I'm wondering whether we could use ptrace to trick a syscall execution. For example, can we trick the SYS_read with a pre-defined input, so that application users will not have to type anything from the keyboard? Thanks!
Asked
Active
Viewed 106 times
0
xiaogw
- 653
- 8
- 18
-
This looks like a good article on it: https://nullprogram.com/blog/2018/06/23/ – Andrew Sun Nov 13 '18 at 16:39
-
@AndrewSun There is a problem with the method above. The `SYS_read` is always blocked to wait for any user input. My question is how can we "feed" the user input with ptrace (or other methods), and let `SYS_read` continue execution. – xiaogw Nov 13 '18 at 16:49
-
Could you not just copy the data into the buffer yourself and cancel the original syscall using the technique described in the article? – Andrew Sun Nov 13 '18 at 17:00
-
By the way, is there a reason you couldn't just use pipes to redirect stdin? – Andrew Sun Nov 13 '18 at 19:13
-
Thanks for the answer. I feed the read input buffer with `ptrace(PTRACE_POKEDATA, ...)` and replace the `SYS_read` with `SYS_getpid` to get things to work. It's just a research project that has to manipulate syscalls. – xiaogw Nov 13 '18 at 20:22