The traditional way to do this on Linux would be to create a dynamic library (.so) with your code in it, and then separately force your library to load into the running application. There is no general store on Windows, as there is CreateRemoteThread on Windows.
So, here are the basic steps:
- Create dylib / so that it contains the code that you want to execute in the remote process.
- Write a very simple code in the assembly that downloads the specified file (mainly copy and paste from this link , part 1).
- Paste the mentioned ASM loader as a binary payload into the buffer in the second file / application code. Here you will use
ptrace to run the binary payload recorded in step 2, which will call the target application to call _dl_open() on the .so created in step 1, which contains the actual code that you want to run. (Example shown in the same link , part 2.)
If you need your code to run in a separate thread from the main pump, then you should use pthread_create in the code in step 1.
Hope this answers your question. Yes, it is more involved than in Windows; but it should work equally well. In addition, you can only reuse all of the code in steps 2 and 3 for future code removal projects.
Mahmoud Al-Qudsi
source share