# psyscall

**Repository Path**: EulerRobot/psyscall

## Basic Information

- **Project Name**: psyscall
- **Description**: No description available
- **Primary Language**: Unknown
- **License**: Unlicense
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2021-03-23
- **Last Updated**: 2021-03-23

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# psyscall

Linux syscall() injection to external processes *in a portable fashion* using `ptrace(2)`.

Tested on x86 (Arch Linux & Ubuntu), ARMv7 (Android 6 & 7), MIPS (Debian), PPC64 (Debian).

Requires `echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope` (or root privileges).

Yes, this is just a proof of concept and silly toy.

## Examples

**Kill emacs as vim**
```
% ./psyscall `pidof vim` kill `pidof emacs` SIGTERM
[88] syscall(kill, 142, SIGTERM) = 0
```
j/k i don't have `emacs` installed.

**Drop root privileges**
```
% pidof wireshark
609
% sudo ./psyscall 609 getuid
[sudo] password for resilar:
[609] syscall(getuid) = 0
% sudo ./psyscall 609 setuid 1000
[609] syscall(setuid, 1000) = 0
% sudo ./psyscall 609 getuid
[609] syscall(getuid) = 1000
```

**Make `sleep` speak and exit with the code 42**
```
% sleep 60 &
[1] 123
% ./psyscall 123 write 1 \"foobar\" 6
foobar[123] syscall(write, 1, "foobar", 6) = 6
% ./psyscall 123 exit 42
[123] syscall(exit, 42) = 42
[1]  + exit 42    sleep 60
% wait 123; echo $?
42
```

**Redirect stderr to /tmp/stderr.log and write getcwd() to it**
```
% touch /tmp/stderr.log
% ./psyscall 666 open '"/tmp/stderr.log"' O_RDWR
[666] syscall(open, "/tmp/stderr.log", O_RDWR) = 3
% ./psyscall 666 dup2 3 2
[666] syscall(dup2, 3, 2) = 2
% ./psyscall 666 mmap 0 0x1000 'PROT_READ|PROT_WRITE' 'MAP_PRIVATE|MAP_ANONYMOUS' -1 0
[666] syscall(mmap, 0, 0x1000, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd2f830b000
% ./psyscall 666 getcwd 0x7fd2f830b000 0x1000
[666] syscall(getcwd, 0x7fd2f830b000, 0x1000) = 24
% ./psyscall 666 write 2 0x7fd2f830b000 24
[666] syscall(write, 2, 0x7fd2f830b000, 24) = 24
% cat /tmp/stderr.log
/home/resilar/psyscall-target
```