This time, I didn't forget to add the value to the dict..; remove legacy file description - linux-rootkit - Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)

commit e8f4a790a24c7302fc3594e990adb4e0246a6155
parent d9f47420ac96e6c37a2a6648db21f26c842c6bea
Author: Tizian Leonhardt <tizianleonhardt@web.de>
Date:   Sun,  7 Feb 2021 22:19:05 +0100

This time, I didn't forget to add the value to the dict..; remove legacy file description

Diffstat:
M project/type_dict.py  | 7 ++-----

1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/project/type_dict.py b/project/type_dict.py
@@ -1,9 +1,5 @@
 ###################################################################
 # Format of input file:
-# First line:
-#   directory prefix to prune
-#
-# Rest of lines:
 #    <filename> <func or global> <line> <var or call to free>
 ###################################################################
 
@@ -66,9 +62,10 @@ class CodeDict():
 
             # ugly, but necessary since gdb does not like $ whatis 'dup_task_struct'::tsk
             # and task_struct is too important to give up
-            if "dup_task_struct" in line:
+            if fn == "dup_task_struct":
                 key = f"{src}:{lnr}"
                 val = "type = struct task_struct *"
+                self.dict[key] = val
                 continue
 
             var = re.split('\-\>|\.', var)

	linux-rootkit Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
	git clone git://git.deurzen.net/linux-rootkit
	Log \| Files \| Refs