Others

Library injection is a powerful technique that enables the modification of an existing process’s behavior by dynamically loading external libraries. In this article, we delve into a more advanced approach using ptrace, a system call that grants deep control over a running process. This article is presented as a technical report based on a conference presentation. Ptrace The ptrace() system call allows a parent process to control the execution of another process and modify its memory image. To inject libraries, I utilized several capabilities of ptrace().This section presents some custom functions used for library injection, along with mechanisms for error handling and debugging. ...

Library injection is a powerful technique that allows modifying the behavior of an existing process by dynamically loading external libraries. In this article, we will explore the principles of library injection, its different approaches, and its practical applications. Library injection is a common technique used by attackers to execute arbitrary code within the address space of a legitimate process. This technique is widely used in malware, rootkits, and red team operations. In Capture The Flag (CTF) competitions, understanding library injection is valuable for binary exploitation, reverse engineering, and forensics challenges. ...