Wednesday, March 17, 2010

When Memory Injection Sucks

Hi Folks,
during last few days I utilized a self-made tool to inject shellcode into process. I must be sincere.. it has been a while since I didn't use it ... maybe a year ? But it always worked great. I injected tons of shellcode on processes, at the beginning for studying (aka homework) and then for research purposes (aka for work). Well, today on BackTrack 4 it doesn't work anymore. That surprised me.

The script uses ptrace() API, and like Malaria or shellInjector writes back to IP the entire shellcode. So far I have no idea what happened and why it wont work anymore. The displayed error is: POKETEXT Input/Output. I attache here the screenshot of the issue.




Suggestions ? Someone know what happens ? Maybe a kernel restriction ? Please leave a comment if you know what changed during last year :D. thank you .

3 comments:

Anonymous said...

i easily love all your writing taste, very helpful.
don't give up and keep penning since it just good worth to follow it.
looking forward to browse through a whole lot more of your stories, regards!

Roezer said...

Sorry commented on the Wrong post I am used to the Comment box at the Bottom it's on the steve jobspost

Marco Ramilli said...

@Anonymous. Thank you !
@ Roezer. Do you think BT4 uses ORCHIDIS ?

Thank you for your suggestion