1*3cc6d201SDavid Wang# A silly experiment to add kernel interface for changing virtual memory layout for any pid. 2*3cc6d201SDavid Wang 3*3cc6d201SDavid Wang> Linux kernel only support changing mmaps for `current` process, for good reason, I think. 4*3cc6d201SDavid Wang> This silly attempt is to add kernel function for mremap any process, thus the `spirit` of one simple memory program could be injected into another program by a `muggle`. 5*3cc6d201SDavid Wang 6*3cc6d201SDavid Wang## Kernel change 7*3cc6d201SDavid Wang 8*3cc6d201SDavid Wang> The change is only experimental, only necessary parts involving `current` is changed, and a new interface is added for other module to exporse to user space. 9*3cc6d201SDavid Wang 10*3cc6d201SDavid Wang## Driver module 11*3cc6d201SDavid Wang 12*3cc6d201SDavid Wang> Supply `ioctl` interface to connect user space request with kernel mremap. 13*3cc6d201SDavid Wang 14*3cc6d201SDavid Wang## extract 15*3cc6d201SDavid Wang 16*3cc6d201SDavid Wang> Collect program's memory layout/content and registers, and save it. 17*3cc6d201SDavid Wang 18*3cc6d201SDavid Wang* /proc/[pid]/maps ---- mem layout 19*3cc6d201SDavid Wang* /proc/[pid]/mem ---- mem content 20*3cc6d201SDavid Wang* ptrace PTRACE_PEEKUSER PTRACE_GETREGSET ---- register collect 21*3cc6d201SDavid Wang 22*3cc6d201SDavid Wang 23*3cc6d201SDavid Wang 24*3cc6d201SDavid Wang## inject 25*3cc6d201SDavid Wang 26*3cc6d201SDavid Wang> convert a existing program, inject the `spirit` from other program 27*3cc6d201SDavid Wang 28*3cc6d201SDavid Wang* /dev/ptracexx ---- change memlayout 29*3cc6d201SDavid Wang* ptrace PTRACE_POKEDATA ---- write back memory content 30*3cc6d201SDavid Wang* ptrace PTRACE_POKEUSER PTRACE_SETREGSET ---- restore registry 31*3cc6d201SDavid Wang 32*3cc6d201SDavid Wang 33