linux-rootkit

Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
git clone git://git.deurzen.net/linux-rootkit
Log | Files | Refs
commit 52bcf9708dedc609778bdd9165367fc300ffbc64
parent 2bdcdd4923ffe6536e251d50f38856835e69fdc8
Author: deurzen <m.deurzen@tum.de>
Date:   Sat, 21 Nov 2020 14:05:19 +0100

adds test rule

Diffstat:

MMakefile | 18+++++++++---------


Acheck_pingpong.py | 39+++++++++++++++++++++++++++++++++++++++


2 files changed, 48 insertions(+), 9 deletions(-)

diff --git a/Makefile b/Makefile
@@ -25,21 +25,21 @@ build:
 clean:
 	@make -C $(KERNELDIR) M=$(PWD) clean
 
-test: debug
-test: remove
-test: clear_dmesg
-test: install
-test: dmesg
+test: debug remove clear_dmesg install
+	-@sudo ./check_pingpong.py /proc/g7rkp
+	-@dmesg
 
-install: remove
-	@sudo insmod ./$(TARGET).ko
+.PHONY: install
+install:
+	-@sudo insmod ./$(TARGET).ko
 
+.PHONY: remove
 remove:
-	@sudo rmmod $(TARGET)
+	-@sudo rmmod $(TARGET)
 
 .PHONY: clear_dmesg
 clear_dmesg:
-	@sudo dmesg -c >/
+	@sudo dmesg -c >/dev/null
 
 .PHONY: dmesg
 dmesg:
diff --git a/check_pingpong.py b/check_pingpong.py
@@ -0,0 +1,39 @@
+#!/usr/bin/env python3
+
+import fcntl
+import os
+import unittest
+import argparse
+import sys
+
+IOCTL_PING = 0xc0084000
+IOCTL_INVALID = IOCTL_PING + 1
+
+proc_fd = None
+
+class TestIOCTLPing(unittest.TestCase):
+    def test_ping(self):
+        arg = b"PING"
+        res = fcntl.ioctl(proc_fd, IOCTL_PING, arg)
+        self.assertEqual(res, b"PONG")
+
+    def test_duck(self):
+        arg = b"DUCK"
+        res = fcntl.ioctl(proc_fd, IOCTL_PING, arg)
+        self.assertEqual(res, b"DUCK")
+
+    def test_invalid(self):
+        with self.assertRaises(IOError):
+            fcntl.ioctl(proc_fd, IOCTL_PING, 0)
+
+    def test_invalid2(self):
+        with self.assertRaises(IOError):
+            fcntl.ioctl(proc_fd, IOCTL_INVALID, 0)
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser()
+    parser.add_argument("proc_file")
+    args, remaining = parser.parse_known_args()
+    proc_fd = os.open(args.proc_file, os.O_RDWR)
+
+    unittest.main(argv=[sys.argv[0]] + remaining)