SecureReality is pleased to announce the availability of version 0.2 of
injectso. injectso is a tool that can be used to inject shared libraries
into running processes on Linux (x86/IA32 and Sparc) and Solaris
(Sparc). It also provides routines that can be used by injected
libraries to easily modify the behaviour of the host process by
intercepting library function calls.
The soon to be released Phrack 59 contains an article on library
injection by an anonymous contributor. injectso is the same basic idea,
developed further and refined.
Some examples of what libraries injected into a process by injectso
could do:
* Send and receive information over open sockets in that process
* Read and write to files opened exclusively by that process
* Close a file descriptor to a socket and redirect the i/o to a
file for debugging
* Release resources open in the target that aren't actually needed
With the interception routines libraries could also do things like the
following:
* Intercept all input into the process, filtering malicious data
* Intercept routines to provide profiling or debugging information
(e.g malloc profiling)
* Snoop on the input and output on another process (a runtime version
of ttysnoop)
injectso was first presented at the BlackHat Briefings in Amsterdam,
Holland, 2001. I'll be doing another presentation on injectso and other
binary modification techniques at BlackHat USA 2002 on the 1st of
August.
injectso can be downloaded at:
http://www.securereality.com.au/archives/injectso-0.2.tar.gz
You might also like to check out the slides for the original injectso
presentation at the BlackHat site:
http://www.blackhat.com/presentations/bh-europe-01/shaun-clowes/injectso3.ppt
Cheers,
Shaun
SecureReality
This archive was generated by hypermail 2b30 : Tue Jul 23 2002 - 12:53:10 PDT