- Learning Linux Binary Analysis
- Ryan “elfmaster” O'Neill
- 234字
- 2021-07-16 12:56:54
Chapter 3. Linux Process Tracing
In the last chapter, we covered the internals of the ELF
format and explained its internal workings. In Linux and other Unix-flavored OSes that use ELF
, the ptrace
system call goes hand in glove with analyzing, debugging, reverse engineering, and modifying programs that use the ELF
format. The ptrace
system call is used to attach to a process and access the entire range of code, data, stack, heap, and registers.
Since an ELF
program is completely mapped in a process address space, you can attach to the process and parse or modify the ELF
image very similarly to how you would do this with the actual ELF
file on disk. The primary difference is that we use ptrace
to access the program instead of using the open/mmap/read/write
calls that would be used for the ELF
file.
With ptrace
, we can have full control over a program's execution flow, which means that we can do some very interesting things, ranging from memory virus infection and virus analysis/detection to userland memory rootkits, advanced debugging tasks, hotpatching, and reverse engineering. Since we have entire chapters in this book dedicated to some of these tasks, we will not cover each of these in depth just yet. Instead, I will provide a primer for you to learn about some of the basic functionality of ptrace
and how it is used by hackers.
- Learning Scala Programming
- 高手是如何做產(chǎn)品設(shè)計的(全2冊)
- JSP網(wǎng)絡(luò)編程(學(xué)習(xí)筆記)
- Mastering OpenCV Android Application Programming
- 算法大爆炸:面試通關(guān)步步為營
- GeoServer Beginner's Guide(Second Edition)
- Unity Game Development Scripting
- Windows內(nèi)核編程
- Express Web Application Development
- 軟件供應(yīng)鏈安全:源代碼缺陷實例剖析
- 零基礎(chǔ)學(xué)Kotlin之Android項目開發(fā)實戰(zhàn)
- HTML+CSS+JavaScript網(wǎng)頁制作:從入門到精通(第4版)
- Android Studio開發(fā)實戰(zhàn):從零基礎(chǔ)到App上線 (移動開發(fā)叢書)
- 你真的會寫代碼嗎
- Python GUI Programming Cookbook(Second Edition)