ftrace-hook Linux kernel module demonstrating usage of ftrace framework for function hooking: as in executing arbitrary code around the hooked function. The code is licensed under GPLv2. How to build Please consider using a virtual machine (VirtulBox, VMWare, QEMU, etc.) for experiments. The (...
It was heavily inspired by the ftrace framework of the Linux kernel and the name uftrace stems from the combination of user and ftrace. It can record data from: User space C/C++/Rust functions, by either dynamically patching functions using -P., or else selective NOP patching using code com...
# # Automatically generated file; DO NOT EDIT. # Linux/x86 6.1.21.21 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (Ubuntu 11.1.0-1ubuntu1~20.04) 11.1.0" CONFIG_CC_IS_GCC=y CONFIG_GCC_VERSION=110100 CONFIG_CLANG_VERSION=0 CONFIG_AS_IS_GNU=y CONFIG_AS_VERSION=23400 CONFIG_...
$ cd ftrace-hook $ make make -C /lib/modules/4.9.0-5-amd64/build M=/home/ilammy/dev/ftrace-hook modules make[1]: Entering directory '/usr/src/linux-headers-4.9.0-5-amd64' CC [M] /home/ilammy/dev/ftrace-hook/ftrace_hook.o Building modules, stage 2. MODPOST 1 modules CC /hom...
【linux内核调试】使用Ftrace来Hook linux内核函数 【linux内核调试】ftrace/kprobes/SystemTap内核调试方法对比 【KVM】KVM学习—实现自己的内核 Reference: linux-security-papers linux-kernel-exploitation GoSSIP_Software Security Group 为什么是最好的 GitHub 项目? 技术的发展速度比以往任何时候都快,技术正在...
linux hook detect kernel rootkit sysfs forensics cheat remove procfs lkm syscall sheet ftrace tracefs Updated Dec 16, 2024 MatheuZSecurity / Imperius Star 47 Code Issues Pull requests Make an Linux Kernel rootkit visible again. linux kernel rootkit reveal lkm Updated Feb 27, 2025 C rgolu...
Development version of the Upstream MultiPath TCP Linux kernel 🐧 - mptcp_net-next/include/linux/ftrace.h at 70045bfc4cd5fef44ada25fa3367329eba98731a · multipath-tcp/mptcp_net-next
KoviD leverages Ftrace, a legitimate method for function and syscall hijacking in Kernel v5+. This approach offers greater stability compared to traditional hooking techniques. 2.4 Backdoors KoviD incorporates popular and reliable methods for backdooring systems, such as port-knocking with custom packet...
4 changes: 4 additions & 0 deletions 4 linux_kernel/hook.h Original file line numberDiff line numberDiff line change @@ -0,0 +1,4 @@ #pragma once #include "head.h" extern bool init_hooks(void); extern void uninstall_hooks(void); 34 changes: 25 additions & 9 deletions 34 linux_...
使用ftrace: //在头文件中写上hook数组structftrace_hookhooks[]={HOOK("__x64_sys_mkdir",hook_mkdir,&orig_mkdir),HOOK("__x64_sys_getdents",hook_getdents,&orig_getdents)};//在模块初始化时执行hook安装fh_install_hooks(hooks,ARRAY_SIZE(hooks));//在模块卸载化时执行hook卸载fh_remove_hooks(...