feat: added kill flag to just exit remote process

src/needle/main.rs

@@ -14,7 +14,7 @@ use executors::RemoteShellcode;
 use senders::RemoteString;
 use explorers::step_to_syscall;
 
-use crate::explorers::{find_libc, find_dlopen};
+use crate::{explorers::{find_libc, find_dlopen}, syscalls::RemoteExit};
 
 #[derive(Parser, Debug)]
 #[command(author, version, about, long_about = None)]
@@ -41,6 +41,10 @@ struct NeedleArgs {
 	/// path of libc shared object on disk, used to calculate symbol offset in ELF
 	#[arg(long)]
 	path: Option<PathBuf>,
+
+	/// instead of injecting a library, execute an exit syscall with code 69
+	#[arg(long, default_value_t = false)]
+	kill: bool,
 }
 
 fn nasty_stuff(args: NeedleArgs) -> Result<()> {
@@ -54,6 +58,12 @@ fn nasty_stuff(args: NeedleArgs) -> Result<()> {
 	let syscall = step_to_syscall(pid)?; // TODO no real need to step...
 	let original_regs = ptrace::getregs(pid)?; // store original regs to restore after injecting
 
+	if args.kill {
+		RemoteExit::args(69).exit(pid, syscall)?;
+		println!("Killed process #{}", args.pid);
+		return Ok(());
+	}
+
 	// move path to our payload into target address space
 	let tetanus = RemoteString::new(args.payload + "\0")
 		.inject(pid, syscall)?;

src/needle/syscalls.rs

@@ -102,6 +102,17 @@ impl RemoteExit {
 	pub fn args(code: i64) -> Self {
 		RemoteExit { code }
 	}
+
+	/// since the exit syscall will never return, normal inject() will always return an error.
+	/// calling this will just return success once the syscall has been invoked
+	pub fn exit(&mut self, pid: Pid, syscall: usize) -> Result<u64> {
+		let mut regs = ptrace::getregs(pid)?;
+		regs.rip = syscall as u64;
+		self.registers(&mut regs);
+		ptrace::setregs(pid, regs)?;
+		ptrace::step(pid, None)?;
+		Ok(self.code as u64)
+	}
 }
 
 impl RemoteSyscall for RemoteExit {