linux-rootkit

Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
git clone git://git.deurzen.net/linux-rootkit
Log | Files | Refs
commit bd3f1401d3e3abfdf424330e923c1d7590c9a33d
parent 536c73b0fbff93ada50030a1dc610ac140bc73db
Author: Tizian Leonhardt <tizianleonhardt@web.de>
Date:   Wed,  3 Feb 2021 21:31:11 +0100

PrintMem stub

Diffstat:

Mproject/extract_sizeret.py | 14+++++++++++++-


1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/project/extract_sizeret.py b/project/extract_sizeret.py
@@ -13,10 +13,22 @@ break_arg = {
 
 entries = set()
 exits = set()
+types = {}
+
+# Contains tuples of (type, size, addr, caller)
+mem_map = set()
 
 prev_entry = None
 
-types = {}
+class PrintMem(gdb.Command):
+    def __init__(self):
+        super(PrintMem, self).__init__("print-mem", gdb.COMMAND_DATA)
+
+    def invoke(self, arg):
+        global mem_map
+
+PrintMem()
+
 
 class EntryExitBreakpoint(gdb.Breakpoint):
     def __init__(self, b):