LINUX CATEGORIES:

GLOBAL PAGES >>
NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>

Find us on Google+

WEEK'S BEST

Linux Kernel 3.9.6 / 3....

Linux Kernel 3.0.82 LTS...

KDE Software Compilatio...

PulseAudio 4.0

Wireshark 1.10.0

NetworkManager 0.9.8.2

LibreOffice 3.6.6 / 4.0...

SystemRescueCd 3.7.0

Linux Kernel 3.10 RC6

Ubuntu Tweak 0.8.5

Home > Linux > Utilities

listps 0.9.1

View more screenshots (1)


Downloads: 642	View global page NEW! Tell us about an update

User Rating:
Rated by:

Fair (2.0/5)
1 user(s)


Developer: License / Price: Last Updated: Category:	Christian Stigen Larsen \| More programs GPL / FREE October 9th, 2011, 12:33 GMT [view history] ROOT / Utilities

Read user reviews (0)

Refer to a friend

listps description

A small linux program to show all running processes, including hidden ones

listps project is a small linux program to show all running processes, including hidden ones. It only works with /proc filesystems.

On systems compromised with various rootkits, like e.g. suckit 1.3e, listps will be able to explicitly list hidden processes that are running.

It does this by explicitly querying the /proc filesystem for process IDs in the range 1 to 33000.

Swapped out processes are printed in paranthesis.

Example output

In the session below I install suckit 1.3e on a linux box, hide two processes (crond and smbd) use listps to list them.

First, let's install suckit 1.3e on the host:

[root@ares listps]# uname -a
Linux ares.sublevel3.org 2.4.20-20.7custom #1 SMP Tue Sep 23 14:30:50 CEST 2003 i686 unknown
[root@ares listps]# ./sksu
I love you baby
Show begins Test mode 0
RK_Init: idt=0xc0328000, sct[]=0xc02c68e0
kma_hint=0x00000000
kmalloc()=0xc012fcb0, gfp=0x1f0
Z_Init: Allocating kernel-code memory...KINIT(0xd04d9c64) sct 0xc02c68e0
sctp 0xbfffcde0 oldsys 0xc010cf40
Done, 11635 bytes, base=0xd04d8000

Now let's hide crond and smbd (pids 577 and 613):

[root@ares listps]# ./sksu
I love you baby
Detected version: 1.3e
use:
./sksu [args]
t - test instalation objective
f - force instalation
u - uninstall
i - make pid invisible
v - make pid visible
f [0/1] - toggle file hiding
p [0/1] - toggle pid hiding
[root@ares listps]# ./sksu i 577
I love you baby
Detected version: 1.3e
Pid 577 is hidden now!
[root@ares listps]# ./sksu i 613
I love you baby
Detected version: 1.3e
Pid 613 is hidden now!

Let's see if ps(1) finds them:

[root@ares listps]# ps auxwww | egrep 'crond|smbd'
root 2160 0.0 0.1 1516 552 pts/1 S 15:24 0:00 egrep crond|smbd
[root@ares listps]#

Try running listps:

[root@ares listps]# listps -d
PID COMMAND
577 crond (hidden)
613 smbd (hidden)
[root@ares listps]#

Finally, let's uninstall suckit:

[root@ares listps]# ./sksu v 577
I love you baby
Detected version: 1.3e
Pid 577 is visible now!
[root@ares listps]# ./sksu v 613
I love you baby
Detected version: 1.3e
Pid 613 is visible now!
[root@ares listps]# ./sksu u
I love you baby
Detected version: 1.3e
Suckit uninstalled sucesfully!
[root@ares listps]# listps -d
PID COMMAND
[root@ares listps]#

Product's homepage

What's New in This Release: [ read full changelog ]

· This version changes parse_args to use getopts (short for now), reads and moves all of the stats to a structure, makes the -l option print a few of the values from the structure, and makes the -p option list just a single PID.

TAGS:	running processes \| show processes \| hidden processes \| listps \| show \| hidden	SHARE THIS
		TWEET THIS

Go to top

SUBMIT PROGRAM \| ADVERTISE \| GET HELP \| SEND US FEEDBACK \| RSS FEEDS \| UPDATE YOUR SOFTWARE \| ROMANIAN FORUM
© 2001 - 2013 Softpedia. All rights reserved. Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.	Copyright Information \| Privacy Policy \| Terms of Use

LINUX CATEGORIES:

listps 0.9.1

listps description

A small linux program to show all running processes, including hidden ones

TAGS:

Share, bookmark, add