how Hide/unhide any process? - Githubissues

m0nad / Diamorphine

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

Other

1.79k stars 425 forks source link

how Hide/unhide any process? #8

Closed 630036435 closed 6 years ago

630036435 commented 6 years ago

how Hide/unhide any process?

630036435 commented 6 years ago

replace #define PF_INVISIBLE 0x10000000 ? 0x10000000 is a pid ?

Theldus commented 6 years ago

@630036435 looks like the syscall kill() is overwritten, so, in theory, after load this kernel module, you just have to send a signal from the terminal by using the kill command and the SIGINVIS signal (31). Something like: $ kill -31 pid. =)