Registered 2009-04-08 by Johan Walles

Unhide.rb is a tool that attempts to find processes hidden by rootkits. It does that by scanning for processes in many different ways, and then lists processes found through some means but not through others.

Unhide.rb is a reimplementation of unhide in Ruby. On 2013jan13, the relationships between the two programs are:
* Unhide.rb does the same checks as "unhide procall" and "unhide sys" plus some more.
* Unhide.rb is about 14x faster than the original C code (7s vs 100s on my system).
* Unhide.rb is only about a tenth as much code (437 lines vs 5100 lines) as the original C code, so it should be easier to maintain / extend.
* Unhide.rb actively tries to avoid false positives when hidden processes are found.

The original unhide can be found here:

Project information

Johan Walles
Not yet selected

RDF metadata

View full history Series and milestones

trunk series is the current focus of development.

All code Code

Version control system:
Programming languages:

All packages Packages in Distributions

Get Involved


unhide.rb does not have any download files registered with Launchpad.