I did not use the mentioned InjectSo, but this is noteworthy information. If you are looking for alternatives, this is an easy way to enter the code:
#include <stdio.h> #include <sys/types.h> #include <pwd.h> int main() { struct passwd* pswd = getpwuid(1000); if(pswd) printf("%s\n", pswd->pw_name); return 0; }
gcc test.c -o test
#define _GNU_SOURCE #include <dlfcn.h> #include <sys/types.h> #include <pwd.h> #include <stdlib.h> #include <stdio.h> static char* hocus = "hocus pocus"; struct passwd *getpwuid(uid_t uid) { static struct passwd *(*orig_getpwuid)(uid_t uid); if(!orig_getpwuid) { orig_getpwuid = (struct passwd* (*)(uid_t))dlsym(RTLD_NEXT, "getpwuid"); } struct passwd* original_passwd = (*orig_getpwuid)(uid); if(original_passwd) { original_passwd->pw_name = hocus; } // your code here return original_passwd; }
gcc inject.c -shared -o libinject.so
do LD_LIBRARY_PATH=. LD_PRELOAD=libinject.so ./test LD_LIBRARY_PATH=. LD_PRELOAD=libinject.so ./test
Must say hocus pocus . You can override arbitrary libc functions like printf , snprintf - just find what this module uses.
In "your code here" you can run arbitrary threads, watchdogs, etc.