Abstract: This research analyses the mechanism of using LKMs backdoors to hide processes. According to the flaw in backdoors’ design and the characteristics of/proc filesystem, a new method for finding hided processes is presented. That is traversing all possible PID directories to find out each existent process in fact. Through comparing them with the ordinary output, the hided processes would be discovered. At last the code realized in Perl has been presented. The experiment shows that this method can find the processes hided by LKMs backdoors efficiently.
Yuan Yuan and Dai Guanzhong , 2007. Finding Hided Processes in Linux. Asian Journal of Information Technology, 6: 618-621.