Skip to content
Example of hooking a linux systemcall
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore fixed small bug, cleaned up Nov 30, 2017
Makefile fixed small bug, cleaned up Nov 30, 2017
NOTES.txt initial commit Nov 30, 2017
README.md Update README.md Dec 7, 2017
build_and_install.sh made a bit easier to use Nov 30, 2017
remove_and_clean.sh made a bit easier to use Nov 30, 2017
superhide.c added comments Dec 1, 2017

README.md

superhide

An example of a Loadable Kernel Module (LKM) that hooks the system call table.

This module will hide any userspace files that start with a certain prefix from any program that uses the getdents system call to list a directories files.

To use this, run sudo build_and_install.sh in the superhide folder. Remeber where the folder is, because it will be hidden now.

To remove this, run sudo remove_and_clean.sh in the superhide folder.

This program only captures the getdents syscall for hiding files, it doesn't hook the getdents64 call because just doing getdents was enough for a proof of concept. Turns out most things just use the getdents syscall though.

Note: I have found this to not work on some newer kernels.

You can’t perform that action at this time.