pidhide.h - linux-rootkit - Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)

pidhide.h (723B)

      1 #ifndef _GROUP7_PIDHIDE_H
      2 #define _GROUP7_PIDHIDE_H
      3 
      4 #include <linux/types.h>
      5 
      6 #define PID_FROM_NAME(name) ((pid_t)simple_strtol((name), NULL, 10))
      7 
      8 typedef struct pid_list *pid_list_t_ptr;
      9 typedef struct pid_list {
     10     pid_t pid;
     11     pid_list_t_ptr prev;
     12     pid_list_t_ptr next;
     13 } pid_list_t;
     14 
     15 extern pid_list_t hidden_pids;
     16 
     17 void hide_pids(void);
     18 void unhide_pids(void);
     19 
     20 void hide_pid(pid_t);
     21 void unhide_pid(pid_t);
     22 void clear_hidden_pids(void);
     23 
     24 void init_pid_list(void);
     25 bool list_contains_pid(pid_list_t_ptr, pid_t);
     26 pid_list_t_ptr find_pid_in_list(pid_list_t_ptr, pid_t);
     27 pid_list_t_ptr add_pid_to_list(pid_list_t_ptr, pid_t);
     28 pid_list_t_ptr remove_pid_from_list(pid_list_t_ptr, pid_t);
     29 
     30 #endif//_GROUP7_PIDHIDE_H

	linux-rootkit Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
	git clone git://git.deurzen.net/linux-rootkit
	Log \| Files \| Refs