本文介绍了无论如何,都要附加到流程的地图,同时让您的文件隐藏在地图中的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
input =$(
sudo gdb -n -q -batch-silent \
-exset logging on\
-exset logging file / dev / null\
-ex设置日志记录重定向到\
-exattach $ PID\
-exset \ $ dlopen =(void *(*)(char *,int))dlopen\
-excall \ $ dlopen(\/ $ filename \,1)\
-exdetach\
-exquit
)
基本上我想把我的文件$ filename附加到$ PID中,但是我不想让$ PID知道$ filename在它的映射中?我将如何做到这一点
解决方案
这并不容易:进程发现其中包含 $ filename 的方法太多了地址空间:
阅读这些文件:
/ proc / $ pid / maps
/ proc / $ pid / task / $ tid / maps
功能:
dl_iterate_phdr
dladdr
阅读这些全局变量:
_DYNAMIC [] / *指向_r_debug * /
_r_debug.r_map / *指向DSO的链接列表* /
方式也是如此。你会有所有这些意见,或者这个过程可能会发现你的诡计。
input="$(
sudo gdb -n -q -batch-silent \
-ex "set logging on" \
-ex "set logging file /dev/null" \
-ex "set logging redirect on" \
-ex "attach $PID" \
-ex "set \$dlopen = (void*(*)(char*, int)) dlopen" \
-ex "call \$dlopen(\"/$filename\", 1)" \
-ex "detach" \
-ex "quit"
)"
basically I want to attach my file $filename into $PID but I dont want $PID to know that $filename is in its maps? How would I do that
解决方案
That isn't easy: there are too many ways for a process to discover that $filename is in its address space:
Read these files:
/proc/$pid/maps
/proc/$pid/task/$tid/maps
Call these functions:
dl_iterate_phdr
dladdr
Read these global variables:
_DYNAMIC[] /* points to _r_debug */
_r_debug.r_map /* points to linked list of DSOs */
There are probably other ways as well. You'll have intecept all of these, or the process may discover your ruse.
这篇关于无论如何,都要附加到流程的地图,同时让您的文件隐藏在地图中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!