/DantesGhost

Dante's Ghost is an new solution for find system call table with support for 5.7x kernels +

Primary LanguageC

DantesGhost

Dante’s Ghost is an new solution for find system call table with support for 5.7x kernels +. Dante’s Ghost finds the syscall table via the kallsyms_lookup_name module with the <linux/kprobes.h> headder.

Before starting the explanation of how the rootkit works in depth I will explain the basics.

What is Hooking:

Hooking is the act of redirecting/modifying a certain code stream, this redirect technique can be used for good and for bad, a big example of using this technique is mid function hooking This time I saw an example midFunction hook in the Unknown cheats forum that created a function jmp 0xE9 at address pAddres I won’t take much of your time explaining how it works and such because there are articles about it, I left two articles at the end of this readme, mine where I explain in depth about lkm and the one about MidFunction hook.

link of articles: