Inject code into remote python process.
Report Bug
·
Request Feature
Table of Contents
Resolve ELF symbol table, find PyGILState_Ensure, PyRun_SimpleString and PyGILState_Release function address, then call them in remote process by using ptrace.
The above API are non-reentrant functions, may stop the process forever cause by deadlock.
- CMake
curl https://github.com/Kitware/CMake/releases/download/v3.21.0/cmake-3.21.0-linux-x86_64.sh | sh
- Clone the repo
git clone https://github.com/bytedance/Elkeid.git
- Update submodule
git submodule update --init --recursive
- Build shellcode
make -C shellcode
- Build injector
mkdir -p build && cd build && cmake .. && make
usage: python_inject [options] pid(int) script(string) ... extra ...
positional:
pid process id(int)
script python script(string)
optional:
-?, --help print help message
-f, --file eval script from fileInject script:
./python_inject $(pidof python) "print('hello world')"See the open issues for a list of proposed features (and known issues).
Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Distributed under the Apache-2.0 License.
Bytedance - @bytedance
Project Link: https://github.com/bytedance/Elkeid