-
Notifications
You must be signed in to change notification settings - Fork 97
API Documentation
The rootkit provides a debug mode, which can be enabled by defining the DEBUG_LEVEL macro at compile time.
If enabled, debug mode impacts the hooking library in some points:
- Core debug message are written to stderr.
- BEURK's uninstallation feature is enabled.
This macro enables debug mode at compile time.
Usage:
#define DEBUG_LEVEL (1)-
if DEBUG_LEVEL == 1:
enable basic debugging
E.G:
[BEURK]: init() constructor loaded -
if DEBUG_LEVEL == 2:
enable debugging, providing informations about concerned file and line number.
E.G:
[BEURK<init.c:83>]: init() constructor loaded
The DEBUG_FILE macro can be set in order to infer where debug messages will be written.
Usage:
#define DEBUG_FILE "/tmp/beurk-rootkit.log"-
Default value:
/dev/stderr
The destination file for debug messages can be overridden at runtime, through the BEURK_DEBUG_FILE environment variable.
Note that if the rootkit hasn't been compiled with DEBUG_LEVEL, this option has no effect.
Usage:
BEURK_DEBUG_FILE="/dev/stdout" ls -laEnable hooking on ptrace(2) within the rootkit.
By default, ptrace hooking is enabled;
This macro disables ptrace hooking at compile time.
Usage:
#define ENABLE_PTRACE (1)-
if ENABLE_PTRACE == 1:
enable ptrace hooking (default value)
-
if ENABLE_PTRACE == 0:
disable ptrace hooking
Disabling ptrace hooking is a must do while debugging the rootkit with gdb or similar tools.