search

tking2 / volatility

Automatically exported from code.google.com/p/volatility
GNU General Public License v2.0
0 stars 1 forks source link

more android rootkit detection #360

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
This plugin detects some more advanced ways of hooking syscall tables by 
modifying the Exception Vector Table or the vector_swi function to change which 
syscall table is being used.

With this plugin as well, as the linux_check_syscall_arm plugin in my last 
issue, we can now detect all the Android rootkit techniques described in this 
phrack article: http://www.phrack.org/issues.html?issue=68&id=6

Original issue reported on code.google.com by Joe.Sylve@gmail.com on 10 Nov 2012 at 10:25

Attachments:

GoogleCodeExporter commented 9 years ago

Original comment by jamie.l...@gmail.com on 10 Nov 2012 at 11:16

GoogleCodeExporter commented 9 years ago 
committed

Original comment by atc...@gmail.com on 29 Jan 2013 at 1:06