CSE 466 Project 5 (Hard)
Code Injection in a running process using ptrace

Due Date – December 3, 3:30 Pm, Start of Class

Method – Print out of main routine only, Provide snapshots as deemed necessary

                           

 

You have to perform byte-code injection into a running process as shown in class. The resources for this project are:

 

  1. Intel Software Developers Manual (PDF)
  2. Slides used in class (PDF)
  3. Program code –ZIPfile - (contains examples shown in class, along with the project code – without main routine). You can only type the main routine for the project, the read.c file and other routines in inject0.c should remain unchanged. Read the man page for ptrace to have a deeper understanding of this project.

 

You can download a fedora 6 virtual machine from the machine made online by the TA and implement the project on it. The IP and login details for the machine were sent earlier in e-mail. The login details of the fedora machine are root:dasgupta, student:student.

 

You can attempt to do this project on Ubuntu or another Linux installation. It was told in class that the code works only on fedora, however, by locating the correct directory for header files on your machine, the code works on other Linux flavors as well.

 

Out of the example C code provided, the first seven work perfectly. Special instructions, if required, to execute a program are provided in the respective C file itself. Example8.c does not work; it was copied from the net. The program (example 8) uses a function to obtain some free location in the process to inject bytecode, this causes faults. You can use the main routine provided in example8.c as a template to code your main() routine inside inject0.c. In the project, you have to do the following:

 

  1. Compile the read.c file
  2. Obtain its objdump
  3. Read the contents of the read routine in Hex.
  4. Place these hexcodes in your main routine inside inject0.c
  5. Obtain the Hex address at which read function has been placed in the read.dump file. Use this address as the target injection place in your main() routine.
  6. Inject the read code into the read process using ptrace. Set the eip of the read process to point to the newly injected code, and then resume execution of the process.
  7. The trap instruction should allow inject process to obtain control once the injected code finishes execution.
  8. Replace the old code and allow read process to resume execution

 

It is very important that if you re-compile the read.c file, you obtain the Hex code and address again before attempting injection. The code inside read.c is not position independent. This will cause the process not to execute the code you placed.

 

Good luck with the project. This project is fairly difficult, so get started early.