linux-rootkit

Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
git clone git://git.deurzen.net/linux-rootkit
Log | Files | Refs
commit e516b199122bed30f511a0a7d6367b7933c51874
parent d59615cb732e498587f7ac4a2d7d9f1340b5ae73
Author: deurzen <m.deurzen@tum.de>
Date:   Sun,  7 Feb 2021 00:06:31 +0100

attempt fix for diff check bug

Diffstat:

Mproject/extract_sizeret.py | 9+++++----


1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/project/extract_sizeret.py b/project/extract_sizeret.py
@@ -267,12 +267,13 @@ class WriteWatchpoint(gdb.Breakpoint):
 
     def stop(self):
         current_chain = f"(({self.type}){hex(self.address)})"
-        for i, (field, initial_value) in enumerate(zip(self.field_chain, self.initial_values)):
+        for field, initial_value in zip(self.field_chain, self.initial_values):
             current_chain += "->(" + field + ")"
-            current_value = self.get_value(current_chain)
 
-            if initial_value != current_value:
-                print(current_chain, "changed from", initial_value, "to", current_value)
+        current_value = self.get_value(current_chain)
+
+        if self.initial_values[-1] != current_value:
+            print(current_chain, "changed from", initial_value, "to", current_value)
 
         return False