SlideShare a Scribd company logo

bh-europe-01-clowes

Download as PPT, PDF
G
guest3e5046
TechnologyEducation
1 of 117
injectso Modifying and Spying on running processes under Linux and Solaris Shaun Clowes – shaun@securereality.com.au
Overview – Part 1 ,[object Object],[object Object],[object Object],[object Object]
Overview – Part 2 ,[object Object],[object Object],[object Object],[object Object],[object Object]
Introduction to InjLib ,[object Object],[object Object],[object Object],[object Object],[object Object]
InjLib ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
InjLib – Basic Process ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
InjLib – Step 1 ,[object Object],[object Object],[object Object],[object Object]
InjLib – Step 1 ,[object Object],[object Object],[object Object]
InjLib – Step 1 ,[object Object],[object Object],[object Object],[object Object]
InjLib – Step 2 ,[object Object],[object Object],[object Object],[object Object]
InjLib – Step 3 ,[object Object],[object Object],[object Object],[object Object],[object Object]
InjLib – Step 4 ,[object Object],[object Object],[object Object],[object Object]
InjLib – Step 5 ,[object Object],[object Object],[object Object],[object Object],[object Object]
InjLib – Step 6 ,[object Object],[object Object]
InjLib – Result ,[object Object],[object Object],[object Object],[object Object]
InjLib – What next? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Introduction to injectso ,[object Object],[object Object],[object Object],[object Object]
Modifying Programs/Processes ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Modifying Programs/Processes under Unix ,[object Object],[object Object],[object Object],[object Object]
Breakdown of ELF ,[object Object],[object Object],[object Object],[object Object],[object Object]
Breakdown of ELF ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
ELF ‘Views’ ,[object Object],[object Object],[object Object]
ELF ‘Views’ – Split
ELF Linking View ,[object Object],[object Object],[object Object],[object Object],[object Object]
ELF Linking View – Important Sections Procedure linkage table .plt String tables .strtab, .dynstr Relocations for section x .rel.<x> Code .text Symbols (static/dynamic) .symtab, .dynsym Dynamic linking information .dynamic Requested Dynamic linker .interp
ELF Linking View ,[object Object],[object Object],[object Object],[object Object]
ELF Loading View ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
ELF Loading View – Segment Types Segment loaded into memory LOAD Dynamic linking information DYNAMIC Dynamic linker for this executable INTERP
ELF ‘Views’ - Linking to Loading
ELF Loading View ,[object Object],[object Object]
Loading and Executing an ELF Executable ,[object Object],[object Object],[object Object],[object Object]
The Dynamic Section/Segment ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Dynamic Segment Record Tags Name of a required shared library DT_NEEDED Pointer to debugging information from dynamic linker DT_DEBUG Address of relocation entries associated with the PLT DT_JMPREL
Loading and Executing an ELF Executable ,[object Object],[object Object],[object Object],[object Object]
The Procedure Linkage Table ,[object Object],[object Object],[object Object],[object Object],[object Object]
The Procedure Linkage Table
The Procedure Linkage Table ,[object Object],[object Object]
Dynamic Symbols/Relocations ,[object Object],[object Object],[object Object]
The Global Offset Table ,[object Object],[object Object],[object Object],[object Object],[object Object]
DT_DEBUG Record ,[object Object],[object Object],[object Object],[object Object],[object Object]
Binary Patching ,[object Object],[object Object],[object Object],[object Object]
Binary Patching – Inserting Code ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Binary Patching – Inserting Code ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Binary Patching – Adding a Segment
Binary Patching – Patch what? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Binary Patching - Demo ,[object Object]
Binary Patching - Advantages ,[object Object],[object Object],[object Object],[object Object]
Binary Patching - Disadvantages ,[object Object],[object Object],[object Object],[object Object],[object Object]
Binary Patching - Disadvantages ,[object Object],[object Object],[object Object],[object Object]
In Core Patching ,[object Object],[object Object]
In Core Patching ,[object Object],[object Object],[object Object]
In Core Patching ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
In Core Patching ,[object Object],[object Object]
In Core Patching - Demo ,[object Object]
In Core Patching - Advantages ,[object Object],[object Object],[object Object],[object Object]
In Core Patching - Disadvantages ,[object Object],[object Object],[object Object],[object Object]
Dynamic Loader Environment ,[object Object],[object Object],[object Object],[object Object]
Dynamic Loader Tricks ,[object Object],[object Object],[object Object]
Dynamic Loader Tricks – Process View
Dynamic Linker Tricks - Resolution ,[object Object],[object Object],[object Object],[object Object],[object Object]
Dynamic Linker – Function Call Interception ,[object Object],[object Object],[object Object]
Dynamic Linker – Getting in First ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Dynamic Linker – Getting in First ,[object Object],[object Object],[object Object]
Dynamic Linker – Calling Real Function ,[object Object],[object Object],[object Object],[object Object]
Dynamic Linker Tricks - Demo ,[object Object]
Dynamic Linker Tricks - Advantages ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Dynamic Linker Tricks - Disadvantages ,[object Object],[object Object],[object Object],[object Object],[object Object]
injectso - End Part 1 Questions?
injectso - Part 2
Re-Overview – Part 2 ,[object Object],[object Object],[object Object],[object Object],[object Object]
injectso Teaser ,[object Object],[object Object],[object Object]
injectso – Simple Demo ,[object Object]
injectso Vs InjLib ,[object Object],[object Object],[object Object]
injectso Vs Injlib ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
injectso Vs Injlib ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
injectso – Conceptual Steps ,[object Object],[object Object]
injectso – Conceptual Steps ,[object Object],[object Object],[object Object],[object Object],[object Object]
Step 1. Attaching to Process ,[object Object],[object Object],[object Object],[object Object],[object Object]
Step 1. Attaching to Process ,[object Object],[object Object],[object Object],[object Object],[object Object]
Step 2. Library Open Functions ,[object Object],[object Object],[object Object],[object Object]
Step 2. Library Open Functions ,[object Object],[object Object],[object Object]
Step 2. Library Open Functions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Step 2. Library Open Functions ,[object Object]
Step 2. Locating Library Functions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Step 2. Locating Library Functions ,[object Object],[object Object],[object Object]
Step 2. Locating Library Functions ,[object Object],[object Object],[object Object],[object Object],[object Object]
Step 2. Locating Library Functions
Step 3. Calling the Loader Routine ,[object Object],[object Object],[object Object]
Step 3. Calling the Loader Routine ,[object Object],[object Object],[object Object],[object Object],[object Object]
Step 3a. Syscall Interruption ,[object Object],[object Object],[object Object],[object Object]
Step 3a. Syscall Interruption ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Step 3a. Syscall Interruption ,[object Object],[object Object],[object Object],[object Object],[object Object]
Step 3a. Syscall Interruption ,[object Object],[object Object],[object Object],[object Object]
Step 3a. Syscall Interruption ,[object Object],[object Object],[object Object]
Step 3b. Calling Function ,[object Object],[object Object],[object Object],[object Object],[object Object]
Step 3b. Calling Function ,[object Object],[object Object],[object Object],[object Object]
Step 3b. Calling Function ,[object Object],[object Object],[object Object],[object Object],[object Object]
Step 3b. Calling Function ,[object Object],[object Object],[object Object],[object Object],[object Object]
injectso - Success ,[object Object],[object Object],[object Object]
injectso - Demo ,[object Object]
injectso – Issues ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
injectso – What next? ,[object Object],[object Object],[object Object],[object Object]
injectso – User Function Call ,[object Object],[object Object],[object Object],[object Object],[object Object]
Intercept.o – Intercepting Function Calls ,[object Object],[object Object],[object Object],[object Object]
Intercept.o – Intercepting Function Calls
Intercept.o – Intercepting Function Calls ,[object Object],[object Object],[object Object]
injectso – Demo - Interception ,[object Object]
injectso – Protecting Applications ,[object Object],[object Object],[object Object]
injectso – Demo - Protection ,[object Object]
injectso – Subverting Applications ,[object Object],[object Object],[object Object]
injectso – Demo - Subversion ,[object Object]
injectso - Advantages ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
injectso – Advantages ,[object Object],[object Object],[object Object],[object Object]
injectso - Disadvantages ,[object Object],[object Object]
Protecting against injectso ,[object Object],[object Object],[object Object],[object Object]
injectso – The Future ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Thank you for listening! ,[object Object],[object Object],[object Object],[object Object],[object Object]

Recommended

Embedded c
Embedded cEmbedded c
Embedded cAmi Prakash
 
Linker and loader upload
Linker and loader uploadLinker and loader upload
Linker and loader uploadBin Yang
 
loaders and linkers
loaders and linkers loaders and linkers
loaders and linkersTemesgen Molla
 
Introduction to systems programming
Introduction to systems programmingIntroduction to systems programming
Introduction to systems programmingMukesh Tekwani
 
Hs P005 Reflective Dll Injection
Hs P005 Reflective Dll InjectionHs P005 Reflective Dll Injection
Hs P005 Reflective Dll InjectionKarlFrank99
 
Compilation
CompilationCompilation
CompilationDavid Halliday
 
Dynamic Linker
Dynamic LinkerDynamic Linker
Dynamic LinkerSanjiv Malik
 
10 implementing subprograms
10 implementing subprograms10 implementing subprograms
10 implementing subprogramsMunawar Ahmed
 

Recommended

Embedded c
Embedded cEmbedded c
Embedded cAmi Prakash
 
Linker and loader upload
Linker and loader uploadLinker and loader upload
Linker and loader uploadBin Yang
 
loaders and linkers
loaders and linkers loaders and linkers
loaders and linkersTemesgen Molla
 
Introduction to systems programming
Introduction to systems programmingIntroduction to systems programming
Introduction to systems programmingMukesh Tekwani
 
Hs P005 Reflective Dll Injection
Hs P005 Reflective Dll InjectionHs P005 Reflective Dll Injection
Hs P005 Reflective Dll InjectionKarlFrank99
 
Compilation
CompilationCompilation
CompilationDavid Halliday
 
Dynamic Linker
Dynamic LinkerDynamic Linker
Dynamic LinkerSanjiv Malik
 
10 implementing subprograms
10 implementing subprograms10 implementing subprograms
10 implementing subprogramsMunawar Ahmed
 
System verilog important
System verilog importantSystem verilog important
System verilog importantelumalai7
 
Loaders ( system programming )
Loaders ( system programming ) Loaders ( system programming )
Loaders ( system programming ) Adarsh Patel
 
Compiler Design Material
Compiler Design MaterialCompiler Design Material
Compiler Design MaterialDr. C.V. Suresh Babu
 
Chapter One
Chapter OneChapter One
Chapter Onebolovv
 
Linking in MS-Dos System
Linking in MS-Dos SystemLinking in MS-Dos System
Linking in MS-Dos SystemSatyamevjayte Haxor
 
Loaders and Linkers
Loaders and LinkersLoaders and Linkers
Loaders and Linkerskunj desai
 
Loader and Its types
Loader and Its typesLoader and Its types
Loader and Its typesParth Dodiya
 
Compiler unit 1
Compiler unit 1Compiler unit 1
Compiler unit 1BBDITM LUCKNOW
 
System verilog control flow
System verilog control flowSystem verilog control flow
System verilog control flowPushpa Yakkala
 
Loaders
LoadersLoaders
LoadersMohd Arif
 
Linux Internals - Interview essentials - 1.0
Linux Internals - Interview essentials - 1.0Linux Internals - Interview essentials - 1.0
Linux Internals - Interview essentials - 1.0Emertxe Information Technologies Pvt Ltd
 
Linux binary analysis and exploitation
Linux binary analysis and exploitationLinux binary analysis and exploitation
Linux binary analysis and exploitationDharmalingam Ganesan
 
Lecture 01 introduction to compiler
Lecture 01 introduction to compilerLecture 01 introduction to compiler
Lecture 01 introduction to compilerIffat Anjum
 
LD_PRELOAD Exploitation - DC9723
LD_PRELOAD Exploitation - DC9723LD_PRELOAD Exploitation - DC9723
LD_PRELOAD Exploitation - DC9723Iftach Ian Amit
 
Linkers And Loaders
Linkers And LoadersLinkers And Loaders
Linkers And LoadersSatpal Parmar
 
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCUpgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCFPGA Central
 
How to Connect SystemVerilog with Octave
How to Connect SystemVerilog with OctaveHow to Connect SystemVerilog with Octave
How to Connect SystemVerilog with OctaveAmiq Consulting
 
Embedded C - Lecture 1
Embedded C - Lecture 1Embedded C - Lecture 1
Embedded C - Lecture 1Mohamed Abdallah
 
The compilation process
The compilation processThe compilation process
The compilation processAlexander Bollbach
 
Session 9 advance_verification_features
Session 9 advance_verification_featuresSession 9 advance_verification_features
Session 9 advance_verification_featuresNirav Desai
 
In the lands of corrupted elves - Breaking ELF software with Melkor fuzzer
In the lands of corrupted elves - Breaking ELF software with Melkor fuzzerIn the lands of corrupted elves - Breaking ELF software with Melkor fuzzer
In the lands of corrupted elves - Breaking ELF software with Melkor fuzzerAlejandro Hernández
 
Linkers in compiler
Linkers in compilerLinkers in compiler
Linkers in compilerAsaad Al-nour
 

More Related Content

What's hot

System verilog important
System verilog importantSystem verilog important
System verilog importantelumalai7
 
Loaders ( system programming )
Loaders ( system programming ) Loaders ( system programming )
Loaders ( system programming ) Adarsh Patel
 
Chapter One
Chapter OneChapter One
Chapter Onebolovv
 
Loaders and Linkers
Loaders and LinkersLoaders and Linkers
Loaders and Linkerskunj desai
 
Loader and Its types
Loader and Its typesLoader and Its types
Loader and Its typesParth Dodiya
 
System verilog control flow
System verilog control flowSystem verilog control flow
System verilog control flowPushpa Yakkala
 
Linux binary analysis and exploitation
Linux binary analysis and exploitationLinux binary analysis and exploitation
Linux binary analysis and exploitationDharmalingam Ganesan
 
Lecture 01 introduction to compiler
Lecture 01 introduction to compilerLecture 01 introduction to compiler
Lecture 01 introduction to compilerIffat Anjum
 
LD_PRELOAD Exploitation - DC9723
LD_PRELOAD Exploitation - DC9723LD_PRELOAD Exploitation - DC9723
LD_PRELOAD Exploitation - DC9723Iftach Ian Amit
 
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCUpgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCFPGA Central
 
How to Connect SystemVerilog with Octave
How to Connect SystemVerilog with OctaveHow to Connect SystemVerilog with Octave
How to Connect SystemVerilog with OctaveAmiq Consulting
 
Session 9 advance_verification_features
Session 9 advance_verification_featuresSession 9 advance_verification_features
Session 9 advance_verification_featuresNirav Desai
 

What's hot (20)

System verilog important
System verilog importantSystem verilog important
System verilog important
 
Loaders ( system programming )
Loaders ( system programming ) Loaders ( system programming )
Loaders ( system programming )
 
Compiler Design Material
Compiler Design MaterialCompiler Design Material
Compiler Design Material
 
Chapter One
Chapter OneChapter One
Chapter One
 
Linking in MS-Dos System
Linking in MS-Dos SystemLinking in MS-Dos System
Linking in MS-Dos System
 
Loaders and Linkers
Loaders and LinkersLoaders and Linkers
Loaders and Linkers
 
Loader and Its types
Loader and Its typesLoader and Its types
Loader and Its types
 
Compiler unit 1
Compiler unit 1Compiler unit 1
Compiler unit 1
 
System verilog control flow
System verilog control flowSystem verilog control flow
System verilog control flow
 
Loaders
LoadersLoaders
Loaders
 
Linux Internals - Interview essentials - 1.0
Linux Internals - Interview essentials - 1.0Linux Internals - Interview essentials - 1.0
Linux Internals - Interview essentials - 1.0
 
Linux binary analysis and exploitation
Linux binary analysis and exploitationLinux binary analysis and exploitation
Linux binary analysis and exploitation
 
Lecture 01 introduction to compiler
Lecture 01 introduction to compilerLecture 01 introduction to compiler
Lecture 01 introduction to compiler
 
LD_PRELOAD Exploitation - DC9723
LD_PRELOAD Exploitation - DC9723LD_PRELOAD Exploitation - DC9723
LD_PRELOAD Exploitation - DC9723
 
Linkers And Loaders
Linkers And LoadersLinkers And Loaders
Linkers And Loaders
 
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCUpgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
 
How to Connect SystemVerilog with Octave
How to Connect SystemVerilog with OctaveHow to Connect SystemVerilog with Octave
How to Connect SystemVerilog with Octave
 
Embedded C - Lecture 1
Embedded C - Lecture 1Embedded C - Lecture 1
Embedded C - Lecture 1
 
The compilation process
The compilation processThe compilation process
The compilation process
 
Session 9 advance_verification_features
Session 9 advance_verification_featuresSession 9 advance_verification_features
Session 9 advance_verification_features
 

Viewers also liked

In the lands of corrupted elves - Breaking ELF software with Melkor fuzzer
In the lands of corrupted elves - Breaking ELF software with Melkor fuzzerIn the lands of corrupted elves - Breaking ELF software with Melkor fuzzer
In the lands of corrupted elves - Breaking ELF software with Melkor fuzzerAlejandro Hernández
 
[2007 CodeEngn Conference 01] seaofglass - Linux Virus Analysis
[2007 CodeEngn Conference 01] seaofglass - Linux Virus Analysis[2007 CodeEngn Conference 01] seaofglass - Linux Virus Analysis
[2007 CodeEngn Conference 01] seaofglass - Linux Virus AnalysisGangSeok Lee
 
LLVM Register Allocation (2nd Version)
LLVM Register Allocation (2nd Version)LLVM Register Allocation (2nd Version)
LLVM Register Allocation (2nd Version)Wang Hsiangkai
 
GNU gettext簡介 - 以C語言為範例
GNU gettext簡介 - 以C語言為範例GNU gettext簡介 - 以C語言為範例
GNU gettext簡介 - 以C語言為範例Wen Liao
 
A hands-on introduction to the ELF Object file format
A hands-on introduction to the ELF Object file formatA hands-on introduction to the ELF Object file format
A hands-on introduction to the ELF Object file formatrety61
 
SSA - PHI-functions Placements
SSA - PHI-functions PlacementsSSA - PHI-functions Placements
SSA - PHI-functions PlacementsWang Hsiangkai
 
Snapshots, Replication, and Boot-Environments by Kris Moore
Snapshots, Replication, and Boot-Environments by Kris Moore Snapshots, Replication, and Boot-Environments by Kris Moore
Snapshots, Replication, and Boot-Environments by Kris Moore eurobsdcon
 
Learn python in 20 minutes
Learn python in 20 minutesLearn python in 20 minutes
Learn python in 20 minutesSidharth Nadhan
 
Automatic tool for static analysis
Automatic tool for static analysisAutomatic tool for static analysis
Automatic tool for static analysisChong-Kuan Chen
 
LLVM Register Allocation
LLVM Register AllocationLLVM Register Allocation
LLVM Register AllocationWang Hsiangkai
 

Viewers also liked (20)

In the lands of corrupted elves - Breaking ELF software with Melkor fuzzer
In the lands of corrupted elves - Breaking ELF software with Melkor fuzzerIn the lands of corrupted elves - Breaking ELF software with Melkor fuzzer
In the lands of corrupted elves - Breaking ELF software with Melkor fuzzer
 
Linkers in compiler
Linkers in compilerLinkers in compiler
Linkers in compiler
 
[2007 CodeEngn Conference 01] seaofglass - Linux Virus Analysis
[2007 CodeEngn Conference 01] seaofglass - Linux Virus Analysis[2007 CodeEngn Conference 01] seaofglass - Linux Virus Analysis
[2007 CodeEngn Conference 01] seaofglass - Linux Virus Analysis
 
LLVM Register Allocation (2nd Version)
LLVM Register Allocation (2nd Version)LLVM Register Allocation (2nd Version)
LLVM Register Allocation (2nd Version)
 
GNU gettext簡介 - 以C語言為範例
GNU gettext簡介 - 以C語言為範例GNU gettext簡介 - 以C語言為範例
GNU gettext簡介 - 以C語言為範例
 
Smqa unit iii
Smqa unit iiiSmqa unit iii
Smqa unit iii
 
A hands-on introduction to the ELF Object file format
A hands-on introduction to the ELF Object file formatA hands-on introduction to the ELF Object file format
A hands-on introduction to the ELF Object file format
 
Intro reverse engineering
Intro reverse engineeringIntro reverse engineering
Intro reverse engineering
 
SSA - PHI-functions Placements
SSA - PHI-functions PlacementsSSA - PHI-functions Placements
SSA - PHI-functions Placements
 
Introduction to Perf
Introduction to PerfIntroduction to Perf
Introduction to Perf
 
Snapshots, Replication, and Boot-Environments by Kris Moore
Snapshots, Replication, and Boot-Environments by Kris Moore Snapshots, Replication, and Boot-Environments by Kris Moore
Snapshots, Replication, and Boot-Environments by Kris Moore
 
Insertion machine elevator buffer hewei
Insertion machine elevator buffer heweiInsertion machine elevator buffer hewei
Insertion machine elevator buffer hewei
 
Learn python in 20 minutes
Learn python in 20 minutesLearn python in 20 minutes
Learn python in 20 minutes
 
Smqa unit iv
Smqa unit iv Smqa unit iv
Smqa unit iv
 
Addios!
Addios!Addios!
Addios!
 
Automatic tool for static analysis
Automatic tool for static analysisAutomatic tool for static analysis
Automatic tool for static analysis
 
Security events in 2014
Security events in 2014Security events in 2014
Security events in 2014
 
LLVM Register Allocation
LLVM Register AllocationLLVM Register Allocation
LLVM Register Allocation
 
ELF 101
ELF 101ELF 101
ELF 101
 
GCC GENERIC
GCC GENERICGCC GENERIC
GCC GENERIC
 

Similar to bh-europe-01-clowes

Os7 2
Os7 2Os7 2
Os7 2issbp
 
Purdue CS354 Operating Systems 2008
Purdue CS354 Operating Systems 2008Purdue CS354 Operating Systems 2008
Purdue CS354 Operating Systems 2008guestd9065
 
Ppt project process migration
Ppt project process migrationPpt project process migration
Ppt project process migrationjaya380
 
The Role Of The Cpu
The Role Of The CpuThe Role Of The Cpu
The Role Of The Cpugavhays
 
Address Binding Scheme
Address Binding SchemeAddress Binding Scheme
Address Binding SchemeRajesh Piryani
 
Introduction to node.js
Introduction to node.jsIntroduction to node.js
Introduction to node.jsSu Zin Kyaw
 
IntelliJ IDEA Architecture and Performance
IntelliJ IDEA Architecture and PerformanceIntelliJ IDEA Architecture and Performance
IntelliJ IDEA Architecture and Performanceintelliyole
 
brief intro to Linux device drivers
brief intro to Linux device driversbrief intro to Linux device drivers
brief intro to Linux device driversAlexandre Moreno
 
ISI work
ISI workISI work
ISI workdgarijo
 
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...CODE BLUE
 
embeddedc-lecture1-160404055102.pptx
embeddedc-lecture1-160404055102.pptxembeddedc-lecture1-160404055102.pptx
embeddedc-lecture1-160404055102.pptxsangeetaSS
 
Operating System Chapter 4 Multithreaded programming
Operating System Chapter 4 Multithreaded programmingOperating System Chapter 4 Multithreaded programming
Operating System Chapter 4 Multithreaded programmingguesta40f80
 
Whirlwind tour of the Runtime Dynamic Linker
Whirlwind tour of the Runtime Dynamic LinkerWhirlwind tour of the Runtime Dynamic Linker
Whirlwind tour of the Runtime Dynamic LinkerGonçalo Gomes
 
Play framework : A Walkthrough
Play framework : A WalkthroughPlay framework : A Walkthrough
Play framework : A Walkthroughmitesh_sharma
 
DLL Tutor maXbox starter28
DLL Tutor maXbox starter28DLL Tutor maXbox starter28
DLL Tutor maXbox starter28Max Kleiner
 

Similar to bh-europe-01-clowes (20)

Os7 2
Os7 2Os7 2
Os7 2
 
Purdue CS354 Operating Systems 2008
Purdue CS354 Operating Systems 2008Purdue CS354 Operating Systems 2008
Purdue CS354 Operating Systems 2008
 
Ppt project process migration
Ppt project process migrationPpt project process migration
Ppt project process migration
 
The Role Of The Cpu
The Role Of The CpuThe Role Of The Cpu
The Role Of The Cpu
 
Address Binding Scheme
Address Binding SchemeAddress Binding Scheme
Address Binding Scheme
 
Introduction to node.js
Introduction to node.jsIntroduction to node.js
Introduction to node.js
 
IntelliJ IDEA Architecture and Performance
IntelliJ IDEA Architecture and PerformanceIntelliJ IDEA Architecture and Performance
IntelliJ IDEA Architecture and Performance
 
brief intro to Linux device drivers
brief intro to Linux device driversbrief intro to Linux device drivers
brief intro to Linux device drivers
 
ISI work
ISI workISI work
ISI work
 
Windows Kernel-
Windows Kernel-Windows Kernel-
Windows Kernel-
 
Mach-O Internals
Mach-O InternalsMach-O Internals
Mach-O Internals
 
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...
 
embeddedc-lecture1-160404055102.pptx
embeddedc-lecture1-160404055102.pptxembeddedc-lecture1-160404055102.pptx
embeddedc-lecture1-160404055102.pptx
 
Mc7404 np final
Mc7404 np finalMc7404 np final
Mc7404 np final
 
Design
DesignDesign
Design
 
Operating System Chapter 4 Multithreaded programming
Operating System Chapter 4 Multithreaded programmingOperating System Chapter 4 Multithreaded programming
Operating System Chapter 4 Multithreaded programming
 
Whirlwind tour of the Runtime Dynamic Linker
Whirlwind tour of the Runtime Dynamic LinkerWhirlwind tour of the Runtime Dynamic Linker
Whirlwind tour of the Runtime Dynamic Linker
 
Play framework : A Walkthrough
Play framework : A WalkthroughPlay framework : A Walkthrough
Play framework : A Walkthrough
 
DLL Tutor maXbox starter28
DLL Tutor maXbox starter28DLL Tutor maXbox starter28
DLL Tutor maXbox starter28
 
Readme
ReadmeReadme
Readme
 

Recently uploaded

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 

Recently uploaded (20)

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 

bh-europe-01-clowes

  • 1. injectso Modifying and Spying on running processes under Linux and Solaris Shaun Clowes – shaun@securereality.com.au
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 24.
  • 25. ELF Linking View – Important Sections Procedure linkage table .plt String tables .strtab, .dynstr Relocations for section x .rel.<x> Code .text Symbols (static/dynamic) .symtab, .dynsym Dynamic linking information .dynamic Requested Dynamic linker .interp
  • 26.
  • 27.
  • 28. ELF Loading View – Segment Types Segment loaded into memory LOAD Dynamic linking information DYNAMIC Dynamic linker for this executable INTERP
  • 29. ELF ‘Views’ - Linking to Loading
  • 30.
  • 31.
  • 32.
  • 33. Dynamic Segment Record Tags Name of a required shared library DT_NEEDED Pointer to debugging information from dynamic linker DT_DEBUG Address of relocation entries associated with the PLT DT_JMPREL
  • 34.
  • 35.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44. Binary Patching – Adding a Segment
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55.
  • 56.
  • 57.
  • 58.
  • 59. Dynamic Loader Tricks – Process View
  • 60.
  • 61.
  • 62.
  • 63.
  • 64.
  • 65.
  • 66.
  • 67.
  • 68. injectso - End Part 1 Questions?
  • 70.
  • 71.
  • 72.
  • 73.
  • 74.
  • 75.
  • 76.
  • 77.
  • 78.
  • 79.
  • 80.
  • 81.
  • 82.
  • 83.
  • 84.
  • 85.
  • 86.
  • 87. Step 2. Locating Library Functions
  • 88.
  • 89.
  • 90.
  • 91.
  • 92.
  • 93.
  • 94.
  • 95.
  • 96.
  • 97.
  • 98.
  • 99.
  • 100.
  • 101.
  • 102.
  • 103.
  • 104.
  • 105. Intercept.o – Intercepting Function Calls
  • 106.
  • 107.
  • 108.
  • 109.
  • 110.
  • 111.
  • 112.
  • 113.
  • 114.
  • 115.
  • 116.
  • 117.