TY  - JOUR
T1  - Finding Hided Processes in Linux
AU - , Yuan Yuan AU - , Dai Guanzhong 
JO  - Asian Journal of Information Technology
VL  - 6
IS  - 5
SP  - 618
EP  - 621
PY  - 2007
DA  - 2001/08/19
SN  - 1682-3915
DO  - ajit.2007.618.621
UR  - https://makhillpublications.co/view-article.php?doi=ajit.2007.618.621
KW  - Linux
KW  -LKMs backdoors
KW  -system calls
KW  -hide processes
KW  -PID
AB  - This research analyses the mechanism of using LKMs backdoors to hide processes. According to the flaw in backdoors’ design and the characteristics of/proc filesystem, a new method for finding hided processes is presented. That is traversing all possible PID directories to find out each existent process in fact. Through comparing them with the ordinary output, the hided processes would be discovered. At last the code realized in Perl has been presented. The experiment shows that this method can find the processes hided by LKMs backdoors efficiently.
ER  -