docs: added README

README.md

@@ -0,0 +1,35 @@
+# pox
+Pox is an infection framework for processes, with tools to manipulate the remote address space.
+
+Pox is built with the PTRACE syscall, so its limited to Linux/BSD systems.
+
+## Usage
+Pox itself is a crate providing features to execute remote syscalls, inject remote strings, monitor remote execution and find memory mappings.
+Most features can be individually selected while including this crate in your project: `[locator, monitor, rc]`.
+
+Additionally, with the `bin` feature, a sample infection binary will be produced: `vector`.
+
+### Vector
+Vector can infect running processes, invoking `dlopen()` remotely and loading a shared object.
+It will only work on binaries with glibc linked (no musl support yet).
+It can both attack a running process (probably will require root privileges) or spawn a child process and infect it.
+
+Vector will:
+ * find a syscall instruction and use it to execute remote actions
+ * invoke a remote mmap to allocate a string
+ * write shared object path in allocated string
+ * calculate dlopen address from system glibc and procmaps
+ * force set registers and execute dlopen with previously injected path
+ * resume process
+
+## Status
+Pox is still under development. I'm building this to explore Linux OS, processes and memory.
+
+# Author notes
+This could potentially be used to produce malware, since it helps introduce extraneous libraries into running processes.
+However, I believe it's still fine to opensource this:
+ * The injection method is pretty old, described on [Phrack](http://phrack.org/issues/59/8.html) in 2002.
+ * This only works on Linux/BSD
+ * On most most modern systems, PTRACE can't attach other processes if not run from root
+ * There are other available projects doing the same thing
+