Playing with ptrace() for fun and profit

ptrace is one of the least documented and most obscure syscall available on Linux. The SunOS man page event describes ptrace() as "unique and arcane" and this is partly right.

This report presents the ptrace undocumented features, why theses options are interesting and how to use them when injecting code into processes.

Finally, we present multiple use-cases based on ptrace(), among one showing an evasion attack of the applicative firewall NuFW.

• Slides (PDF, in French)
• Published paper (PDF, in French)