Created
June 25, 2014 04:51
-
-
Save FlyingJester/0e6549a20a141900915b to your computer and use it in GitHub Desktop.
Run-Time Code Injection
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <cstdio> | |
| #include <sys/mman.h> | |
| #include <sys/types.h> | |
| #include <cstring> | |
| int main(int argc, const char * argv[]) | |
| { | |
| // What we want to execute. in amd64, 0x90 is a no-op and 0xC3 is ret. | |
| unsigned char execute[] = {0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0xC3}; | |
| // Get a proper page to use. | |
| void *lPage = mmap(nullptr, sizeof(execute), PROT_READ|PROT_WRITE, MAP_ANON|MAP_SHARED, -1, 0); | |
| // Put our machine code there. | |
| memcpy(lPage, execute, sizeof(execute)); | |
| // We need execute rights on this memory. | |
| mprotect(lPage, sizeof(execute), PROT_READ|PROT_EXEC); | |
| // Tell C++ that this addess is executable, and acts like a function with no args or any return value | |
| void (*func)(void); | |
| func = (void (*)(void))lPage; | |
| // Call it. Segfaults if we failed, so fingers crossed! | |
| func(); | |
| // We must not have failed! Hurray! | |
| printf("Success!\n"); | |
| return 0; | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment