官术网_书友最值得收藏!

  • Learning Linux Binary Analysis
  • Ryan “elfmaster” O'Neill
  • 160字
  • 2021-07-16 12:56:54

The importance of ptrace

In Linux, the ptrace(2) system call is the userland means of accessing a process address space. This means that someone can attach to a process that they own and modify, analyze, reverse, and debug it. Well-known debugging and analysis applications such as gdb, strace, and ltrace are ptrace assisted applications. The ptrace command is very useful for both reverse engineers and malware authors.

It gives a programmer the ability to attach to a process and modify the memory, which can include injecting code and modifying important data structures such as the Global Offset Table (GOT) for shared library redirection. In this section, we will cover the most commonly used features of ptrace, demonstrate memory infection from the attacker's side, and process analysis by writing a program to reconstruct a process image back into an executable. If you have never used ptrace, then you will see that you have been missing out on a lot of fun!

主站蜘蛛池模板: 原阳县| 咸阳市| 瑞丽市| 新民市| 上高县| 怀安县| 洛南县| 蒙山县| 临武县| 东台市| 密云县| 昔阳县| 高平市| 伊宁县| 鸡泽县| 绵阳市| 连州市| 朝阳县| 师宗县| 商城县| 清水县| 邯郸县| 公主岭市| 桂东县| 仁寿县| 乌苏市| 尚义县| 虹口区| 资兴市| 长泰县| 古浪县| 陕西省| 浦东新区| 汾阳市| 沙雅县| 延川县| 凤山市| 襄垣县| 长海县| 屏东县| 石首市|