Comment by stackghost

7 hours ago

Hey you know what, I've used dd to write into process memory but haven't actually used it to disable KASLR, so it's possible I am misremembering. My bad.

3 comments

stackghost

Reply
dominicq  7 hours ago

:(

Sounds super 1337 and I hope it's actually possible somehow.

  • aa-jv  7 hours ago

    Parse /proc/<pid>/maps to find the relevant target_addr in your process-under-attack. And then its a matter of:

        $ dd if=shellcode.bin of=/proc/<pid>/mem bs=1 seek=$((target_addr)) ...

    See also: DDExec

    https://github.com/arget13/DDexec

    • jeffbee  32 minutes ago

      What legitimate purpose does this feature serve? Why should a process be able to write into the virtual memory of another process?