Ryan O'Neill
May 2009
This paper is a document that outlines a specific algorithm to hijack shared library calls within a running process. While working on my UNIX AV tool for ELF parasite disinfection and memory resident parasite analysis, I stumbled upon an algorithm for hijacking shared library calls through global offset table poisoning, and coded a hijacker that uses the algorithm to demonstrate it. Runtime infection through shared library linking is not a new concept; so why would I write a paper on it?