{"id":16714075,"url":"https://github.com/therealdreg/nasm_linux_x86_64_pure_sharedlib","last_synced_at":"2025-07-16T21:13:07.592Z","repository":{"id":41299240,"uuid":"508813337","full_name":"therealdreg/nasm_linux_x86_64_pure_sharedlib","owner":"therealdreg","description":"NASM Linux x86_64 pure (no deps) shared library (.so), POC for Reflective ELF SO injection","archived":false,"fork":false,"pushed_at":"2023-08-11T06:25:41.000Z","size":29,"stargazers_count":29,"open_issues_count":0,"forks_count":6,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-03-18T05:06:32.787Z","etag":null,"topics":["assembly","library-injection","linux","linux-library","nasm","nasm-assembly","reflection-library","reflective-injection","shared-library","shellcode","x86-64"],"latest_commit_sha":null,"homepage":"https://rootkit.es/","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/therealdreg.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["therealdreg"],"patreon":"dreg","custom":["https://www.paypal.me/therealdreg","https://www.paypal.me/therealdreg"]}},"created_at":"2022-06-29T19:00:46.000Z","updated_at":"2025-02-12T14:45:00.000Z","dependencies_parsed_at":"2024-10-28T11:33:37.974Z","dependency_job_id":"7466d2c7-6f85-476e-a28e-d77c07932d36","html_url":"https://github.com/therealdreg/nasm_linux_x86_64_pure_sharedlib","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/therealdreg%2Fnasm_linux_x86_64_pure_sharedlib","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/therealdreg%2Fnasm_linux_x86_64_pure_sharedlib/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/therealdreg%2Fnasm_linux_x86_64_pure_sharedlib/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/therealdreg%2Fnasm_linux_x86_64_pure_sharedlib/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/therealdreg","download_url":"https://codeload.github.com/therealdreg/nasm_linux_x86_64_pure_sharedlib/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244866376,"owners_count":20523504,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["assembly","library-injection","linux","linux-library","nasm","nasm-assembly","reflection-library","reflective-injection","shared-library","shellcode","x86-64"],"created_at":"2024-10-12T20:49:08.660Z","updated_at":"2025-03-21T20:33:35.753Z","avatar_url":"https://github.com/therealdreg.png","language":"Shell","funding_links":["https://github.com/sponsors/therealdreg","https://patreon.com/dreg","https://www.paypal.me/therealdreg"],"categories":[],"sub_categories":[],"readme":"# NASM Linux x86_64 pure (no deps) shared library (.so)\n\nTested with \"Reflective SO injection\". A library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process\n\nhttps://github.com/infosecguerrilla/ReflectiveSOInjection\n\n## Reflective ELF SO Injection (Linux x86_64)\n\nDownload \u0026 compile injector\n\n```\ngit clone https://github.com/infosecguerrilla/ReflectiveSOInjection\ncd ReflectiveSOInjection/inject/src\ngcc inject.c ptrace.c utils.c -ldl -o inject\n```\n\nlaunch a victim process, ex nc:\n```\nnc -l 6969\n```\n\nInject sharedlib.so in nc (nc PID is 26558):\n```\n./inject -p 26558 /home/dreg/nasm_linux_x86_64_pure_sharedlib/sharedlib.so\n\n[i] targeting process with pid 26558\n[+] shared object mapped at 0x7fc8c7723000\n[+] found dynamic segment at 0x7fc8c7725f50\n[+] dynsym found at address 0x7fc8c7723218\n[+] dynstr found at address 0x7fc8c7723260\n[+] Resolved ReflectiveLoader offset to 0x1051\n[i] Setting target registers to appropriate values\n[i] Overwriting target memory region with shellcode\n[+] Transfering execution to stage 0 shellcode\n[+] Returned from Stage 0 shell code RIP of target is 0x5613de86c06e\n[i] Stage 0 mmap returned memory address of 0x7fa898c22000.. verifying allocation succeeded..\n[+] Okay.. mmap allocation was successful!\n[+] Writing our shared object into the victim process address space MUAHAHAHA!!!\n[+] Setting RIP to ReflectiveLoader function\n[+] Calling ReflectiveLoader function! Let's hope this works ;D\nptrace(PTRACE_GETSIGINFO) failed\n```\n\nJust ignore the last failed msg\n\nDone! you can see the injected SO code in nc terminal:\n```\nnc -l 6969\nHello Dreg from the sharedlib ASM from ReflectiveLoader\n```\n\n## How to compile sharedlib\n```\ncd nasm_linux_x86_64_pure_sharedlib\nchmod +x *\nchmod +x withlibc/*\n./build.sh \n\n+ sudo apt-get install build-essential nasm\nReading package lists... Done\nBuilding dependency tree... Done\nReading state information... Done\nbuild-essential is already the newest version (12.9).\nnasm is already the newest version (2.15.05-1).\n0 upgraded, 0 newly installed, 0 to remove and 410 not upgraded.\n+ rm -rf loader.o sharedlib.o sharedlib.so withlibc/sharedlib.so withlibc/loader\n+ nasm -felf64 -o sharedlib.o sharedlib.asm\n+ ld -lc --dynamic-linker /lib64/ld-linux-x86-64.so.2 -shared -soname sharedlib.so -o withlibc/sharedlib.so sharedlib.o -R .\n+ gcc -nostdlib -ffreestanding -fno-builtin -no-pie -shared sharedlib.o -o sharedlib.so\n+ gcc loader.c -ldl -o loader\n+ cp loader withlibc/\n```\n\n## Test pure .so\n```\ncd nasm_linux_x86_64_pure_sharedlib\nchmod +x *\nchmod +x withlibc/*\n./testlib.sh\n\ntesting no deps\n+ objdump -x ./sharedlib.so\n\n./sharedlib.so: file format elf64-x86-64\n./sharedlib.so\narchitecture: i386:x86-64, flags 0x00000150:\nHAS_SYMS, DYNAMIC, D_PAGED\nstart address 0x0000000000001000\n\nProgram Header:\n LOAD off 0x0000000000000000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**12\n filesz 0x0000000000000279 memsz 0x0000000000000279 flags r--\n LOAD off 0x0000000000001000 vaddr 0x0000000000001000 paddr 0x0000000000001000 align 2**12\n filesz 0x00000000000000b8 memsz 0x00000000000000b8 flags r-x\n LOAD off 0x0000000000002000 vaddr 0x0000000000002000 paddr 0x0000000000002000 align 2**12\n filesz 0x0000000000000000 memsz 0x0000000000000000 flags r--\n LOAD off 0x0000000000002f50 vaddr 0x0000000000002f50 paddr 0x0000000000002f50 align 2**12\n filesz 0x00000000000000b0 memsz 0x00000000000000b0 flags rw-\n DYNAMIC off 0x0000000000002f50 vaddr 0x0000000000002f50 paddr 0x0000000000002f50 align 2**3\n filesz 0x00000000000000b0 memsz 0x00000000000000b0 flags rw-\n NOTE off 0x00000000000001c8 vaddr 0x00000000000001c8 paddr 0x00000000000001c8 align 2**2\n filesz 0x0000000000000024 memsz 0x0000000000000024 flags r--\n RELRO off 0x0000000000002f50 vaddr 0x0000000000002f50 paddr 0x0000000000002f50 align 2**0\n filesz 0x00000000000000b0 memsz 0x00000000000000b0 flags r--\n\nDynamic Section:\n GNU_HASH 0x00000000000001f0\n STRTAB 0x0000000000000260\n SYMTAB 0x0000000000000218\n STRSZ 0x0000000000000019\n SYMENT 0x0000000000000018\n\nSections:\nIdx Name Size VMA LMA File off Algn\n 0 .note.gnu.build-id 00000024 00000000000001c8 00000000000001c8 000001c8 2**2\n CONTENTS, ALLOC, LOAD, READONLY, DATA\n 1 .gnu.hash 00000028 00000000000001f0 00000000000001f0 000001f0 2**3\n CONTENTS, ALLOC, LOAD, READONLY, DATA\n 2 .dynsym 00000048 0000000000000218 0000000000000218 00000218 2**3\n CONTENTS, ALLOC, LOAD, READONLY, DATA\n 3 .dynstr 00000019 0000000000000260 0000000000000260 00000260 2**0\n CONTENTS, ALLOC, LOAD, READONLY, DATA\n 4 .text 000000b8 0000000000001000 0000000000001000 00001000 2**4\n CONTENTS, ALLOC, LOAD, READONLY, CODE\n 5 .eh_frame 00000000 0000000000002000 0000000000002000 00002000 2**3\n CONTENTS, ALLOC, LOAD, READONLY, DATA\n 6 .dynamic 000000b0 0000000000002f50 0000000000002f50 00002f50 2**3\n CONTENTS, ALLOC, LOAD, DATA\nSYMBOL TABLE:\n0000000000000000 l df *ABS* 0000000000000000 sharedlib.asm\n000000000000100f l .text 0000000000000000 msg\n000000000000002e l *ABS* 0000000000000000 msglen\n0000000000001047 l .text 0000000000000000 nxt\n0000000000001060 l .text 0000000000000000 msg2\n0000000000000038 l *ABS* 0000000000000000 msglen2\n00000000000010a2 l .text 0000000000000000 sgt\n00000000000010ac l .text 0000000000000000 ext\n0000000000000000 l df *ABS* 0000000000000000 \n0000000000002f50 l O .dynamic 0000000000000000 _DYNAMIC\n0000000000001000 g .text 0000000000000000 _start\n0000000000001051 g F .text 0000000000000000 ReflectiveLoader\n\n\n+ ldd ./sharedlib.so\n statically linked\n+ file ./sharedlib.so\n./sharedlib.so: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, not stripped\n+ ./loader\nHello from loader by Dreg\ncalling to ReflectiveLoader....\nHello Dreg from the sharedlib ASM from ReflectiveLoader\n+ ./sharedlib.so\nHello Dreg from the sharedlib ASM from _start\n+ /lib64/ld-linux-x86-64.so.2 ./sharedlib.so\nHello Dreg from the sharedlib ASM from _start\n+ ldd ./sharedlib.so\n statically linked\n```\n\n\n## Test .so version with libc dep\n\n```\ncd nasm_linux_x86_64_pure_sharedlib\nchmod +x *\nchmod +x withlibc/*\n./testwithlibc.sh \n\ntesting with libc dep\n+ cd withlibc\n+ pwd\n/home/dreg/nasm_linux_x86_64_pure_sharedlib/withlibc\n+ objdump -x ./sharedlib.so\n\n./sharedlib.so: file format elf64-x86-64\n./sharedlib.so\narchitecture: i386:x86-64, flags 0x00000150:\nHAS_SYMS, DYNAMIC, D_PAGED\nstart address 0x0000000000001000\n\nProgram Header:\n LOAD off 0x0000000000000000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**12\n filesz 0x000000000000024a memsz 0x000000000000024a flags r--\n LOAD off 0x0000000000001000 vaddr 0x0000000000001000 paddr 0x0000000000001000 align 2**12\n filesz 0x00000000000000b8 memsz 0x00000000000000b8 flags r-x\n LOAD off 0x0000000000002000 vaddr 0x0000000000002000 paddr 0x0000000000002000 align 2**12\n filesz 0x0000000000000000 memsz 0x0000000000000000 flags r--\n LOAD off 0x0000000000002f10 vaddr 0x0000000000002f10 paddr 0x0000000000002f10 align 2**12\n filesz 0x00000000000000f0 memsz 0x00000000000000f0 flags rw-\n DYNAMIC off 0x0000000000002f10 vaddr 0x0000000000002f10 paddr 0x0000000000002f10 align 2**3\n filesz 0x00000000000000f0 memsz 0x00000000000000f0 flags rw-\n RELRO off 0x0000000000002f10 vaddr 0x0000000000002f10 paddr 0x0000000000002f10 align 2**0\n filesz 0x00000000000000f0 memsz 0x00000000000000f0 flags r--\n\nDynamic Section:\n NEEDED libc.so.6\n SONAME sharedlib.so\n RUNPATH .\n HASH 0x0000000000000190\n GNU_HASH 0x00000000000001a8\n STRTAB 0x0000000000000218\n SYMTAB 0x00000000000001d0\n STRSZ 0x0000000000000032\n SYMENT 0x0000000000000018\n\nSections:\nIdx Name Size VMA LMA File off Algn\n 0 .hash 00000018 0000000000000190 0000000000000190 00000190 2**3\n CONTENTS, ALLOC, LOAD, READONLY, DATA\n 1 .gnu.hash 00000028 00000000000001a8 00000000000001a8 000001a8 2**3\n CONTENTS, ALLOC, LOAD, READONLY, DATA\n 2 .dynsym 00000048 00000000000001d0 00000000000001d0 000001d0 2**3\n CONTENTS, ALLOC, LOAD, READONLY, DATA\n 3 .dynstr 00000032 0000000000000218 0000000000000218 00000218 2**0\n CONTENTS, ALLOC, LOAD, READONLY, DATA\n 4 .text 000000b8 0000000000001000 0000000000001000 00001000 2**4\n CONTENTS, ALLOC, LOAD, READONLY, CODE\n 5 .eh_frame 00000000 0000000000002000 0000000000002000 00002000 2**3\n CONTENTS, ALLOC, LOAD, READONLY, DATA\n 6 .dynamic 000000f0 0000000000002f10 0000000000002f10 00002f10 2**3\n CONTENTS, ALLOC, LOAD, DATA\nSYMBOL TABLE:\n0000000000000000 l df *ABS* 0000000000000000 sharedlib.asm\n000000000000100f l .text 0000000000000000 msg\n000000000000002e l *ABS* 0000000000000000 msglen\n0000000000001047 l .text 0000000000000000 nxt\n0000000000001060 l .text 0000000000000000 msg2\n0000000000000038 l *ABS* 0000000000000000 msglen2\n00000000000010a2 l .text 0000000000000000 sgt\n00000000000010ac l .text 0000000000000000 ext\n0000000000000000 l df *ABS* 0000000000000000 \n0000000000002f10 l O .dynamic 0000000000000000 _DYNAMIC\n0000000000001051 g F .text 0000000000000000 ReflectiveLoader\n0000000000001000 g .text 0000000000000000 _start\n\n\n+ ldd ./sharedlib.so\n linux-vdso.so.1 (0x00007ffdd53e7000)\n libc.so.6 =\u003e /lib/x86_64-linux-gnu/libc.so.6 (0x00007fb183bed000)\n /lib64/ld-linux-x86-64.so.2 (0x00007fb183de3000)\n+ file ./sharedlib.so\n./sharedlib.so: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, not stripped\n+ ./loader\nHello from loader by Dreg\ncalling to ReflectiveLoader....\nHello Dreg from the sharedlib ASM from ReflectiveLoader\n+ ./sharedlib.so\nHello Dreg from the sharedlib ASM from _start\n+ /lib64/ld-linux-x86-64.so.2 ./sharedlib.so\nHello Dreg from the sharedlib ASM from _start\n+ ldd ./sharedlib.so\n linux-vdso.so.1 (0x00007fff801ce000)\n libc.so.6 =\u003e /lib/x86_64-linux-gnu/libc.so.6 (0x00007f11dc070000)\n /lib64/ld-linux-x86-64.so.2 (0x00007f11dc266000)\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftherealdreg%2Fnasm_linux_x86_64_pure_sharedlib","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftherealdreg%2Fnasm_linux_x86_64_pure_sharedlib","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftherealdreg%2Fnasm_linux_x86_64_pure_sharedlib/lists"}