#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/sched.h>
#include <linux/sched/signal.h>
#include <linux/proc_fs.h>
#include <linux/seq_file.h>
#include <linux/fs.h>

MODULE_LICENSE("GPL");
MODULE_AUTHOR("Biswa Kalyan Bhuyan");
MODULE_DESCRIPTION("PID Hider - Process hiding");
MODULE_VERSION("0.1");

// PID to hide from process listings
static unsigned int hidden_pid = 0;
module_param(hidden_pid, uint, 0644);
MODULE_PARM_DESC(hidden_pid, "Process ID to hide from listings");

// Function to find and report on a process
static void find_process(unsigned int pid)
{
    struct task_struct *task;
    
    printk(KERN_INFO "PID Hider: Searching for PID %u\n", pid);
    
    for_each_process(task) {
        if (task->pid == pid) {
            printk(KERN_INFO "PID Hider: Found process %u (%s)\n", 
                   task->pid, task->comm);
            
            if (task->parent) {
                printk(KERN_INFO "PID Hider: Parent process is %u (%s)\n", 
                       task->parent->pid, task->parent->comm);
            }
            
            printk(KERN_INFO "PID Hider: Process UID: %u, GID: %u\n", 
                   task->cred->uid.val, task->cred->gid.val);
            return;
        }
    }
    
    printk(KERN_INFO "PID Hider: Process %u not found\n", pid);
}

/*
 * ----------------------------------------------------
 * POC: How Process Hiding Works (Conceptual Overview)
 * ----------------------------------------------------
 *
 * 1. Process listings in Linux come from iterating /proc directory
 * 2. To hide a process, we hook the directory listing function (iterate_shared)
 * 3. When the hook is called, we filter out entries for our target PID
 * 4. This makes commands like ps, top, etc. unable to see the process
 * 5. The process still runs normally, it just doesn't appear in listings
 *
 * Tools like ps get process lists by reading /proc, which contains 
 * a directory for each running process named by its PID. By filtering
 * these directory entries, we can make a process invisible.
 */

static int __init pid_hider_init(void)
{
    printk(KERN_INFO "PID Hider: Module loaded\n");
    
    if (hidden_pid == 0) {
        printk(KERN_INFO "PID Hider: No target PID specified. Use: insmod pid_hider.ko hidden_pid=<pid>\n");
        return 0;
    }
    
    // Find the specified process
    find_process(hidden_pid);
    
    return 0;
}

static void __exit pid_hider_exit(void)
{
    printk(KERN_INFO "PID Hider: Module unloaded\n");
    
    if (hidden_pid > 0) {
        printk(KERN_INFO "PID Hider: No longer hiding PID\n", hidden_pid);
    }
}

module_init(pid_hider_init);
module_exit(pid_hider_exit);