Note
Search…
linux无文件执行elf
1
#include <stdio.h>
2
#include <stdlib.h>
3
#include <string.h>
4
#include <fcntl.h>
5
#include <unistd.h>
6
#include <linux/memfd.h>
7
#include <sys/syscall.h>
8
#include <errno.h>
9
10
int anonyexec(const char *path, char *argv[])
11
{
12
int fd, fdm, filesize;
13
void *elfbuf;
14
char cmdline[256];
15
16
fd = open(path, O_RDONLY);
17
filesize = lseek(fd, SEEK_SET, SEEK_END);
18
lseek(fd, SEEK_SET, SEEK_SET);
19
elfbuf = malloc(filesize);
20
read(fd, elfbuf, filesize);
21
close(fd);
22
fdm = syscall(__NR_memfd_create, "elf", MFD_CLOEXEC);
23
ftruncate(fdm, filesize);
24
write(fdm, elfbuf, filesize);
25
free(elfbuf);
26
sprintf(cmdline, "/proc/self/fd/%d", fdm);
27
argv[0] = cmdline;
28
execve(argv[0], argv, NULL);
29
free(elfbuf);
30
return -1;
31
}
32
33
int main()
34
{
35
char *argv[] = {"/bin/name", "-a", NULL};
36
int result =anonyexec("/bin/name", argv);
37
return result;
38
}
Copied!
Last modified 2yr ago
Copy link