USAGE: phook accepts by default the following command-line options: ./phook -p|--pid PID -f|--fd FD [ -w|--write STRING | -l|--load PLUGIN_NAME -r|--read NUM_BYTES -o|--output FILE [ -t|--timeout TIMEOUT ] ] You have to choose either --read, --write or --load. --write STRING * Write the string STRING to the file descriptor specified by --fd --read NUM_BYTES * Read NUM_BYTES bytes from the file descriptor specified by --fd --load PLUGIN_NAME * Use the plugin PLUGIN_NAME. Command line options depends upon the plugin. When using --read or --write, the following options are mandatory (M): M) --pid * The pid of the target application M) --fd * The file descriptor you want to read/write from/to With --read, you have the following options, which might be mandatory (M) or optional (O): M) --output * Write the data stolen from the file descriptor to this output file O) --timeout * Wait for data for the specified amount of seconds (integer). If timeout is 0, the plugin will wait *FOREVER*. !!! IMPORTANT NOTE: WHEN READING FROM A FILE DESCRIPTOR YOUR APPLICATION WILL **HANG** UNTIL DATA IS RECEIVED OR THE TIMEOUT EXPIRES. !!! REMEMBER THAT YOU ARE ACTUALLY **STEALING** DATA FROM THE FILE DESCRIPTOR AND THIS MEANS THAT YOUR TARGET APPLICATION **WON'T** BE ABLE TO READ THE DATA YOU'VE "STOLEN". THIS CAN MAKE YOUR APPLICATION UTTERLY FAIL IN AN UNEXPECTED WAY. Well, let's start from a quite simple real example: you want to write into a network socket belonging to kvirc (which is a graphical IRC client). $ ls -al /proc/`pidof kvirc`/fd | grep socket | cut -d " " -f 7- 22:23 12 -> socket:[715784] 22:23 13 -> socket:[762765] 22:23 3 -> socket:[715725] 22:23 4 -> socket:[715727] 22:23 9 -> socket:[715732] ^ ^ |____ INODES File descriptors 12, 13, 3, 4 and 9 are sockets, but we're only interested in tcp sockets. $ SOCKETS="$(ls -al /proc/`pidof kvirc`/fd | egrep -o "socket:[[[:digit:]]+" | cut -d \[ -f 2)" $ egrep "`echo $SOCKETS | tr " " "|"`" /proc/net/tcp 11: xxxxxxxx:E432 yyyyyyyy:1A0B 01 00000000:00000000 00:00000000 00000000 1000 0 715784 1 caae5800 69 10 30 2 100 13: xxxxxxxx:826E zzzzzzzz:1A0C 01 00000000:00000000 00:00000000 00000000 1000 0 762765 1 caae5400 74 10 30 2 2 ^ ^ | tcp INODES ______________| We can see a connection from xxxxx, port E432 (58418), to yyyy, port 1A0B (6667) and another connection from xxxx, port 826E (33390), to zzzz, port 1A0C (6668). Numbers are in hexadecimal, just convert them with a calculator, for example using bc: $ bc ibase=16 e432 58418 1A0B 6667 Netstat may also be really useful: $ netstat -A inet -p kvirc -n | grep kvirc tcp 0 0 xx.xx.xx.xx:58418 yyy.yyy.yyy.yyy:6667 ESTABLISHED3984/kvirc tcp 0 0 xx.xx.xx.xx:33390 zzz.zzz.zzz.zzz:6668 ESTABLISHED3984/kvirc We want to write to the socket connected to zzz.zzz.zzz.zzz:6668, and so the inode we're looking for is: 762765 (see the line prefixed by "13: " above) As we can see here: 13 -> socket:[762765] 13 is the socket number associated to inode 762765. Finally we will start phook in WRITE MODE: $ ./phook -p `pidof kvirc` -f 13 -w " privmsg mynickonirc :wo, i'm writing this message from the console " Note how the " are used in order to send newlines to the irc server. READ MODE works pretty much the same: $ ./phook -p `pidof kvirc` -f 13 -r 1024 -o /tmp/blah -t 5 Here we're reading a maximum of 1024 bytes from file descriptor 13, with a timeout of 5 seconds. If data is available within this amount of time, it will be placed into the file /tmp/blah. If no data is received the time expires and NO OUTPUT files will be created. **** REMEMBER TO SET A REASONABLE TIMEOUT SINCE WITH THE DEFAULT READ PLUGIN [not the forking one] YOUR APPLICATION WILL ELSE HANG UNTIL DATA IS RECEIVED. THE DEFAULT TIMEOUT IS ZERO, WHICH MEANS THAT THE APPLICATION WILL WAIT FOR SOME DATA FOREVER !!! ****