search

unix-thrust / beurk

BEURK Experimental Unix RootKit
GNU General Public License v3.0
362 stars 94 forks source link

hooking on realpath(), unlink(), unlinkat(), remove(), rmdir() #89

Open nil0x42 opened 8 years ago

nil0x42 commented 8 years ago

those functions should be hooked in order to check if path file is_hidden() or if is_ld_preload_file(). NOTE: all related quick and functionnal tests should be present in the pull request.