KmemGuard

January 6, 2011 in Uncategorized

KmemGuard is a tool I wrote for Linux Kernel 2.6.7., when the S.P.I.N.E. project was still alive. It protects and eventually repairs the syscalltable using /dev/kmem. One can use it as a first countermeasure against malicious syscalltable injections, often performed by rootkits. As a proof of concept, it is usable although by no means complete.

I’ll test it on recent kernel releases soon… in the meantime, here it is for Linux 2.6.7. kmemguard.c

Advertisement

Like this:

Be the first to like this post.

Blogroll

Leave a comment

Comments feed for this article

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Connecting to %s

Follow

Follow “Charlie's Blog”

Powered by WordPress.com