void (*)()) 0xb7782575 <print>
(gdb) p /x *0x0804a010
$5 = 0xb7782575
(gdb) p /x *0x08
Cannot access memory at address 0x8
(gdb) p /x *0x0804a010
$6 = 0xb7782575
(gdb) p /x *0x0804a010
$7 = 0xb7782575
(gdb) set *0x0804a010 = 0xb7798000 + 0x000034
(gdb) p &system
$8 = (<text variable, no debug info> *) 0xb7612770 <__libc_system>
(gdb) p *(0xb7798000 + 0x000034 + 0x00000014)
$9 = -4
(gdb) set *(0xb7798000 + 0x000034 + 0x00000014) = 0xb7612770 - (0xb7798000 + 0x000034 + 0x00000014) - 4
(gdb) p &print
$10 = (void (*)()) 0xb7782575 <print>
(gdb) p *(0xb7798000 + 0x000034 + 00000007)
$11 = -4
(gdb) set *(0xb7798000 + 0x000034 + 00000007) = 0xb7782575 - (0xb7798000 + 0x000034 + 00000007) - 4
(gdb) p *(0xb7798000 + 0x000034 + 0x0000000f)
$12 = 0
(gdb) set *(0xb7798000 + 0x000034 + 0x0000000f) = 0xb7798000 + 0x000051
(gdb)