Let me give you a small gift before moving my ass to Paris to attend and present at NoSuchCon.
Hydra is sample code of a kernel extension that will intercept process creation, suspend, and communicate it to a userland daemon that will be in charge of patching the application.
It uses the process hijacking technique I described at SyScan presentation. Instead of injecting a library it leaves the process in a suspended state and makes its PID available for the userland daemon.

By admin