LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 04-04-2006, 09:19 PM   #1
sailershen
LQ Newbie
 
Registered: Mar 2005
Posts: 27

Rep: Reputation: 15
How can found a hiden module?


Use this codes:
Code:
int init_module()
{
        if (module.next)
                module.next = module.next->next;
I can hide the next module, who can tell me how I can found the hide module in system?
 
Old 04-04-2006, 10:08 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Moved: This thread is more suitable in the Programming forum and has been moved accordingly to help your thread/question get the exposure it deserves.
 
Old 04-05-2006, 08:22 PM   #3
sailershen
LQ Newbie
 
Registered: Mar 2005
Posts: 27

Original Poster
Rep: Reputation: 15
I think I can check /proc/ksyms against another /proc/ksyms from truest system, of course, the checked system same as the truest system, include system version, all loaded modules...
 
Old 04-05-2006, 10:49 PM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
If you are trying to detect hidden kernel modules, you can look for changes to the syscall table in system.map vs the running kernel. Here is a more advanced tutorial:
http://www.securityfocus.com/infocus/1811

This has some more info as well as tools for lkm detection:
http://la-samhna.de/library/rootkits/detect.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
fglrx module not found but X runs using module biger problem though HELP! fireicer Linux - Newbie 4 07-30-2004 04:44 PM
Unhiding partition hiden by lilo -> no filesistem. amoros Linux - General 3 03-25-2004 02:11 PM
vsftpd user hiden files intruder Linux - Networking 1 12-25-2003 11:33 AM
vsftp user hiden files intruder Linux - Software 1 12-21-2003 03:18 PM
Hiden Rows in Openoffice inecoiec Linux - Software 0 03-11-2003 06:30 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 02:40 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration