Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Execute a file instead of code fragments #25

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Execute a file instead of code fragments #25

wants to merge 3 commits into from

Conversation

russkel
Copy link

@russkel russkel commented Jul 25, 2024
edited
Loading

You can now inject a python script path. This seemed easier to manage than trying to get my scripts as arguments on the command line.

Platforms other than Linux are not tested.

kmaork
kmaork requested changes Jul 25, 2024
View reviewed changes
hypno/api.py
@@ -49,3 +50,34 @@ def inject_py(pid: int, python_code: AnyStr, permissions=0o644) -> None:
finally:
if path is not None and path.exists():
path.unlink()

def inject_py_script(pid: int, python_script: Path, permissions=0o644) -> None:
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Much of the logic here is duplicated from above. I think it might be better to keep it as one function, inject_py, and check isinstance(python_code, Path) to determine the logic. Also, I think that instead of modifying injection.c, it would be easier to just read the given file here, and use the contents as code.

Copy link
Author

@russkel russkel Jul 25, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If a large script is provided then it will overflow. Also relative imports will not work as expected either presumably. To me it made sense to use the Python API file parsing and execution instead of shoehorning the code into the lib?

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah I agree about the advantages, but ideally I'd want to enocunter all possible errors before the injection, so they happen in python and not in C in the target process. I also wonder permission-wise, if it's better to use the injector process permissions or the injectee's permissions (and fs, btw, see #18). I will hopefully have more time to think about it later.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah I agree about the advantages, but ideally I'd want to enocunter all possible errors before the injection, so they happen in python and not in C in the target process.

Are there more errors this way? I am not sure I understand where the source of errors you're concerned about is.

As for Docker, I am already running into some issues running from within the container and being able to open libc.so. Containerisation always makes things complicated 😅

@kmaork
Copy link
Owner

kmaork commented Jul 25, 2024
edited
Loading

Thanks for the feature! I fixed CI on master, you can update your branch

@russkel russkel changed the title Inject a file instead of code fragments Execute a file instead of code fragments Jul 25, 2024
@russkel
Copy link
Author

russkel commented Jul 29, 2024

Not sure what is going on with the alpine, Mac and Windows tests. Something is causing the process to segfault in some cases, groan.

@kmaork
Copy link
Owner

kmaork commented Jul 30, 2024

I'm flying abroad, so sadly I can't help right now, would love to help merge this whenever I can

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kmaork kmaork kmaork requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@russkel @kmaork