编写程序以从ps命令结果中隐藏进程 [英] writing a program for hiding processes from ps command result

问题描述

我想编写一个内核模块，该模块可以通过从ps命令结果中将其删除来从用户视图中隐藏进程，并使我能够查看隐藏的进程.

I want to write a kernel module that can hide a process from user view by removing it from ps command result and able me to view hidden processes.

任何人都可以给我一个编写此程序的演练吗?

Can anyone give me a walk-through for writing this program?

推荐答案

我相信大多数root-kit都会包含这样的内容，而root-kits是我想到编写这样的东西的唯一原因.

I believe most root-kits would include something like this, and that root-kits are the only reason I can think of for writing something like this.

如果您看到其他更有效的用法，请赐教. (蜜罐不是一个很好的答案，因为首先从外部观察，最好在虚拟机中运行它们.)

If you see some other, more valid, use, please enlighten me. (Honey pots are not a good answer, since you're much better off running them in a virtual machine observed from the outside in the first place.)

这篇关于编写程序以从ps命令结果中隐藏进程的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！