All Projects → jmpews → evilELF

jmpews / evilELF

Licence: MIT license
Malicious use of ELF such as .so inject, func hook and so on.

Programming Languages

c
50402 projects - #5 most used programming language
assembly
5116 projects
Makefile
30231 projects

Projects that are alternatives of or similar to evilELF

inject
[Archived] See https://github.com/goava/di.
Stars: ✭ 49 (-12.5%)
Mutual labels:  injector
gocave
Finding code caves in ELF files with GoLang
Stars: ✭ 22 (-60.71%)
Mutual labels:  elf
ELFDump
ELFDump is a C parser for ELF64 object files.
Stars: ✭ 15 (-73.21%)
Mutual labels:  elf
dynlib
IDA Pro plugin to aid PS4 user mode ELF reverse engineering.
Stars: ✭ 51 (-8.93%)
Mutual labels:  elf
singlefile
featured cs:go internal hack, one file and less than 1000 lines.
Stars: ✭ 47 (-16.07%)
Mutual labels:  injector
ocean
Programming language that compiles into a x86 ELF executable.
Stars: ✭ 164 (+192.86%)
Mutual labels:  elf
dodrugs
A macro-powered dependency injector for Haxe
Stars: ✭ 29 (-48.21%)
Mutual labels:  injector
goelftools
Library for parsing ELF files written in pure Go.
Stars: ✭ 26 (-53.57%)
Mutual labels:  elf
golang-debugger-book
From a debugger's view, Let's explore the computer world! How does compiler, linker and debugger coordinate with each other around the program written in specific programming language? How does a debugger work? If we develop a debugger for go programming language, we must master go type system, runtime... and some Operating System internals. OK,…
Stars: ✭ 49 (-12.5%)
Mutual labels:  elf
Cwerg
A light-weight compiler backend
Stars: ✭ 207 (+269.64%)
Mutual labels:  elf
aspectgo
Aspect-Oriented Programming framework for Go
Stars: ✭ 62 (+10.71%)
Mutual labels:  injector
DependencyInjector
Lightweight dependency injector
Stars: ✭ 30 (-46.43%)
Mutual labels:  injector
dirt
x86 assembler in scheme
Stars: ✭ 27 (-51.79%)
Mutual labels:  elf
ftrace
Simple Function calls tracer
Stars: ✭ 65 (+16.07%)
Mutual labels:  elf
elftree
ELF library dependency viewer
Stars: ✭ 40 (-28.57%)
Mutual labels:  elf
nsec-badge
Software from the NorthSec badge
Stars: ✭ 34 (-39.29%)
Mutual labels:  elf
wedi
[Deprecated] A lightweight dependency injection (DI) library for TypeScript, along with a binding for React.
Stars: ✭ 22 (-60.71%)
Mutual labels:  injector
common-injector
Heavily influenced by Angular and it's dependency injection. Inspired by Angular and Indiv.
Stars: ✭ 18 (-67.86%)
Mutual labels:  injector
fileless-elf-exec
Execute ELF files without dropping them on disk
Stars: ✭ 237 (+323.21%)
Mutual labels:  elf
linker
Dependency Injection and Inversion of Control package
Stars: ✭ 33 (-41.07%)
Mutual labels:  injector

evilELF

Malicious use of ELF such as .so inject, func hook and so on.

InejctRuntimeELF

具体参考 linux进程动态so注入 实现恶意 so 注入, 采用直接解析 ELF 文件的方式, 更加具有通用性, 并以 .gnu.hash 进行符号查找, 适用于目前的 ELF 结构.

代码规范, 参考 glibc-2.19, 用 ElfW 宏进行 3264 字长兼容.

Demo & Usage

➜  InjectRuntimeELF git:(master) ✗ sudo ./inject 3631 /evilELF/InjectRuntimeELF/example/evil.so
--------------------------------------------------------------
InjectRuntimeELF - (1.0.0) - by [email protected]
--------------------------------------------------------------
[*] attached to pid 3631.
[*] dump runtime infomation
[*] dumping header...
[*] start symbol search '__libc_dlopen_mode'...
[*] start search libaray: /lib/i386-linux-gnu/libc.so.6
[*] start bucket search...
[*] found '__libc_dlopen_mode' at 0xb7693ae0
[+] entry point: 0x8048380
[+] stopped 3631 at eip:0xb7729428, esp:0xbf93cffc
[+] inject code done 3631 at eip:0x8048396
[*] start symbol search 'evilfunc'...
[*] start search libaray: /lib/i386-linux-gnu/libc.so.6
[*] start search libaray: /lib/ld-linux.so.2
[*] search in ld, no link_map.
[*] start search libaray: /evilELF/InjectRuntimeELF/example/evil.so
[*] start bucket search...
[*] found 'evilfunc' at 0xb772353b
[*] lib injection done!
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].