GithubHelp home page GithubHelp logo

lctsolutions / kunkillable Goto Github PK

View Code? Open in Web Editor NEW

This project forked from spiderpig1297/kunkillable

0.0 0.0 0.0 934 KB

kunkillable is an LKM that makes userland processes unkillable.

Shell 29.66% C 65.70% Makefile 4.64%

kunkillable's Introduction

kunkillable

kunkillable is an LKM (loadable kernel module) that makes userland processes unkillable.

TL;DR

kunkillable adds the flag SIGNAL_UNKILLABLE to the signal flags of task_struct hence making it unkillable.

When the module is unloaded, the flag is removed and the process becomes killable again.

How It Works

In order to understand the MO of the module, lets see first what happens when we send a user-mode signal to a process:

    -----------------
    | kill -9 25327 |
    -----------------
        |
        |   user runs kill command to send a signal for a process, intiating a 
        |   call to sys_kill() system call
        |
    --------------
    | sys_kill() |
    --------------
        |
        |   sys_kill() is called, initiating a sequence of internal functions calls 
        |
    -------------------------     -------------------     -------------------------
    | kill_something_info() | --> | kill_pid_info() | --> | group_send_sig_info() | 
    -------------------------     -------------------     -------------------------
                                                                |
                                                                |
        _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
        |
    ----------------------        -----------------       -------------------
    | do_send_sig_info() | -----> | send_signal() |  ---> | __send_signal() |
    ----------------------        -----------------       -------------------
                                                                |
        _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
        |   
        |   evantually, __send_signal() is called.
        |   __send_signal is the last function in the chain whose responsible for 
        |   the actual send of the signal.
        |
    --------------------
    | prepare_signal() |
    --------------------
        |
        |   as part of the signal prepartion, prepare_signal() is called and in 
        |   turns calls two interesting function!
        |
    -----------------
    | sig_ignored() |
    -----------------
        |
        |
        |
    ----------------------
    | sig_task_ignored() |
    ----------------------

            sig_task_ignored() is the function responsible for checking if the 
            process should ignore the signal that we want to send, according to 
            its task_struct's flags.

Let's take a look at the function sig_task_ignored():

NOTE: you can find the rest of the screenshots under docs/ directory.

Alt text

SIGNAL_UNKILLABLE

As we can see in line 85, the kernel reads the task_struct's signal flags to find if SIGNAL_UNKILLABLE is defined. If so - ___true is returned, and the signal is being ignored - hence our process becomes unkillable.

All we need to do - is to find the task_struct of the process we want to turn unkillable, and add SIGNAL_UNKILLABLE flag to it.

kunkillable's People

Contributors

spiderpig1297 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.