GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → kfiros → execmon

kfiros / execmon

Licence: Apache-2.0 License
Advanced process execution monitoring utility for linux (procmon like)

Programming Languages

c
50402 projects - #5 most used programming language
Makefile
30231 projects

Labels

linuxhookskernelkernel-modulelinux-kernelprocess-monitorsyscallssyscall-tableexecveprocmonlinux-process-monitorsyscall-hooklinux-procmon

Projects that are alternatives of or similar to execmon

Umbra
A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malware and more.
Stars: ✭ 98 (+27.27%)
Mutual labels:  kernel-module, linux-kernel
linux-prog
Some C code i write to study systems programming (while reading The Linux Programming Interface)
Stars: ✭ 43 (-44.16%)
Mutual labels:  kernel, syscalls
LinuxKernelLearn
Learn Linux Kernel Step by Step, including the Modules, FS, Device Driver etc. --- Linux内核学习,包括Linux各模块,文件系统,设备驱动文件等。
Stars: ✭ 37 (-51.95%)
Mutual labels:  kernel-module, linux-kernel
Kvm Kernel Example
Examples for: Learning KVM - implement your own kernel
Stars: ✭ 221 (+187.01%)
Mutual labels:  kernel, linux-kernel
Linux-Kernel-Exploitation
Linux kernel development & exploitation lab.
Stars: ✭ 130 (+68.83%)
Mutual labels:  kernel, linux-kernel
Flagchecker
For effective cheating detection in competitions. Utilizes Linux Kernel Module (LKM) for generating flags.
Stars: ✭ 24 (-68.83%)
Mutual labels:  hooks, linux-kernel
kernel-syslog
📝 Kernel module that can be used as a replacement for syslog, logger or logwrapper
Stars: ✭ 37 (-51.95%)
Mutual labels:  kernel, kernel-module
Linux Samus
Linux 4.16 on Chromebook Pixel 2015
Stars: ✭ 179 (+132.47%)
Mutual labels:  kernel, linux-kernel
w1-gpio-cl
Command line configured kernel mode 1-wire bus master driver. w1-gpio standard Linux module enhancement/substitution.
Stars: ✭ 17 (-77.92%)
Mutual labels:  kernel, linux-kernel
DuckOS
Such OS; Very Duck!
Stars: ✭ 16 (-79.22%)
Mutual labels:  kernel, syscalls
Sphinx-Dipper
Sphinx Custom Kernel for Mi 8 (Dipper)
Stars: ✭ 17 (-77.92%)
Mutual labels:  kernel, linux-kernel
pfSense-pkg-WireGuard
This is a port of the original WireGuard UI bits as implemented by Netgate in pfSense 2.5.0 to a package suitable for rapid iteration and more frequent updating on future releases of pfSense.
Stars: ✭ 194 (+151.95%)
Mutual labels:  kernel, kernel-module
Prototype Kernel
Prototyping kernel development work outside mainline
Stars: ✭ 214 (+177.92%)
Mutual labels:  kernel, linux-kernel
Inline syscall
Inline syscalls made easy for windows on clang
Stars: ✭ 232 (+201.3%)
Mutual labels:  hooks, syscalls
Linux Uek
Oracle Linux UEK: Unbreakable Enterprise Kernel
Stars: ✭ 185 (+140.26%)
Mutual labels:  kernel, linux-kernel
protecc
Linux kernel module to fight against police terror
Stars: ✭ 25 (-67.53%)
Mutual labels:  kernel-module, linux-kernel
Raspberry Pi Os
Learning operating system development using Linux kernel and Raspberry Pi
Stars: ✭ 11,000 (+14185.71%)
Mutual labels:  kernel, linux-kernel
Linux Kernel Utilities
👷 Utilities to compile and / or update linux kernels for Debian and derivatives (e.g. Ubuntu, LinuxMint, etc.)
Stars: ✭ 166 (+115.58%)
Mutual labels:  kernel, linux-kernel
kernel-memtest
Hybrid memtest running in kernel mode, and userspace.
Stars: ✭ 17 (-77.92%)
Mutual labels:  kernel, linux-kernel
dr checker 4 linux
Port of "DR.CHECKER : A Soundy Vulnerability Detection Tool for Linux Kernel Drivers" to Clang/LLVM 10 and Linux Kernel
Stars: ✭ 34 (-55.84%)
Mutual labels:  kernel, kernel-module
View All Similar Projects ➔

execmon

execmon is an advanced process execution monitoring utility for linux.

The project consists of a kernel module and a user mode utility. The kernel module tracks new process executions, or precisely, intercepts the execve syscall. Whenever the kernel intercepts a new execution, it notifies the user immediately about it.

In the past, hooking syscalls in the Linux kernel was an easier task, however, in newer kernels, assembly stubs were added to the syscalls. execmon overcomes this obstacle, patching the kernel on the fly. For this purpose I used the open source project Udis86.

Future Goals

  • Intercept more syscalls
  • Better graphical data presentation for the user
  • Save sessions data
  • Support 32 bit systems

Notes

  • Currently supports only 64 bit
  • Currently Attempted to run only on Ubuntu 14.04 (Kernel 3.13)
  • Use on your own risk

How To Use

  • Compile using make
  • Insert the kernel module (using insmod)
  • Run the user application

Author

Kfir Shtober (Kfiros) 2016

Thanks & Credits

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].