Modifying external running process using python


B

bingbang

Hi all,

Beginner here. I am trying to figure out how to modify a running
process on a linux system using Python.

Example: I have a python program that takes in as an argument a PID.
My goal is to use this PID and get info about the running process with
that PID. (1) Find where it is located in memory (2) Where is the
instruction pointer (3) Modify the program such that the next executed
instruction is something else (4) Return the pointer back to the next
legitimate instruction (5) Let the original process execute as it
should have

I am trying to develop a POC to show how a small piece of code can be
injected into a running process to just print 'hello' to stdout and
not disturb the rest of the process. Before you tear you hair out. The
program I want to "infect" will be an infinite loop with a sleep in it
and the "malware" will be a " print 'infected' " kind of program. Not
looking to do anything malicious, just trying to learn.

I looked up trace and some other modules but they all seem to do with
following the currently executing python process. Also looked at
pyhook, but its mainly to trap signals from keyboards etc.. Looked at
gray hat python - tuned towards windows.

Can anyone please point me to some modules that might be useful, or
some code samples. I tried googling for "python inspect process PID"
etc.. did not get anything very useful. I know I can run gdb -a pid
from within python and such but I am looking for a non os.popen ish
kind of a way. Is there a module that will be helpful.

Let's assume I have sudo/root privileges and that the POC code "only
needs to work in linux".

Any help is very appreciated.
[Also posted on StackOverflow] - no real good leads from there

Thanks!
 
Ad

Advertisements

N

Nobody

Beginner here. I am trying to figure out how to modify a running
process on a linux system using Python.
I looked up trace and some other modules but they all seem to do with
following the currently executing python process.

ptrace() is the system call which programs such as gdb, strace, ltrace,
etc use to monitor or control another process. You wil probably need to
use ctypes to access this function from Python.
Let's assume I have sudo/root privileges and that the POC code "only
needs to work in linux".

You don't need root privilege to ptrace() a process which you own and
which isn't privileged (a process which starts out setuid/setgid is still
treated as privileged even if it reverts to the real user/group IDs).
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top