Unhide.rb is a tool that attempts to find processes hidden by rootkits. It does that by scanning for processes in many different ways, and then lists processes found through some means but not through others.
Unhide.rb is a reimplementation of unhide in Ruby. On 2013jan13, the relationships between the two programs are:
* Unhide.rb does the same checks as "unhide procall" and "unhide sys" plus some more.
* Unhide.rb is about 14x faster than the original C code (7s vs 100s on my system).
* Unhide.rb is only about a tenth as much code (437 lines vs 5100 lines) as the original C code, so it should be easier to maintain / extend.
* Unhide.rb actively tries to avoid false positives when hidden processes are found.
The original unhide can be found here:
http://
View full history Series and milestones
trunk series is the current focus of development.
All code Code
- Version control system:
- Bazaar
- Programming languages:
- Ruby
All packages Packages in Distributions
-
unhide.rb source package in Xenial
Version 22-2 uploaded -
unhide.rb source package in Trusty
Version 22-1 uploaded -
unhide.rb source package in Precise
Version 13-1 uploaded -
unhide.rb source package in Oracular
Version 22-6 uploaded -
unhide.rb source package in Noble
Version 22-6 uploaded
