tracepoint -> watchpoint - linux-rootkit - Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)

commit 84e8a6445c2256de1c465cc9186fd649c93f1451
parent cc48337599c5d9eef110b8be3fec2f7af3bbb6fe
Author: Tizian Leonhardt <tizianleonhardt@web.de>
Date:   Mon,  8 Feb 2021 00:11:56 +0100

tracepoint -> watchpoint

Diffstat:
M project/extract_sizeret.py  | 4 ++--

1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/project/extract_sizeret.py b/project/extract_sizeret.py
@@ -65,7 +65,7 @@ size_at_entry = None
 class DebugLevel(IntEnum):
     __order__ = 'WARN INFO TRACE'
     WARN = 0 # warn when critical fields (in this case task_struct->cred.uid) change to suspicious values
-    INFO = 1 # show tracepoint additions
+    INFO = 1 # show watchpoint additions
     TRACE = 2 # show every memory allocation
 
 debug_level = DebugLevel.INFO
@@ -159,7 +159,7 @@ class EntryExitBreakpoint(gdb.Breakpoint):
         (size, address) = extret
 
         mem_map[address] = (type, size, caller)
-        
+
         if type[7:] in watch_write_access_chain:
             access_chains = watch_write_access_chain[type[7:]]
             for access_chain, critical_value in access_chains:

	linux-rootkit Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
	git clone git://git.deurzen.net/linux-rootkit
	Log \| Files \| Refs