Code Monkey home page Code Monkey logo

Comments (3)

Hackerl avatar Hackerl commented on May 27, 2024

pangolin 只是单纯地将 elf 加载到目标进程中临时运行,所以你需要保证运行的 elf 与目标进程不会产生冲突。
Golang 自己会有复杂的 runtime,例如使用 tls 储存 g,信号抢占等行为,并不建议把 golang 注入到 golang 中,或者你自己开一下 gdb 分析一下原因。
另外一个值得注意的是,将 cpp 程序注入 golang,你最好重载 malloc 等函数,因为 brk syscall 会和 cgo 的 glibc 冲突,这里针对的是线程驻留行为,参考 Elkeid go-probe。

from pangolin.

Hackerl avatar Hackerl commented on May 27, 2024

还有另一点,你的两个 golang 程序的代码段可能重叠,重叠会覆盖原始进程代码段,肯定会段错误。要使用 pangolin 得至少保证 payload 和目标有一个是 pie,也就是开启了地址随机化,golang 可以使用编译参数开启。

from pangolin.

StinkyPeach avatar StinkyPeach commented on May 27, 2024

还有另一点,你的两个 golang 程序的代码段可能重叠,重叠会覆盖原始进程代码段,肯定会段错误。要使用 pangolin 得至少保证 payload 和目标有一个是 pie,也就是开启了地址随机化,golang 可以使用编译参数开启。

好的。感谢大佬答疑。我这边再处理下,调试调试。

from pangolin.

Related Issues (7)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.