• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Linux kernel hacking: procfs

CubanCorona

CubanCorona

Senior member
I'm trying to modify procfs so that not all processes are shown.

I changed the get_pid_list() function in /fs/proc/base.c. To filter out the processes that I want to hide.

This works in the sense that ls /proc does not show the processes which I've chosen to filter. However, the last process shows up multiple times... one for each hidden process. For example, ls /proc will list several 652's. I've been looking for the cause for a while and haven't been able to find it. Any ideas?

 
Most of the rootkits I've seen deal with this on a copiled kernel. They don't really offer any insight into changing the actual source code.
 
Originally posted by: CubanCorona
Most of the rootkits I've seen deal with this on a copiled kernel. They don't really offer any insight into changing the actual source code.
Click to expand...

They usually add a module that hides these things, and the source for that module might give you a clue as to how they work.
 
Here is a examination of the lkm adore rootkit.

Here is some links to a few versions of the adore rootkit sourced (I beleive, haven't looked at them yet) link

Now be a nice guy and don't use this publicly aviable knowledge for evil. 😉
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top