Fork: 1
21a5032 / linux_kernel_hacking
forked from miura250/linux_kernel_hacking
Download ZIP 78commits
Transfer to URL with SHA
linux_kernel_hacking / 3_RootkitTechniques / 3.0_hiding_lkm /
latest commit 9952cb4518
@Harvey Phillips Harvey Phillips authored on 27 Sep 2020
..
Makefile add hiding lkms 4 years ago
README.md add blog link 05 4 years ago
rootkit.c The age of tabs is over. The age of spaces has begun. 4 years ago
README.md

Linux Kernel Hacking

3.0: Hiding Kernel Modules

Please check out the blog post for an in-depth explanation on how this module works. You can find it here.

Hide a kernel module after loading it.

To use:

  • Build with make
  • Load with insmod rootkit.ko
  • Check output in kernel buffer with dmesg
  • See that the module is missing from the output of lsmod

NOTE: Currently, you can't unload this kernel module without rebooting

Inspired, in part, by this repo.