Skip to content

En14c/PIvirus

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 
 
 

Repository files navigation

PIvirus

PIvirus is a proof of concept for infecting linux x86_64 ELF binaries using PLT redirection technique

How it works

  • the virus looks for fclose function and hijacks it with a function that writes garbage from the stack to the stdout

  • the virus will infect x86_64 ELF binaries with the type [ ET_DYN || ET_EXEC ]

  • parasite injection is done by extending the text segment

  • PLT redirection happens at runtime and the virus is able to handle binaries which does not apply lazy binding

Usage

#./pivirus [ target directory ]

PIvirus-demo

License

MIT