check out the different branches, especially the now new and cleaned up patch-5 which is more clear and better. I didn't change nfhook on patch-5 but cleared up the other 2 rootkits.
This repo regroups my little precious collection of Linux 4.x kernel rootkits.
You will find some rootkits that I wrote and other publicly available rootkits that I adapted for the latest version of the Linux kernel.
These rootkits are by no mean real-world rootkits. They have been kept to the minimum and should be used for educational purposes only.
All these rootkits have been tested and are fully working on Linux versions 4.x.y
Visit my blog for more details.