fixes byte shift - linux-rootkit - Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)

commit 873af20d1a5906070ef59d75832380cee4a32680
parent d203dc0f9cf6832d29c743c4a1c34cd06a6714ff
Author: deurzen <m.deurzen@tum.de>
Date:   Mon, 25 Jan 2021 10:58:42 +0100

fixes byte shift

Diffstat:
M mem_forensics/memcheck-gdb.py  | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mem_forensics/memcheck-gdb.py b/mem_forensics/memcheck-gdb.py
@@ -852,7 +852,7 @@ class RkCheckFunctions(gdb.Command):
 
                     # pattern: nop -> jmp
                     if elf[i:i+4] == "0f1f" and live[i:i+2] == "e9":
-                        i += 5
+                        i += 10
                         continue
 
                     resolved = False

	linux-rootkit Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
	git clone git://git.deurzen.net/linux-rootkit
	Log \| Files \| Refs