An obscure kernel feature to get more info about dying processes(timetobleed.com) |
An obscure kernel feature to get more info about dying processes(timetobleed.com) |
Plus this guy has some other very nifty articles.
But I guess (glancing at first few comments) that "haterz gonna hate."
Disclosure: I work on the unrEVOked rooting tool for android and we do stuff like this all the time.
it's not a very good rootkit by itself, certainly, as typically rootkits will monkey with the kernel to hide processes and network sockets.
it's interesting because it's probably the simplest rootkit method i can think of (next to setuid binaries). it's less obvious than a setuid. it's not something that anyone sane would use by itself because like i said--it doesn't hide you.