{
	"id": "f65e5d16-4f57-44cc-ba8b-79ead164dc24",
	"created_at": "2026-04-06T00:09:00.458645Z",
	"updated_at": "2026-04-10T03:20:50.924868Z",
	"deleted_at": null,
	"sha1_hash": "88c756d8b0a5059ec3a3d1108bdac22d5f4c66df",
	"title": "Code injection in running process using ptrace",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 298269,
	"plain_text": "Code injection in running process using ptrace\r\nBy shashank Jain\r\nPublished: 2024-08-30 · Archived: 2026-04-05 22:45:18 UTC\r\n2 min read\r\nJul 26, 2018\r\nExtending the story of shell code injection (https://medium.com/@jain.sm/shell-code-exploit-with-buffer-overflow-8d78cc11f89b), we showcase a simple example of using ptrace to exploit a running process. Shell code\r\nis binary code injected into a running process using ptrace system calls.\r\nPtrace is a system call which can be used to debug/modify another process. We need specific privileges to run\r\nptrace though.\r\nThe exploit is explained as below\r\n1. We create a program which takes as input a pid of the running process and uses PTRACE_ATTACH to attach to\r\na running process. The callee is stopped and caller now is in control.\r\n2. After attaching we get the registers of the running process using PTRACE_GETREGS. This will also return the\r\ninstruction pointer, so we know where the callee is in terms of instruction execution.\r\n3. We inject the shell code at the point the RIP (instruction pointer) is. So if we see the inject_code method above ,\r\nwe see usage of PTRACE_POKETEXT call which takes as input pid of the callee, target location (will be RIP of\r\ncallee process), source (shell code)\r\nIn this example we are not giving control back to the callee.\r\nCode of the caller is shown below\r\nhttps://medium.com/@jain.sm/code-injection-in-running-process-using-ptrace-d3ea7191a4be\r\nPage 1 of 2\n\nSource: https://medium.com/@jain.sm/code-injection-in-running-process-using-ptrace-d3ea7191a4be\r\nhttps://medium.com/@jain.sm/code-injection-in-running-process-using-ptrace-d3ea7191a4be\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://medium.com/@jain.sm/code-injection-in-running-process-using-ptrace-d3ea7191a4be"
	],
	"report_names": [
		"code-injection-in-running-process-using-ptrace-d3ea7191a4be"
	],
	"threat_actors": [],
	"ts_created_at": 1775434140,
	"ts_updated_at": 1775791250,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/88c756d8b0a5059ec3a3d1108bdac22d5f4c66df.pdf",
		"text": "https://archive.orkl.eu/88c756d8b0a5059ec3a3d1108bdac22d5f4c66df.txt",
		"img": "https://archive.orkl.eu/88c756d8b0a5059ec3a3d1108bdac22d5f4c66df.jpg"
	}
}