├── .gitignore ├── .gitmodules ├── LICENSE ├── README.md ├── README_ATT.md ├── compile_commands.json ├── config ├── buildroot.config └── kernel.config ├── module ├── .clang-format ├── .gitignore ├── anti_rootkit │ ├── Makefile │ ├── config.h │ ├── fix_compile_commands.sh │ ├── fops.c │ ├── fops.h │ ├── ftrace_hooks.c │ ├── ftrace_hooks.h │ ├── generate_fops.py │ ├── globals.c │ ├── idt.c │ ├── idt.h │ ├── important_functions.c │ ├── important_functions.h │ ├── main.c │ ├── module_list.c │ ├── module_list.h │ ├── pinned_bits.c │ ├── pinned_bits.h │ ├── syscall_handler.c │ ├── syscall_handler.h │ ├── syscall_table.c │ ├── syscall_table.h │ ├── utils.c │ └── utils.h └── samples │ ├── Makefile │ ├── chmod_syscall.S │ ├── sample_fops.c │ ├── sample_module_list.c │ ├── sample_pinned_bits.c │ ├── sample_syscall_handler.c │ └── sample_syscall_table.c ├── run.sh └── run_debug.sh /.gitignore: -------------------------------------------------------------------------------- 1 | output/* 2 | **/.cache 3 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/.gitmodules -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/README.md -------------------------------------------------------------------------------- /README_ATT.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/README_ATT.md -------------------------------------------------------------------------------- /compile_commands.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/compile_commands.json -------------------------------------------------------------------------------- /config/buildroot.config: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/config/buildroot.config -------------------------------------------------------------------------------- /config/kernel.config: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/config/kernel.config -------------------------------------------------------------------------------- /module/.clang-format: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/.clang-format -------------------------------------------------------------------------------- /module/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/.gitignore -------------------------------------------------------------------------------- /module/anti_rootkit/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/anti_rootkit/Makefile -------------------------------------------------------------------------------- /module/anti_rootkit/config.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/anti_rootkit/config.h -------------------------------------------------------------------------------- /module/anti_rootkit/fix_compile_commands.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/anti_rootkit/fix_compile_commands.sh -------------------------------------------------------------------------------- /module/anti_rootkit/fops.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/anti_rootkit/fops.c -------------------------------------------------------------------------------- /module/anti_rootkit/fops.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/anti_rootkit/fops.h -------------------------------------------------------------------------------- /module/anti_rootkit/ftrace_hooks.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/anti_rootkit/ftrace_hooks.c -------------------------------------------------------------------------------- /module/anti_rootkit/ftrace_hooks.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/anti_rootkit/ftrace_hooks.h -------------------------------------------------------------------------------- /module/anti_rootkit/generate_fops.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/anti_rootkit/generate_fops.py -------------------------------------------------------------------------------- /module/anti_rootkit/globals.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/anti_rootkit/globals.c -------------------------------------------------------------------------------- /module/anti_rootkit/idt.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/anti_rootkit/idt.c -------------------------------------------------------------------------------- /module/anti_rootkit/idt.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/anti_rootkit/idt.h -------------------------------------------------------------------------------- /module/anti_rootkit/important_functions.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/anti_rootkit/important_functions.c -------------------------------------------------------------------------------- /module/anti_rootkit/important_functions.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/anti_rootkit/important_functions.h -------------------------------------------------------------------------------- /module/anti_rootkit/main.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/anti_rootkit/main.c -------------------------------------------------------------------------------- /module/anti_rootkit/module_list.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/anti_rootkit/module_list.c -------------------------------------------------------------------------------- /module/anti_rootkit/module_list.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/anti_rootkit/module_list.h -------------------------------------------------------------------------------- /module/anti_rootkit/pinned_bits.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/anti_rootkit/pinned_bits.c -------------------------------------------------------------------------------- /module/anti_rootkit/pinned_bits.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/anti_rootkit/pinned_bits.h -------------------------------------------------------------------------------- /module/anti_rootkit/syscall_handler.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/anti_rootkit/syscall_handler.c -------------------------------------------------------------------------------- /module/anti_rootkit/syscall_handler.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/anti_rootkit/syscall_handler.h -------------------------------------------------------------------------------- /module/anti_rootkit/syscall_table.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/anti_rootkit/syscall_table.c -------------------------------------------------------------------------------- /module/anti_rootkit/syscall_table.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/anti_rootkit/syscall_table.h -------------------------------------------------------------------------------- /module/anti_rootkit/utils.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/anti_rootkit/utils.c -------------------------------------------------------------------------------- /module/anti_rootkit/utils.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/anti_rootkit/utils.h -------------------------------------------------------------------------------- /module/samples/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/samples/Makefile -------------------------------------------------------------------------------- /module/samples/chmod_syscall.S: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/samples/chmod_syscall.S -------------------------------------------------------------------------------- /module/samples/sample_fops.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/samples/sample_fops.c -------------------------------------------------------------------------------- /module/samples/sample_module_list.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/samples/sample_module_list.c -------------------------------------------------------------------------------- /module/samples/sample_pinned_bits.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/samples/sample_pinned_bits.c -------------------------------------------------------------------------------- /module/samples/sample_syscall_handler.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/samples/sample_syscall_handler.c -------------------------------------------------------------------------------- /module/samples/sample_syscall_table.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/module/samples/sample_syscall_table.c -------------------------------------------------------------------------------- /run.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/run.sh -------------------------------------------------------------------------------- /run_debug.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RouNNdeL/anti-rootkit-lkm/HEAD/run_debug.sh --------------------------------------------------------------------------------