build failed on version kernel 6.11

[oditynet]

I try understand methods and build youra project and have many questions.

I did build your project on Arch linux with kernel 6.11.7 and have many questions: 1) I have a error: unknown type name 'sys64'; did you mean 's64'? what is a type sys64? Where did you get it? 2) attach_pid_sg,bpf_map_get_sg,kallsyms_lookup_name_sg - what is a types? Where did you get it? 3) I don't understand the principle of hiding a process through the stop_machine function stop_machine(_hide_task, &ht, NULL))) . Where in the function _hide_task is this implemented? 4) Did i build your a project on a kernel 6.11 ?

[carloslack]

sys64 is a typedef in kovid code, it is internal (see lkm.h). attach_pid_sg and others are also internal typedefs defined in lkm.h stop_machine don't hide processes, it is a "heavy" lock, _hide_task does, have a look at pid.c

the rk does not yet support kernel 6.x, please have a look at https://github.com/carloslack/KoviD/blob/master/README.md

[oditynet]

thank you very match. https://xcellerator.github.io/posts/linux_rootkits_07/ and http://phrack.org/ can help me too. Good luck!