example1.asm - linux-rootkit - Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)

example1.asm (485B)

      1 	BITS 64
      2 	global _start
      3 	section .text
      4 _start:
      5 	mov rdi, memfrobbed
      6 	mov cl, 0x18
      7 	call _my_memfrob
      8 
      9 ;	do something interesting ...
     10 
     11 	mov rdi, memfrobbed
     12 	mov cl, 0x18
     13 	call _my_memfrob
     14 	ret
     15 
     16 _my_memfrob:
     17 	xor byte [rdi+rcx-1], 0x42
     18 	loop _my_memfrob
     19 	ret
     20 	;db "53cr3t_p4yl04d_g035_h3r3", 0
     21 	section .data
     22 memfrobbed:
     23 	db 0x77, 0x71, 0x21, 0x30,
     24 	db 0x71, 0x36, 0x1d, 0x32,
     25 	db 0x76, 0x3b, 0x2e, 0x72,
     26 	db 0x76, 0x26, 0x1d, 0x25,
     27 	db 0x72, 0x71, 0x77, 0x1d,
     28 	db 0x2a, 0x71, 0x30, 0x71

	linux-rootkit Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
	git clone git://git.deurzen.net/linux-rootkit
	Log \| Files \| Refs