Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/milabs/kjector
Code injection from Linux kernel to a process
https://github.com/milabs/kjector
Last synced: 8 days ago
JSON representation
Code injection from Linux kernel to a process
- Host: GitHub
- URL: https://github.com/milabs/kjector
- Owner: milabs
- License: gpl-2.0
- Created: 2023-05-18T12:23:34.000Z (over 1 year ago)
- Default Branch: master
- Last Pushed: 2023-05-19T21:52:06.000Z (over 1 year ago)
- Last Synced: 2024-10-29T22:40:04.973Z (about 2 months ago)
- Language: C
- Size: 25.4 KB
- Stars: 19
- Watchers: 2
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Citation: CITATION.cff
Awesome Lists containing this project
README
# 0
KJECTOR - Linux kernel injector
# Usage
Build the project using the following command:
~~~
$ git submodule update --init # first time only
$ [DEBUG=1] [PAYLOAD=] make
~~~`ldr` is a payload which loads shared object library (default)
`idle` is a payload which does nothing but continues process execution
`idle-trap` is a payload which traps process execution (DO NOT USE IN PRODUCTION)
Once built use the following command to load the module:
~~~
$ sudo insmod kj_mod/kjector.ko
~~~Default build injects `kj_lib/libkjector.so` to every [ping](kj_mod/module.c#L45) process.
Once injected `libkjector.so` sends `UDP` datagram with a string to `127.0.0.1:6666`.
To catch it run nc-like listener like follows:
~~~
$ nc -ludk 127.0.0.1 6666
~~~# Features
- x86_64 only
- 2.6.18+ kernels
- able to inject shared object# How it works
Injection happens in `sys_close` syscall hanlder.
Injection is done using `vm_mmap` / `copy_to_user` / `mprotect` sequence.
Target process state is modifyed by changing instruction pointer register (`pt_regs->ip`).
# Related
KHOOK hooking engine:
- [KHOOK](https://github.com/milabs/khook)Kernel mode to user mode so injection:
- [linux-kernel-so-injector](https://github.com/Rhydon1337/linux-kernel-so-injector)# Disclaimer
Education purposes. Only.
# License
This software is licensed under the GPL.
# Author
[Ilya V. Matveychikov](https://github.com/milabs)
2023