I am working on reverse-engineering a linux program with a function that reads in configuration information from a file, and then passes this information to the program. However, after I fully exit the program, patch out this function and replace the binary, and run the program again, it still has the configuration information stored, but this storage does not persist between reboots. I am looking for how this program might be storing the information that it read in. I have already looked for temporary files, but it does not appear to be creating any new files related to the config data that I am looking for.
3
-
If you can really make sure that the program does not save configuration on its own (how do you do that? Completely new system like VM for testing?) then maybe the default configuration is already part of the program? Change the config and see what happens? Does it still persist?– secfrenCommented Mar 25, 2023 at 21:05
-
I tried different configs, and it persists. I have also isolated the behavior down to one function, which I know is saving the configuration, I am just not sure how. What would outlast the process that spawned it, but not the system rebooting?– Enzo DamatoCommented Mar 25, 2023 at 22:46
-
Sorry, I first thought it does persist config even after reboot. Either trace the program or compare everything before and after the program has been run (files, filesystem, memory). If you know which functions is responsible and you know it is the only way to get the configuration then take a closer look at the function? There seems to be more than one way to get the config when it still works even after you have removed the function.– secfrenCommented Mar 25, 2023 at 23:25
Add a comment
|