linux-rootkit

Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
git clone git://git.deurzen.net/linux-rootkit
Log | Files | Refs
commit ca5e6e403c6c01e0593d9f222000c2b20856b5eb
parent 8cc5af401f524b6fb3f12e047ca0ed89657d2183
Author: Tizian Leonhardt <tizianleonhardt@web.de>
Date:   Thu,  4 Feb 2021 17:46:02 +0100

Slight refactor

Diffstat:

Mproject/extract_sizeret.py | 14+++++++++-----


1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/project/extract_sizeret.py b/project/extract_sizeret.py
@@ -54,17 +54,21 @@ class EntryExitBreakpoint(gdb.Breakpoint):
         if frame.unwind_stop_reason() != gdb.FRAME_UNWIND_NO_REASON:
             return False
 
-        type = self.type_lookup(frame)
+        typeret = self.type_lookup(frame)
 
-        if type is None:
+        if typeret is None:
             return False
 
-        ret = self.extract(frame)
+        (type, caller) = typeret
 
-        if ret is None:
+        extret = self.extract(frame)
+
+        if extret is None:
             return False
 
-        mem_map[ret[1]] = (type[0][7:], ret[0], type[1])
+        (size, address) = extret
+
+        mem_map[address] = (type, size, caller)
         return False
 
     def extract(self, frame):