Linux EXE Wrapper

• Modify sys_execve call in kernel

  • Alternation between wrapper and exe
  • Small very wrapper executable
  • Talk to permanent process (locked in core, IPC comms, state maintained)
  • Wrapper execs other program

• Cover traces of wrapper (limited)

  • Processes don't show up
  • Timing has to be quite fast
  • Error conditions have to be well handled

Notes: