Linux中的CreateRemoteThread [英] CreateRemoteThread in Linux

问题描述

我正在使用 CreateRemoteThread 在Windows中，并且想知道在Linux中是否可以实现同样的功能.在Linux中可以做到这一点吗?

I am using CreateRemoteThread in Windows and would like to know if the same thing is possible in Linux. Is it possible to do this in Linux?

推荐答案

在Linux上执行此操作的传统方法是创建一个包含代码的动态库(.so)，然后分别强制加载该库进入正在运行的应用程序.没有Windows上的CreateRemoteThread一站式商店.

The traditional way of doing this on Linux would be to create a dynamic library (.so) with your code in it, then separately force the loading of your library into the running application. There is no one-stop shop as there is with CreateRemoteThread on Windows.

这是基本步骤:

1. 创建一个dylib/so，其中包含您希望在远程进程中执行的代码.
2. 在汇编中编写一些非常简单的代码，以加载指定的so文件(主要是从复制并粘贴此链接，第1部分).
在第二代码文件/应用程序的缓冲区中，将所述加载程序ASM嵌入为二进制有效载荷.在这里，您将使用 ptrace 运行步骤2中编写的二进制有效负载，这将触发目标应用程序在步骤1中创建的.so上调用_dl_open()，其中包含您希望运行的实际代码. (相同的链接，第2部分中给出的示例.)

1. Create a dylib/so that contains the code you wish to execute in the remote process.
2. Write some very simple code in assembly that loads the specified so file (mainly copy and paste from this link, part 1).
3. Embed said loader ASM as a binary payload in a buffer in a 2nd code file/app. Here you will use ptrace to run the binary payload written in step 2, which will trigger the target app to call _dl_open() on the .so created in step 1, which contains the actual code you wish to run. (Sample given in the same link, part 2.)

如果您需要代码在与主泵不同的线程中运行，则应在步骤1的代码中使用pthread_create.

If you need your code to run in a separate thread from the main pump, then you should use pthread_create in the code in step 1.

希望这能回答您的问题.是的，它比Windows更具参与性.但它应该同样有效.另外，您可以将第2步和第3步中的几乎所有代码重用于以后的远程代码注入项目.

Hope this answers your question. Yes, it's more involved than on Windows; but it should work equally well. Plus, you can reuse just about the entire code from steps 2 and 3 for future remote code injection projects.

这篇关于Linux中的CreateRemoteThread的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！