PPT Slide
Modern hijackers rewrite their target’s code
We use the Paradyn DynInst dynamic program rewriting library
- API for inserting new code into a running process
- Originally designed for adding peformance profiling
- The Hijacker uses it to redefine the system call
layer of the hijacked process