Implement Linux kernel module with process hiding and monitoring capabilities

- Add multiple kernel modules for process manipulation
- Implement /proc directory hooking to hide processes by PID or name
- Create stealth mode to hide specific commands from process listings
- Add process explorer module for detailed process information
- Include shell script for service management integration
- Add proper module parameters for runtime configuration

1 files changed, 95 insertions, 0 deletions

diff --git a/proc_explorer.c b/proc_explorer.c
new file mode 100644
index 0000000..b0ff9c3
--- /dev/null
+++ b/proc_explorer.c
@@ -0,0 +1,95 @@
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/init.h>
+#include <linux/sched.h>
+#include <linux/sched/signal.h>
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Biswa Kalyan Bhuyan");
+MODULE_DESCRIPTION("Process explorer");
+MODULE_VERSION("0.1");
+
+// Find processes matching a name or PID
+static int find_process(const char *name, unsigned int target_pid)
+{
+    struct task_struct *task;
+    int process_count = 0;
+    int hidden_count = 0;
+    
+    printk(KERN_INFO "Process Explorer: Enumerating all processes\n");
+    
+    // Loop through all processes in the system
+    for_each_process(task) {
+        process_count++;
+        
+        // If we're searching for a specific PID or name
+        if (target_pid > 0 && task->pid == target_pid) {
+            printk(KERN_INFO "Process Explorer: Found PID %d, Name: %s\n",
+                   task->pid, task->comm);
+            
+            // Print parent process info
+            if (task->parent) {
+                printk(KERN_INFO "Process Explorer: Parent PID %d, Name: %s\n",
+                       task->parent->pid, task->parent->comm);
+            }
+            
+            // Print additional info
+            printk(KERN_INFO "Process Explorer: User ID: %d, Group ID: %d\n",
+                   task->cred->uid.val, task->cred->gid.val);
+            
+            hidden_count++;
+        }
+        else if (name && strncmp(task->comm, name, TASK_COMM_LEN) == 0) {
+            printk(KERN_INFO "Process Explorer: Found PID %d with name %s\n",
+                   task->pid, task->comm);
+            hidden_count++;
+        }
+    }
+    
+    printk(KERN_INFO "Process Explorer: Total processes: %d\n", process_count);
+    
+    if (target_pid > 0 || name) {
+        printk(KERN_INFO "Process Explorer: Found %d matching processes\n", hidden_count);
+    }
+    
+    return 0;
+}
+
+// Module parameters
+static unsigned int target_pid = 0;
+module_param(target_pid, uint, 0644);
+MODULE_PARM_DESC(target_pid, "Target process ID to search for");
+
+static char *target_name = NULL;
+module_param(target_name, charp, 0644);
+MODULE_PARM_DESC(target_name, "Target process name to search for");
+
+// Module initialization
+static int __init proc_explorer_init(void)
+{
+    printk(KERN_INFO "Process Explorer: Module loaded\n");
+    
+    // Search for a specific process if provided
+    if (target_pid > 0) {
+        printk(KERN_INFO "Process Explorer: Searching for PID %u\n", target_pid);
+    } else if (target_name) {
+        printk(KERN_INFO "Process Explorer: Searching for processes named '%s'\n", target_name);
+    } else {
+        printk(KERN_INFO "Process Explorer: No search criteria provided. Use 'target_pid' or 'target_name' parameters.\n");
+        return 0;
+    }
+    
+    // Find and print process info
+    find_process(target_name, target_pid);
+    
+    return 0;
+}
+
+// Module cleanup
+static void __exit proc_explorer_exit(void)
+{
+    printk(KERN_INFO "Process Explorer: Module unloaded\n");
+}
+
+module_init(proc_explorer_init);
+module_exit(proc_explorer_exit);