LD_PRELOAD Code Injection
The cluster focuses on techniques for injecting or modifying code in running processes and binaries using LD_PRELOAD, ptrace, dynamic linker hacks, and similar methods, with discussions on bypassing protections and attacker countermeasures.
Activity Over Time
Top Contributors
Keywords
Sample Comments
Can't an attacker modify the executable to not do that?
I was expecting LD_PRELOAD trickery.
I wonder if some sneaky LD_PRELOAD hacks could make this possible.
How? Dynamic linker hacks don't count.
I'm guessing that this only works with dynamically linked binaries, similar to LD_PRELOAD-based solutions?
Would be nice to know how this actually works; docs dont say much about how the tool injects the code into the running process.
Yes. But you can also inject code into libc.so.6, and all running processes will have it.
What do you mean? There are many examples of people using LD_PRELOAD to patch the behaviour of other's binaries.
Is this akin to using LD_PRELOAD on Linux to hook something like __libc_start_main and modifying specific data in one of the data sections of the ELF binary or something?
yes, by manipulating running code from another process. I'm actually quite amazed no AV software immediately stopped it.