Hacker News new | past | comments | ask | show | jobs | submit login

The same thing on Windows can be done by essentially creating a process based on any file and then rewriting its contents in memory: https://stackoverflow.com/questions/305203/createprocess-fro...

As for the side-question of switching between 64 and 32 bit mode in the same process, this is classically known on Windows as "heaven's gate" and a similar technique on Linux seems possible too: https://gist.github.com/rqou/1a1834b784283add7955af430097311...




One could also exec any available 64 bit program and then overwrite all its memory with ptrace on Linux.


Correct but in lots of scenarios (containers etc) you cannot execute ptrace() but you can execute mmap(), mprotect(), read(), write() which is all you really need. Edit: and fork().

See something I published just a month ago: https://github.com/anvilsecure/ulexecve/


Decades ago i was make similar technique but also involving CreateRemoteThread or CreateRemoteThreadEx.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: