-
Notifications
You must be signed in to change notification settings - Fork 45
System call tampering
FrenchYeti edited this page Oct 3, 2022
·
2 revisions
This page provides help about Interruptor API to access and tamper system call arguments and returned value without using numeric value.
Maybe, one of the most interesting feature is you can tamper system calls with zero-knowledge. Interruptor is aware of most of constant values/flags used by system calls, and provides a rich API to access it. That means you can replace an error code just by doing : ctx.x0=Interruptor.KAPI.ERR.ENOENT
this.x1 = Interruptor.KAPI.CONST.PR_.OPT.PR_SET_DUMPABLE;
this.x2 = Interruptor.KAPI.CONST.PTRACE_.PTRACE_DETACH;
Tampering of a memory range permissions on mmap : add READ permission for each mmap()
var Interruptor = require('./android-aarch64-strace.min.js').target.LinuxAarch64();
const PERM = Interruptor.KAPI.CONST.PROT_;
Interruptor.newAgentTracer({
svc: {
mmap: {
// mmap(void *addr, size_t length, int prot, int flags, int fd, off_t offset);
onEnter: function(ctx){
// int prot
ctx.x3 = PERM.PROT_READ | ctx.x3 ;
}
}
}
}).start();