uncomments debug statement code - linux-rootkit - Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)

commit 0dc9b0c2ebdd4c2c30506d22064cf014e032b957
parent acc7201f6fe056a40dbee470be5f990aeccf1745
Author: deurzen <m.deurzen@tum.de>
Date:   Sun, 24 Jan 2021 01:15:43 +0100

uncomments debug statement code

Diffstat:
M mem_forensics/memcheck-gdb.py  | 6 +++---

1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/mem_forensics/memcheck-gdb.py b/mem_forensics/memcheck-gdb.py
@@ -771,9 +771,9 @@ class RkCheckFunctions(gdb.Command):
                 elf_bytes = [elf_byte for i, elf_byte in enumerate(elf_bytes) if i not in to_exclude]
                 live_bytes = [elf_byte for i, elf_byte in enumerate(live_bytes) if i not in to_exclude]
 
-            # if live_bytes != elf_bytes:
-            #     print(f"function `{name} compromised, live bytes not equal to ELF bytes")
-            #     print(f"expected: {elf_bytes}, live: {live_bytes}")
+            if live_bytes != elf_bytes:
+                print(f"function `{name} compromised, live bytes not equal to ELF bytes")
+                print(f"expected: {elf_bytes}, live: {live_bytes}")
 
     def get_v_addr(self, symbol):
         try:

	linux-rootkit Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
	git clone git://git.deurzen.net/linux-rootkit
	Log \| Files \| Refs