IOTTMCO

Intuitively Obvious to the Most Casual Observer

Injecting code into a running program

This trick may not be widely applicable - it’s rarely the case (at least in my experience) that it’s too difficult or inconvenient to shut a program down, and its behaviour must be modified live. Sometimes, though, it’s useful to be able to execute a piece of code from within a runing application, whether to test a security policy or just to quickly swap out window managers without any applications closing.

As always, gdb comes to the rescue. No debugging symbols are needed as long as we don’t actually need to use any data structures or functions in the program itself.

~ gdb -p 12345 /usr/bin/myprog
... (copyright stuff)
Attaching to process 12345
Reading symbols from /usr/bin/myprog...(no debugging symbols found)...done
... (more errors about shared library symbols not being found)
(gdb) call execl("/bin/ls", "ls", 0)

Of course that particular instruction is next to worthless in practice, but more complicated actions (bind and listening on a socket to test security settings, for instance) can easily be entered in the same way.