admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-25 02:43:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

Continued with execve hijacking.

Browse Source
This commit is contained in:
h3xduck
2022-06-13 22:16:34 -04:00
parent a1a41b02df
commit 163f923c55
11 changed files with 21121 additions and 20348 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/chapters/chapter2.tex
View File

@@ -699,7 +699,7 @@ Nowadays, most Linux distributions have set value 1 to this parameter, therefore
\section{Memory management in Linux}
Multiple of the techniques incorporated in our rootkit require a deep understanding into how memory is managed in a Linux process. Therefore, in this section we will present all the background about memory management needed for our later discussion of the offensive capabilities of eBPF in this context.
\subsection{Memory pages and faults}
\subsection{Memory pages and faults} \label{subsection:mem_faults}
Linux systems divide the available random access memory (RAM) into 'pages', subsections of an specific length, usually 4 KB. The collection of all pages is called physical memory.
Likewise, individual memory sections need to be assigned to each running process in the system, but instead of assigning a set of pages from physical memory, a new address space is defined, named virtual memory, which is divided into pages as well. These virtual memory pages are related to physical memory pages via a page table, so that each virtual memory address of a process can be translated into a real, physical memory address in RAM \cite{mem_page_arch}. Figure \ref{fig:mem_arch_pages} shows a diagram of the described architecture.