linux-rootkit

Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
git clone git://git.deurzen.net/linux-rootkit
Log | Files | Refs
commit 68efe5f015164a40a49442d7335f0e29ddb6e7bb
parent 704208ae4b2ce77fdaf700f69520a116f0f7a2f8
Author: deurzen <m.deurzen@tum.de>
Date:   Wed,  3 Feb 2021 10:23:21 +0100

refactors code :)

Diffstat:

Mproject/extract_sizeret.py | 5+----


1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/project/extract_sizeret.py b/project/extract_sizeret.py
@@ -39,10 +39,7 @@ class EntryExitBreakpoint(gdb.Breakpoint):
             if int(gdb.parse_and_eval(break_arg[f.name()])) > 0:
                 prev_entry = f"size={gdb.parse_and_eval(break_arg[f.name()])}"
 
-        elif self.number in exits:
-            if prev_entry is None:
-                return False
-
+        elif self.number in exits and prev_entry is not None:
             # extract return value, print for now
             print(f"{prev_entry}, ret={hex(int(str(gdb.parse_and_eval('$rax')), 10) & (2 ** 64 - 1))}", flush=True)
             prev_entry = None