1. Background 1. Storytelling In the previous two articles, we introduced the powerful capabilities of Minhook on the Windows platform. In this article, we will discuss how to hook functions on Linux, introducing two methods. Lightweight LD_PRELOAD Interception LD_PRELOAD is a method of intercepting shared libraries. The advantage of this method is that it does … Read more
01Hook FunctionsHook functions are predefined hooks in a program that allow you to attach or register a hook function when needed, making it available for the target.If there are no hooks, you can also obtain function pointers to encapsulate functions, but this can only be attached before or after the function runs, not during its … Read more
Hello everyone, welcome to Lixin Embedded. In Linux development, core dumps are powerful tools for debugging program crashes. However, on devices with limited storage space, core dump files that can be several megabytes in size can take up a lot of space. In the previous article, we discussed the principles and generation mechanisms of core … Read more
🌟 1. Program Startup: From “Forking” to “Transforming” Forking After entering a command, the Shell instantlyforks a child process, where the parent and child share resources, but throughCopy-On-Write (COW) optimization—only when data is modified do they “split”, saving time and effort! Transforming (execve) The child process calls<span>execve</span> to replace its genes: the kernel parses the … Read more
Preparation Work Enable ASLR and DEP protection. sudo -s echo 2 > /proc/sys/kernel/randomize_va_space To enable DEP protection, simply remove the<span>-z execstack</span> option when compiling with gcc. <span>gcc -m32 -fno-stack-protector -o level3 level3.c</span> Randomized Base Address The following shows the maps situation when running level3 multiple times. First Run $ cat /proc/22020/maps 56652000-56653000 r–p 00000000 08:03 … Read more