官术网_书友最值得收藏!

  • Learning Linux Binary Analysis
  • Ryan “elfmaster” O'Neill
  • 160字
  • 2021-07-16 12:56:54

The importance of ptrace

In Linux, the ptrace(2) system call is the userland means of accessing a process address space. This means that someone can attach to a process that they own and modify, analyze, reverse, and debug it. Well-known debugging and analysis applications such as gdb, strace, and ltrace are ptrace assisted applications. The ptrace command is very useful for both reverse engineers and malware authors.

It gives a programmer the ability to attach to a process and modify the memory, which can include injecting code and modifying important data structures such as the Global Offset Table (GOT) for shared library redirection. In this section, we will cover the most commonly used features of ptrace, demonstrate memory infection from the attacker's side, and process analysis by writing a program to reconstruct a process image back into an executable. If you have never used ptrace, then you will see that you have been missing out on a lot of fun!

主站蜘蛛池模板: 普洱| 贞丰县| 中宁县| 五大连池市| 布拖县| 塘沽区| 松溪县| 耒阳市| 陆丰市| 平江县| 浮山县| 宣汉县| 揭阳市| 衢州市| 屯门区| 金山区| 丘北县| 荥经县| 玉环县| 筠连县| 安吉县| 鸡西市| 陕西省| 射阳县| 察隅县| 集贤县| 九寨沟县| 松原市| 潢川县| 武山县| 阜城县| 鄂州市| 泸水县| 潼关县| 闻喜县| 洪湖市| 铜川市| 洛扎县| 大埔区| 都匀市| 余庆县|