The traditional way of doing this on Linux would be to create a dynamic library (.so) with your code in it, then separately force the loading of your library into the running application. There is no one-stop shop as there is with CreateRemoteThread on Windows.
So here are the basic steps:
- Create a dylib/so that contains the code you wish to execute in the remote process.
- Write some very simple code in assembly that loads the specified so file (mainly copy and paste from this link, part 1).
- Embed said loader ASM as a binary payload in a buffer in a 2nd code file/app. Here you will use
ptrace to run the binary payload written in step 2, which will trigger the target app to call _dl_open() on the .so created in step 1, which contains the actual code you wish to run. (Sample given in the same link, part 2.)
If you need your code to run in a separate thread from the main pump, then you should use pthread_create in the code in step 1.
Hope this answers your question. Yes, it's more involved than on Windows; but it should work equally well. Plus, you can reuse just about the entire code from steps 2 and 3 for future remote code injection projects.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
