Maximize
Bookmark

VX Heavens

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Modern Day ELF Runtime infection via GOT poisoning

Ryan O'Neill
May 2009

[Back to index] [Comments (0)]

Abstract

This paper is a document that outlines a specific algorithm to hijack shared library calls within a running process. While working on my UNIX AV tool for ELF parasite disinfection and memory resident parasite analysis, I stumbled upon an algorithm for hijacking shared library calls through global offset table poisoning, and coded a hijacker that uses the algorithm to demonstrate it. Runtime infection through shared library linking is not a new concept; so why would I write a paper on it?

[Read the article]

deenesitfrplruua