feat: added hooks for connect and socket in so

This commit is contained in:
əlemi 2023-03-28 21:06:28 +02:00
parent d3f08ba22a
commit dadf81831c
Signed by: alemi
GPG key ID: A4895B84D311642C
2 changed files with 35 additions and 0 deletions

View file

@ -17,6 +17,7 @@ path = "src/needle/main.rs"
[dependencies] [dependencies]
clap = { version = "4.1.13", features = ["derive"] } clap = { version = "4.1.13", features = ["derive"] }
ctor = "0.1.26" ctor = "0.1.26"
retour = "0.1" # plain detour doesn't work on latest nightly? idk
elf = "0.7.2" elf = "0.7.2"
nix = "0.26.2" nix = "0.26.2"
proc-maps = "0.3.0" proc-maps = "0.3.0"

View file

@ -1,4 +1,38 @@
use std::{error::Error, ffi::c_int};
use nix::libc::{socklen_t, sockaddr};
use retour::static_detour;
static_detour! {
static SOCKET_HOOK : unsafe extern "C" fn(i32, i32, i32) -> i32;
static CONNECT_HOOK : unsafe extern "C" fn(c_int, *const sockaddr, socklen_t) -> c_int;
}
fn add_hooks() -> Result<(), Box<dyn Error>> {
unsafe {
SOCKET_HOOK.initialize(nix::libc::socket, |dom, tp, proto| {
eprintln!("caught socket({}, {}, {}) call", dom, tp, proto);
SOCKET_HOOK.call(dom, tp, proto)
})?;
SOCKET_HOOK.enable()?;
CONNECT_HOOK.initialize(nix::libc::connect, |fd, info, len| {
eprintln!("caught connect({}, ??, {}) call", fd, len);
CONNECT_HOOK.call(fd, info, len)
})?;
CONNECT_HOOK.enable()?;
}
Ok(())
}
#[ctor::ctor] #[ctor::ctor]
fn constructor() { fn constructor() {
println!("Infected!"); println!("Infected!");
if let Err(e) = add_hooks() {
eprintln!("[!] Could not add hooks : {}", e);
}
} }