1 /*
2           http://sourceforge.net/projects/unhide/
3 */
4 
5 /*
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation, either version 3 of the License, or
9 (at your option) any later version.
10 
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 GNU General Public License for more details.
15 
16 You should have received a copy of the GNU General Public License
17 along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 */
19 
20 
21 // External commands
22 // =================
23 // we are looking only for real process not thread and only one by one
24 #define COMMAND "ps --no-header -p %i o pid"
25 // we are looking for session ID one by one
26 #define SESSION "ps --no-header -s %i o sess"
27 // We are looking for group ID one by one
28 // but ps can't select by pgid
29 #define PGID "ps --no-header -eL o pgid"
30 // We are looking for all processes even threads
31 #define THREADS "ps --no-header -eL o lwp"
32 // for sysinfo scanning, fall back to old command, as --no-header seems to create
33 // an extra process/thread
34 // #define SYS_COMMAND "ps -eL o lwp"
35 #define SYS_COMMAND "ps --no-header -eL o lwp"
36 // an extra process/thread
37 #define REVERSE "ps --no-header -eL o lwp,cmd"
38 
39 // Masks for the checks to do in checkps
40 // =====================================
41 #define PS_PROC         0x00000001
42 #define PS_THREAD       0x00000002
43 #define PS_MORE         0x00000004
44 
45 // Test numbers
46 // ============
47 // note that checkps can't be call alone.
48 enum test_num {
49    // Individual test
50    TST_NONE  = 0,
51    TST_VERSION,
52    TST_PROC,
53    TST_CHDIR,
54    TST_OPENDIR,
55    TST_READDIR,
56    TST_GETPRIO,
57    TST_GETPGID,
58    TST_GETSID,
59    TST_GETAFF,
60    TST_GETPARM,
61    TST_GETSCHED,
62    TST_RR_INT,
63    TST_KILL,
64    TST_NOPROCPS,
65    TST_BRUTE,
66    TST_REVERSE,
67    TST_QUICKONLY,
68    TST_SYS_INFO,
69    TST_SYS_INFO2,
70    TST_SYS_INFO3,
71    // meta test
72    TST_DIR,
73    TST_SYS,
74    TST_QUICK,
75    TST_PROCALL,
76    // MAX number, should be the last of enum.
77    MAX_TESTNUM
78 };
79 
80 // boolean values
81 // ==============
82 #define FALSE        0
83 #define TRUE         1
84 
85 // Structure of the table of tests
86 // ===============================
87 struct tab_test_t {
88    int todo;
89    void (*func)(void);
90 } ;
91 
92 
93 // Default sysctl kernel.pid_max
94 extern int maxpid ;
95 
96 // Threads id for sync
97 extern int tid ;
98 
99 // our own PID
100 extern pid_t mypid ;
101 
102 // options
103 extern int verbose ;
104 extern int morecheck ;
105 extern int RTsys ;
106 extern int brutesimplecheck ;
107 
108 // Found hidden proccess flag
109 extern int found_HP ;
110 
111 // Temporary string for output
112 extern char used_options[1000];
113 
114 // For logging to file
115 extern int logtofile;
116 extern FILE *unlog;
117 
118 // Temporary string for output
119 extern char scratch[1000];
120 
121 extern struct tab_test_t tab_test[MAX_TESTNUM];
122 
123 // prototypes
124 // ==========
125 // unhide-linux-bruteforce.c
126 extern void *funcionThread (void *parametro) ;
127 extern void brute(void) ;
128 
129 // unhide-linux.c
130 extern void get_max_pid(int* newmaxpid) ;
131 extern int  checkps(int tmppid, int checks) ;
132 extern void printbadpid (int tmppid) ;
133 extern void usage(char * command) ;
134 extern void parse_args(int argc, char **argv) ;
135 
136 // unhide-linux-procfs.c
137 extern void checkproc(void) ;
138 extern void checkchdir(void) ;
139 extern void checkopendir(void) ;
140 extern void checkreaddir(void) ;
141 
142 // unhide-linux-syscall.c
143 extern void checkgetpriority(void) ;
144 extern void checkgetpgid(void) ;
145 extern void checkgetsid(void) ;
146 extern void checksched_getaffinity(void) ;
147 extern void checksched_getparam(void) ;
148 extern void checksched_getscheduler(void) ;
149 extern void checksched_rr_get_interval(void) ;
150 extern void checkkill(void) ;
151 extern void checkallnoprocps(void) ;
152 extern void checksysinfo(void) ;
153 extern void checksysinfo2(void) ;
154 extern void checksysinfo3(void) ;
155 extern void checksysinfo4(void) ;
156 
157 // unhide-linux-compound.c
158 extern void checkallquick(void) ;
159 extern void checkallreverse(void) ;
160