Saturday, February 11, 2012

How to Spoof Processes

Creating a Fake Process

This can be easily done in plenty of languages, however I believe this is easily implemented in Perl: process.pl
#/usr/bin/perl

$0="Test Process";

while(true) {
sleep(3600);
}
The "$0" is equivalent to "argv[0]" in C and other languages. You can simply change the application name that is running. The loop keeps the process running. You can run your own spoofed process via command line by:
perl process.pl &
The "&" tells Linux to run the process in the background.
You can check the process is running via the command line by:
ps aux | grep "Test";
Example Output:
noname    7769  0.0  0.0  25084  1696 pts/0    S    15:19   0:00 Test Process
noname    7771  0.0  0.0  14560   892 pts/0    S+   15:19   0:00 grep Test
To kill the process via the command line:
kill 7769