Skip to content

Yvan-xy/Kui

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
include
include
 
 
sign
sign
 
 
src
src
 
 
test
test
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
build.sh
build.sh
 
 

Repository files navigation

Kui

Kui(夔) is a loadable module which designed for verifying ELF.

Build from Source

Kui need openssl library to compile sub module.

git clone https://github.com/Explainaur/Kui.git
cd Kui
make -j8

Usage

Kui can hook syscall execve() to check ELF file. If the ELF is not signed or verified failed. It won't execute. You can use ELFSign to sign ELF and verify it.

insmod kui.ko      # Install Kui module
modinfo kui        # Check if module install
rmmod kui          # Remove Kui module

You need to place the public key into /etc/kui/pubkey and place the certificate into /etc/kui/X509. You can use ELFSign to generate key pair and certificate.

In order to better show the demo's operation, I limited the work dir. You need to change LIMITED_DIR in Kui/include/config.h to you test directory. Then all ELF file in LIMITED_DIR will be hooked!

License

Copyright (C) 2016-2020 dyf. License GPLv2.

About

Loadable Kernel Module for checking ELF

Topics

kernel-module verification elf-parser

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages