def inject_with_linux_inject(pid=str):
scriptdirectory = SysUtils.get_current_script_directory()
injectionpath = scriptdirectory + "/Injection/InitialCodeInjections.so"
if is_32bit:
result = pexpect.run("sudo ./inject32 -p " + pid + " " + injectionpath, cwd=scriptdirectory + "/linux-inject")
else:
result = pexpect.run("sudo ./inject -p " + pid + " " + injectionpath, cwd=scriptdirectory + "/linux-inject")
print(result) # for debug
if search(b"successfully injected", result): # literal string
return True
return False
def attach(pid=str, injection_method=0):
global currentpid
global child
global infinite_thread_location
global infinite_thread_id
global codes_injected
SysUtils.create_PINCE_IPC_PATH(pid)
currentdir = SysUtils.get_current_script_directory()
child = pexpect.spawnu('sudo LC_NUMERIC=C gdb --interpreter=mi', cwd=currentdir)
child.setecho(False)
child.logfile=open(SysUtils.get_gdb_async_file(pid),"w")
# a creative and meaningful number for such a marvelous and magnificent program PINCE is
child.timeout = 900000
child.expect_exact("(gdb)")
# gdb scripts needs to know PINCE directory, unfortunately they don't start from the place where script exists
send_command('set $PINCE_PATH=' + '"' + currentdir + '"')
send_command("source gdb_python_scripts/GDBCommandExtensions.py")
if injection_method is 1: # linux-inject
codes_injected = inject_with_linux_inject(pid)
send_command("attach " + pid + " &")
send_command("interrupt")
currentpid = int(pid)
if injection_method is 0: # simple dlopen call
injectionpath = currentdir + "/Injection/InitialCodeInjections.so"
codes_injected = inject_with_dlopen_call(injectionpath)
if codes_injected:
# address_table_update_thread = PINCE.UpdateAddressTable(pid) # planned for future
# address_table_update_thread.start()
result = send_command("call inject_infinite_thread()")
filtered_result = search(r"New Thread\s*0x\w+", result) # New Thread 0x7fab41ffb700 (LWP 7944)
send_command("c &")
# Return True if the injection is successful, False if not
if not filtered_result:
return False
threadaddress = split(" ", filtered_result.group(0))[-1]
match_from_info_threads = search(r"\d+\s*Thread\s*" + threadaddress,
send_command("info threads")).group(0) # 1 Thread 0x7fab41ffb700
infinite_thread_id = split(" ", match_from_info_threads)[0]
infinite_thread_location = threadaddress
send_command("thread " + infinite_thread_id)
send_command("interrupt")
# send_command("call inject_table_update_thread()") # planned for future
else:
send_command("source gdb_python_scripts/on_code_injection_failure")
send_command("c &")
return codes_injected
