Linux Today: Linux News On Internet Time.

Pluf: Linux Per-Process Syscall Hooking

Sep 07, 2006, 06:00 (3 Talkback[s])

"This document describes a new syscall hooking technique for Linux systems and exposes how it can be implemented as part of a virus or a backdoor in order to take full control over an userland application. Although there are some well- known methods for hooking functions, they are mostly based on the ELF format itself. This technique is focused on thoses pieces of code that are externally called by the main program and invoke a system call or system service.

"A simple implementation of this hooking mechanism has been developed as a result of the research and it is included with the article. This code provided does not have all the features you wish but includes the required ones, is not a real backdoor but a simple proof of concept, perfect to write your own one..."

Complete Story

Related Stories: