Skip to content

API Documentation

Jump to bottom Edit New page
nil0x42 edited this page Apr 26, 2015 · 12 revisions

Debug mode

The rootkit provides a debug mode, which can be enabled by defining the DEBUG_MODE macro at compile time.

If enabled, debug mode impacts the hooking library in some points:

  • All anti-debugging hooks are disabled.
  • Core debug message are written to stderr.
  • BEURK's uninstallation feature is enabled.

Enabling debug mode

This macro enables debug mode at compile time.

Usage:

    #define DEBUG_MODE (1)

  • if DEBUG_MODE == 1:

    enable basic debugging

    E.G: [BEURK]: init() constructor loaded

  • if DEBUG_MODE == 2:

    enable debugging, providing informations about concerned file and line number.

    E.G: [BEURK<init.c:83>]: init() constructor loaded

Setting default debug output file

The DEBUG_FILE macro can be set in order to infer where debug messages will be written.

Usage:

    #define DEBUG_FILE "/tmp/beurk-rootkit.log"
  • Default value: /dev/stderr

Changing debug output file at runtime

The destination file for debug messages can be overridden at runtime, through the BEURK_DEBUG_FILE environment variable.

Note that if the rootkit hasn't been compiled with DEBUG_MODE, this option has no effect.

Usage:

    BEURK_DEBUG_FILE="/dev/stdout" ls -la
Add a custom footer
Add a custom sidebar

Clone this wiki locally