Abstract: A parasite is defined as code that is injected into a host executable. There are many potential uses for parasite code: binary decryption, unpacking and copyright protection, to name a few. And the most common form of parasite is the virus. Development of feature rich Linux parasites is severely limited by the inability to reliably access functions external to the host file. This paper explores the dynamic linking mechanisms of the Executable and Linkable Format(ELF), and brings up a methodology that allows parasite code access to shared objects. The implementation of this methodology is presented.

Key words: parasite, Executable and Linkable Format(ELF), dynamic linking

摘要： 寄生程序是指注入到可执行文件中的程序代码，被广泛地应用在二进制文件加解密、版权保护等领域。病毒也是寄生程序的一种。Linux下的寄生程序很难利用宿主没有加载的动态连接库，使其功能受到很大限制。该文通过对ELF动态连接机制的研究，采用了一种寄生程序通过proc文件系统进行加载和利用动态库的方法，并对这种方法进行了实现。

关键词: 寄生程序, 可执行可连接文件格式, 动态连接

CLC Number: 

• TP393.03