This is my first x64 ELF infector written in full Assembly. It’s contains a non destructive payload and will infect other ELF (PIE is also supported) on current directory only and not recursively. It uses
PT_NOTE to PT_LOAD infection technique.
Assemble it with FASM x64.
$ fasm Linux.Midrashim.asm flat assembler version 1.73.25 (16384 kilobytes memory, x64) 3 passes, 2631 bytes. $ file Linux.Midrashim ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, stripped $ sha256sum Linux.Midrashim 8f1a835ad6f5c58b397109e28409ec0556d6d374085361c6525f73d5ca5785eb Linux.Midrashim