fixes watchpoint removal bug - linux-rootkit - Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)

commit 470809bbacf6cf52d58989c09e928acf1a44204f
parent aa6c741ebfba47ef4eb17e9ceb982c3e0c5f80bd
Author: deurzen <m.deurzen@tum.de>
Date:   Sat,  6 Feb 2021 22:57:50 +0100

fixes watchpoint removal bug

Diffstat:
M project/extract_sizeret.py  | 8 +++++---

1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/project/extract_sizeret.py b/project/extract_sizeret.py
@@ -232,11 +232,12 @@ class FreeBreakpoint(gdb.Breakpoint):
             return False
 
         if address in watchpoints:
-            print("Deleting watchpoint")
-            n_watchpoints = n_watchpoints - len(watchpoints[address])
-
             for watchpoint in watchpoints[address]:
+                print("Deleting watchpoing on", watchpoint.current_chain, "which is at", hex(address))
                 watchpoint.delete()
+                n_watchpoints -= 1
+
+            del(watchpoints[address])
 
         if address in mem_map:
             if debug:
@@ -264,6 +265,7 @@ class WriteWatchpoint(gdb.Breakpoint):
             self.initial_values.append(self.get_value(current_chain))
 
         print("Setting watchpoing on", current_chain, "which is at", hex(address))
+        self.current_chain = current_chain
         gdb.Breakpoint.__init__(self, current_chain, internal=True, type=gdb.BP_WATCHPOINT)
 
     def stop(self):

	linux-rootkit Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
	git clone git://git.deurzen.net/linux-rootkit
	Log \| Files \| Refs