linux-rootkit

Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
git clone git://git.deurzen.net/linux-rootkit
Log | Files | Refs
commit 86d2845a4c71b69cdfa434f5e3546f6d5ea4d6e3
parent 07454a1d40487d1d1c1d1b655a1ef0588554122c
Author: deurzen <m.deurzen@tum.de>
Date:   Fri,  5 Feb 2021 01:14:52 +0100

fixes bugs

Diffstat:

Mproject/type_dict.py | 5++++-


1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/project/type_dict.py b/project/type_dict.py
@@ -52,7 +52,7 @@ class CodeDict():
     def parse(self):
         for line in self.inf.readlines():
             # Insert ./ to reflect the frame representation of source file in gdb
-            l = "./" + line
+            l = ("./" + line).split(" ")
 
             if len(l) < 5 or l[4] != "=":
                 continue
@@ -92,6 +92,9 @@ class CodeDict():
 
         # we need to look for the type of the next field in the field access chain
         field = chain[index]
+        field = re.sub('\[.*?\]', '', field)
+
+        # obtain the fields of the compound type to search through
         ptype = gdb.execute(f"ptype {next_type}", to_string = True).split("\n")[1:-2]
 
         # loop over the compound type's fields, attempt to match field we're looking for