Unhide.rb, finder of hidden processes

Registered 2009-04-08 by Johan Walles

Unhide.rb is a tool that attempts to find processes hidden by rootkits. It does that by scanning for processes in many different ways, and then lists processes found through some means but not through others.

Unhide.rb is a reimplementation of unhide in Ruby. On 2013jan13, the relationships between the two programs are:
* Unhide.rb does the same checks as "unhide procall" and "unhide sys" plus some more.
* Unhide.rb is about 14x faster than the original C code (7s vs 100s on my system).
* Unhide.rb is only about a tenth as much code (437 lines vs 5100 lines) as the original C code, so it should be easier to maintain / extend.
* Unhide.rb actively tries to avoid false positives when hidden processes are found.

The original unhide can be found here:
http://www.security-projects.com/?Unhide

Project information

Maintainer:
Johan Walles
Driver:
Not yet selected
Development focus:

trunk series 

lp:unhide.rb 
Browse the code

Programming Languages:
Ruby
Licences:
GNU GPL v3
()

RDF metadata

View full history Series and milestones

unhide.rb trunk series is the current focus of development

All packages Packages in Distributions

Get Involved

Downloads

unhide.rb does not have any download files registered with Launchpad.