Created
April 27, 2016 22:37
-
-
Save hugsy/6644626e08a6aa3da00c91bf632e206b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <unistd.h> | |
#include <sys/ptrace.h> | |
#include <sys/types.h> | |
#include <sys/mman.h> | |
#include <string.h> | |
#define MSG "ptrace protected" | |
int main(int argc, char** argv, char** envp) | |
{ | |
pid_t pid; | |
void* addr; | |
printf("[+] disabling ptrace\n"); | |
if (ptrace(PTRACE_TRACEME, 0, 1, 0) < 0) { | |
perror("[-] is traced\n"); | |
return 1; | |
} | |
printf("[+] is not traced\n"); | |
pid = getpid(); | |
printf("[+] pid is %d\n", pid); | |
addr = mmap(NULL, getpagesize(), | |
PROT_READ|PROT_WRITE, | |
MAP_ANONYMOUS|MAP_PRIVATE, | |
-1, 0); | |
if (addr==MAP_FAILED) { | |
perror("mmap"); | |
return 1; | |
} | |
memset(addr, 0, getpagesize()); | |
printf("[+] addr is %p\n", addr); | |
strcpy(addr, MSG); | |
while (1) { | |
sleep(10); | |
printf("data @%p is %s\n", addr, addr); | |
} | |
return 0; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* Read/Write access in ptrace() protected process memory | |
* | |
* @_hugsy_ | |
*/ | |
http://lxr.free-electrons.com/source/mm/process_vm_access.c */ | |
#include <sys/uio.h> | |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <string.h> | |
int main(int argc, char** argv, char** envp) | |
{ | |
struct iovec local[1]; | |
struct iovec remote[1]; | |
char buf[20]; | |
ssize_t nread; | |
pid_t pid = atoi( argv[1] ); | |
int i; | |
int to_read = 20; | |
local->iov_base = buf; | |
local->iov_len = to_read; | |
remote->iov_base = (void *) strtoll(argv[2], NULL, 16); | |
remote->iov_len = to_read; | |
printf("[+] trying to read %d bytes from pid=%d @%s\n", | |
to_read, | |
pid, | |
argv[2] ); | |
nread = process_vm_readv(pid, local, 1, remote, 1, 0); | |
if (nread < 0) { | |
perror("fail"); | |
return 1; | |
} | |
printf("[+] read %lu bytes\n", nread); | |
for (i=0; i<nread; ) { | |
printf("%c", buf[i++]); | |
if(i%16==0) | |
printf("\n"); | |
} | |
strcpy(buf, "ptrace bypassed"); | |
nread = process_vm_writev(pid, local, 1, remote, 1, 0); | |
printf("[+] written %lu bytes\n", nread); | |
return 0; | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment