phook is a userspace tool that injects code into any application at run-time using ptrace(). The project has a modular design to allow one use different plugins to make the target application do whatever is wanted. Default plugins are able to read and write into file descriptors belonging to other applications and to clean zombie processes.
phook accepts by default the following command-line options:
./phook -p|--pid PID -f|--fd FD [ -w|--write STRING | -l|--load PLUGIN_NAME
-r|--read NUM_BYTES -o|--output FILE [ -t|--timeout TIMEOUT ] ]
You have to choose either --read, --write or --load.
--write STRING * Write the string STRING to the file descriptor specified by --fd
--read NUM_BYTES * Read NUM_BYTES bytes from the file descriptor specified by --fd
--load PLUGIN_NAME * Use the plugin PLUGIN_NAME. Command line options depends upon the plugin.
When using --read or --write, the following options are mandatory (M):
M) --pid * The pid of the target application
M) --fd * The file descriptor you want to read/write from/to
With --read, you have the following options, which might be mandatory (M) or optional (O):
M) --output * Write the data stolen from the file descriptor to this output file
O) --timeout * Wait for data for the specified amount of seconds (integer). If timeout is 0, the plugin will wait *FOREVER*.
!!! IMPORTANT NOTE: WHILE READING FROM A FILE DESCRIPTOR, YOUR APPLICATION WILL HANG* UNTIL DATA IS RECEIVED OR THE TIMEOUT EXPIRES.
!!! REMEMBER THAT YOU ARE ACTUALLY STEALING DATA FROM THE FILE DESCRIPTOR AND THIS MEANS THAT YOUR TARGET APPLICATION WON'T BE ABLE TO READ THE DATA YOU'VE "STOLEN".
THIS CAN MAKE YOUR APPLICATION UTTERLY FAIL IN AN UNEXPECTED WAY.
What's New in This Release:
· A plugin that reads from a file descriptor of another process without blocking it has been added, as well as a general purpose cleaner of zombie processes.