Kernel hacking: Hiding processes with kprobes
Debugging, performance analysis, attach into any kernel routines with kernel probes.
Kernel probes and return probes
Kprobes enables you to dynamically break into any kernel routine, collect information non-disruptively. You can trap at almost any kernel code address, specifying a handler routine to be invoked when the break point is hit.
There are two types of probes:
- kprobes - can be inserted on virtually any instruction in the kernel.
- kretprobes - return probe fires when a specified function returns.
How does it work?
This post is licensed under CC BY 4.0 by the author.