Ring 0 rootkit detector. Based on snapshots and kernel data structures monitoring and recovery. Consists of kernel module and control ring 3 application.
- Linux: 32bit 2.6.32-38-generic GNU/Linux.
- Ubuntu: Ubuntu 10.04.4 LTS.
Kernel module:
cd ./mod/
make
Control application:
cd ./control/
gcc main.c -gdwarf-2 -o detector_control $(pkg-config --cflags --libs libnl-1)
Please refer to the pdf presentation for in deep details.