Hacker News new | ask | show | jobs
by b6fan 4499 days ago
Or use dlopen, dlsym to get the real function.
1 comments
CUViper 4499 days ago
Yes, as long as dlopen and dlsym aren't also hooked.

You could also use asm to directly invoke sys_ptrace, since this rootkit doesn't have any kernel components.

link