What is this 257? In kernel-2.6.32 will not return 257.

Question

What is this 257? In kernel-2.6.32 will not return 257.

laobulang opened this issue a year ago · comments

laobulang commented a year ago

Hello, I hope to get help, I have a problem with the test under centos6.10, kernel 2.6.32

num = ptrace(PTRACE_PEEKUSER, target_pid, ORIG_RAX * 8, NULL);
if(num ==257){

What is this 257? In kernel-2.6.32 will not return 257.
How much should be returned in kernel-2.6.32?

9bie · Answer 1 · Tue Mar 07 2023 10:23:28 GMT+0800 (China Standard Time)

The value of the system call number of openat is 257. Some ancient systems use the open call, and its value is 2, so there will be two values of 257 and 2 in the project.
The function of this value is to determine whether the sshd process has opened the flag file to determine whether it is time to inject

laobulang · Answer 2 · Tue Mar 07 2023 11:59:34 GMT+0800 (China Standard Time)

Hello, I changed to 2 and it still can’t work normally, do you have time to debug?
Unable to reach if(strstr(path,libsystemd)){, centos6.10 will not load login.defs when logging in, but I changed it to libpam.so, although it will arrive, it still fails

laobulang · Answer 3 · Tue Mar 07 2023 12:07:34 GMT+0800 (China Standard Time)

centos6.10 don't use openat for openssh