Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/thebigcicca/hiddenghost

HiddenGhost is an new solution for find system call table with support for 5.7x kernels +
https://github.com/thebigcicca/hiddenghost

linux-kernel-hacking linux-kernel-module linux-rootkit lkm lkm-rootkit rootkit syscall syscall-hook syscalls

Last synced: about 1 month ago
JSON representation

HiddenGhost is an new solution for find system call table with support for 5.7x kernels +

Awesome Lists containing this project

README 

          
== HiddenGhost

 

Hidden Ghost *is an new solution for find system call table with support for 5.7x kernels +*. Hidden Ghost finds the syscall table via the ```kallsyms_lookup_name``` module with the `````` headder.



Before starting the explanation of how the rootkit works in depth I will explain the basics.



** Tested On:



[✔️] Debian 12 6.7X amd64



** Usage: 



```

1) install the kernel headers:



sudo apt install linux-headers-$(uname -r)



2) Install Development Tools:



sudo apt install build-essential



3) Install the Kernel Development Kit:



sudo apt install linux-headers-$(uname -r) linux-source



4) Go to the /src directory:



cd src



5) Module Compilation:



make



6) Load the module:



sudo insmod main.ko



7) Check if the module has been loaded:



dmesg | tail -n 10



```



After these steps are completed, you should see this message:



image::img/HiddenGhost.png[]



link of articles: 



https://github.com/Ch4r0nN/LKM-Exploration[LKM-Exploration Making drivers from basic to advanced]



https://www.unknowncheats.me/forum/c-and-c-/67884-mid-function-hook-deal.html[Unknown Cheats]



Links to the repositories I based on:



https://github.com/m0nad/Diamorphine[Diamorphine]



https://github.com/xcellerator/linux_kernel_hacking[Linux Kernel Hacking]