1

So I have been working on Injecting Linux Shared Objects into running processes following information from Inject shared library into a process and https://github.com/gaffe23/linux-inject. I've gotten it up and running fairly well. My question pertains to removing the shared object afterwards. I know I can use the same method as for injection, but what I need to know is if I can remove the shared object using code within it.

For example, I inject the .so and then remove the injector. Now I need a way to remove the .so using functionality built into the .so itself. I've thought about placing the injection code into the .so and then forking a process after a period of time just to test the idea. Is this feasible or is there something else that would work better?

Community
  • 1
  • 1
incanus86
  • 77
  • 6

1 Answers1

0

It not trivial, but you can do the following when you decide to unload your shared object:

  • mmap() a new mapping with EXECUTE permissions
  • Write machine instructions on this mapping that dlclose(your-shared-object)
  • write machine instructions that call munmap() while making sure the return address of this invocation points to a thread termination call (possibly pthread_exit()), resulting the executing thread to never return
  • Create new thread and call the mmap() address
Eytan Naim
  • 159
  • 14