Skip to content

En14c/PIvirus

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits

Makefile

Makefile

 
 

README.md

README.md

 
 

hostile.asm

hostile.asm

 
 

pivirus.c

pivirus.c

 
 

Repository files navigation

PIvirus

PIvirus is a proof of concept for infecting linux x86_64 ELF binaries using PLT redirection technique

How it works

  • the virus looks for fclose function and hijacks it with a function that writes garbage from the stack to the stdout

  • the virus will infect x86_64 ELF binaries with the type [ ET_DYN || ET_EXEC ]

  • parasite injection is done by extending the text segment

  • PLT redirection happens at runtime and the virus is able to handle binaries which does not apply lazy binding

Usage

#./pivirus [ target directory ]

PIvirus-demo

License

MIT

About

sample linux x86_64 ELF virus

Topics

c linux security virus parasites assembly x86-64 elf code-injection infection elf-parser nasm-assembly elf-binaries

Resources

Readme
Activity

Stars

52 stars

Watchers

3 watching

Forks

22 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages