|
|
| |
This document describes a new syscall hooking technique for Linux systems and
exposes how it can be implemented as part of a virus or a backdoor in order to
take full control over an userland application. |
| |
Credit:
The information has been provided by Pluf.
For the full paper please visit: http://www.7a69ezine.org/Linux_PerProcess_Syscall_Hooking.txt
|
| |
Here is a paper about a new syscall hooking technique for Linux and "Gungnir" and a proof of concept code that takes advantage of this mechanism in order to control infected userland applications.
1. Introduction
2. Function wrapping
3. Signal handling
4. Syscall trapping
5. Limitations
6. Conclusion
7. References
A. Gungnir code
1. Introduction
This document describes a new syscall hooking technique for Linux systems and
exposes how it can be implemented as part of a virus or a backdoor in order to
take full control over an userland application. Although there are some well-
known methods for hooking functions, they are mostly based on the ELF format
itself. This technique is focused on thoses pieces of code that are externally
called by the main program and invoke a system call or system service.
A simple implementation of this hooking mechanism has been developed as a result
of the research and it is included with the article. This code provided does not
have all the features you wish but includes the required ones, is not a real
backdoor but a simple proof of concept, perfect to write your own one.
|
|
|
