- Learning Linux Binary Analysis
- Ryan “elfmaster” O'Neill
- 160字
- 2021-07-16 12:56:54
The importance of ptrace
In Linux, the ptrace(2)
system call is the userland means of accessing a process address space. This means that someone can attach to a process that they own and modify, analyze, reverse, and debug it. Well-known debugging and analysis applications such as gdb
, strace
, and ltrace
are ptrace
assisted applications. The ptrace
command is very useful for both reverse engineers and malware authors.
It gives a programmer the ability to attach to a process and modify the memory, which can include injecting code and modifying important data structures such as the Global Offset Table (GOT) for shared library redirection. In this section, we will cover the most commonly used features of ptrace
, demonstrate memory infection from the attacker's side, and process analysis by writing a program to reconstruct a process image back into an executable. If you have never used ptrace
, then you will see that you have been missing out on a lot of fun!
- 數(shù)據(jù)庫系統(tǒng)原理及MySQL應(yīng)用教程(第2版)
- Python編程自學(xué)手冊
- OpenCV for Secret Agents
- Troubleshooting PostgreSQL
- JavaScript動態(tài)網(wǎng)頁開發(fā)詳解
- Responsive Web Design by Example
- JSP程序設(shè)計實例教程(第2版)
- 平面設(shè)計經(jīng)典案例教程:CorelDRAW X6
- uni-app跨平臺開發(fā)與應(yīng)用從入門到實踐
- 愛上C語言:C KISS
- Spring Boot 3:入門與應(yīng)用實戰(zhàn)
- Learning Gerrit Code Review
- Mastering PostgreSQL 11(Second Edition)
- Cloud Development andDeployment with CloudBees
- Python編程基礎(chǔ)與數(shù)據(jù)分析