You could also use asm to directly invoke sys_ptrace, since this rootkit doesn't have any kernel components.