KmemGuard is a tool I wrote for Linux Kernel 2.6.7., when the S.P.I.N.E. project was still alive. It protects and eventually repairs the syscalltable using /dev/kmem. One can use it as a first countermeasure against malicious syscalltable injections, often performed by rootkits. As a proof of concept, it is usable although by no means complete.

I’ll test it on recent kernel releases soon… in the meantime, here it is for Linux 2.6.7. kmemguard.c