liblibinject injects libraries into running processes and calls the provided code.

Using liblibinject is easy, it comes with a simple CLI implementation. To inject a library into a process using the implementation, use ./libinject [PID] [LIBRARY]

Help about the command line can be found with ./libinject --help

Library injection on GNU/Linux is much more involved than that on Windows systems. Windows developers may be familiar with the APIs that aid in code injection, namely WriteProcessMemory, VirtualAllocEx, and CreateRemoteThread. I described only three, but there are a number of other interfaces Windows exposes to manipulate processes making library injection trivial.

Unfortunately on Linux systems, there is only one way to manipulate processes -- through the ptrace(2) API. While what ptrace can do is limited, I am still able to manipulate the process into loading a library with some effort and a few clever tricks.

liblibinject depends on two APIs supplied by the OS to do its job: the ptrace(2) API, and on the function __libc_dlopen_mode supplied by glibc.

Using ptrace, we are able to modify the execution of running processes. First, ptrace is used to force the running process to create a code cave through mmap(2).

Through this code cave we can now inject code that will be ran by the process, such as calls to __libc_dlopen_mode, a clone of dlopen(2) that loads libraries.

You can of course understand the full picture by reading the documentation and code at src/liblibinject/liblibinject.cpp to get the non-simplified version of this process.

Everything included is licensed as GPLv3

Check COPYING for explanations