This is the mail archive of the
libc-help@sourceware.org
mailing list for the glibc project.
Library injection
- From: Adam <adam dot sznajder at purecode dot pl>
- To: libc-help at sourceware dot org
- Date: Mon, 04 Apr 2011 23:55:14 +0200
- Subject: Library injection
Hello!
my name is Adam Sznajder and I study computer science at Warsaw
University of Technology. Currently I'm writting my graduate work which
I have to do in order to finish my studies. The main aim of my project
is to inject a library into some running process and create a new thread
which will e.g. protect stack. As you can see it is a quite interesting
task, but I have a problem with library injection. I found some awesome
article on which I based my work:
http://nologin.org/Downloads/Papers/remote-library-injection.pdf .
Unfortunately my project doesn't work properly. It crashes in the middle
of _dl_open function with the offset 0x163. Could you please have a look
on my project and tell me what's wrong with it? You can download the
sources here: www.purecode.pl/dllInjection.zip. I understand that you
are busy and have much more important things to do, but can someone
explain me what should I put into each register before _dl_open call?
Currently I store in eax register address of library's path, in ebx
0x80000002 and in ecx NULL. Being honest I'm quite stressed because the
time is running and I don't really know what's wrong. I work on Arch
Linux with ld-2.13.so library.
Thanks in advance,
Adam Sznajder