The aim of this project is to better understand how Linux works by writing a rootkit.
This is not a functional rootkit, I implemented many different ways of manipulating the kernel (inline hooking, debug registers, IDT/sysenter/syscall hooking, pointer subterfuge…) inside a library. This library is then used to run some tests.
The project has been tested with the latest x86_64 version of the Linux kernel (v4.0-rc4).
make # build the library slrk.a
make tests # build the test module with userland tests
insmod ./tests/slrk_tests.ko
rmmod slrk_tests