Skip to content
Hide a process under Linux using the ld preloader (https://sysdig.com/blog/hiding-linux-processes-for-fun-and-profit/)
Branch: master
Clone or download
Latest commit 25e0587 Apr 3, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore makefile Aug 16, 2014
Makefile makefile Aug 16, 2014
README.md
evil_script.py changes Aug 16, 2014
processhider.c Fixed issue with readdir64 Apr 2, 2019

README.md

libprocesshider

Hide a process under Linux using the ld preloader.

Full tutorial available at https://sysdigcloud.com/hiding-linux-processes-for-fun-and-profit/

In short, compile the library:

gianluca@sid:~/libprocesshider$ make
gcc -Wall -fPIC -shared -o libprocesshider.so processhider.c -ldl
gianluca@sid:~/libprocesshider$ sudo mv libprocesshider.so /usr/local/lib/

Load it with the global dynamic linker

root@sid:~# echo /usr/local/lib/libprocesshider.so >> /etc/ld.so.preload

And your process will be off the radar

gianluca@sid:~$ sudo ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
...

gianluca@sid:~$ sudo lsof -ni
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
...
You can’t perform that action at this time.