Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

Nix

Ruby

Kotlin

Rust

F#

C

Scala

MATLAB

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

Swift

C#

PHP

Racket

R

Clojure

Julia

Go

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇦🇬 Antigua and Barbuda

🇨🇲 Cameroon

🇯🇴 Jordan

🇸🇴 Somalia

🇧🇿 Belize

🇧🇭 Bahrain

🇿🇲 Zambia

🇯🇪 Jersey

All Countries Compare Countries

elfmaster/kdress

Stars
121
Rank 293,924 (Top 6 %)
Language
C
Created over 9 years ago
Updated almost 5 years ago

elfmaster/kdress

elfmaster

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Transform vmlinuz into a fully debuggable vmlinux that can be used with /proc/kcore

kdress

Transform vmlinuz into a fully debuggable vmlinux that can be used with /proc/kcore

Use cases

This tools makes it possible to use /proc/kcore for debugging or forensics analysis without having to recompile your kernel with symbols, or download a special debug kernel image. This software is actually from a much larger project called 'Kernel Voodoo' which is still private. Kernel Voodoo uses 'kdress' to create a vmlinux that can be used as a way to easily navigate kernel memory by symbol and also have a valid signature to compare code against from /proc/kcore.

Example

ryan@elfmaster:~/kdress$ sudo ./kdress vmlinuz-`uname -r` vmlinux /boot/System.map-`uname -r`

[+] vmlinux has been successfully extracted
[+] vmlinux has been successfully instrumented with a complete ELF symbol table.

ryan@elfmaster:~/kdress$ sudo readelf -s vmlinux | grep sys_call_table
 33268: ffffffff81801400  4368 OBJECT  GLOBAL DEFAULT    4 sys_call_table
 33421: ffffffff81809ca0  2928 OBJECT  GLOBAL DEFAULT    4 ia32_sys_call_table

libelfmaster

Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools

ftrace

POSIX Function tracing

skeksi_virus

Devestating and awesome Linux X86_64 ELF Virus

ecfs

extended core file snapshot format

maya

Highly advanced Linux anti-exploitation and anti-tamper binary protector for ELF.

dsym_obfuscate

Obfuscates dynamic symbol table

saruman

ELF anti-forensics exec, for injecting full dynamic executables into process image (With thread injection)

binflow

This is the new ftrace (https://github.com/elfmaster/ftrace) - Much faster, better resolution but not complete yet! :)

dt_infect

ELF Shared library injector using DT_NEEDED precedence infection. Acts as a permanent LD_PRELOAD

sherlocked

Universal script packer-- transforms any type of script into a protected ELF executable, encrypted with anti-debugging.

linker_preloading_virus

An example of hijacking the dynamic linker with a custom interpreter who loads and executes modular viruses

taskverse

A tool like /bin/ps but uses /proc/kcore for walking the tasklist; this finds hidden processes

libelfmaster_examples

Simple ELF tools written to demonstrate libelfmaster capabilities.

kprobe_rootkit

Linux kernel rootkit using kprobes (From http://phrack.org/issues/67/6.html)

ecfs_exec

Be able to execute memory snapshots so they can start running where they left off.

static_binary_mitigations

relros.c applies RELRO to static binaries, and static_to_dyn.c applies ASLR to static binaries.

shiva

Shiva is a programmable dynamic linker for loading ELF microprograms

davinci

Transforms any file into a protected ELF executable

scop_virus_paper

ELF Virus infection techniques that work with SCOP (Secure code partitioned) executables

fork_trace

avu32

anti virus 32bit. my first attempt (in 2008) to write prototype for detecting/disinfecting unix ELF viruses

canaryism

Canaryism will tell you which functions are protected with gcc stack canaries

packt_book

interpx_documentation

shiva_blogposts

Multiple blogposts are maintained here.

shiva_presentations

unix_virus_anniversary

veriexec.linux

Veriexec implementation for Linux

poetry

Transcribing my poetry from 19yrs ago