I coded a LKM which has a functionality of hiding itself from procfs and sysfs. The problem is when I try to unhide it I get the following error :libkmod: ERROR ../libkmod/libkmod-module.c:1882 kmod_module_get_holders: could not open '/sys/module/my_module/holders': No such file or directory. After this I can see the module is shown in the lsmod but with the -2 as the parent PID. When i try to remove the module I get the error saying ERROR: Module my_module is builtin.. Here is the code:
//HIDE
void hide(void) {
if(module_hidden) //is hidden
return;
module_prev = THIS_MODULE->list.prev;
list_del_init(&THIS_MODULE->list); //procfs view
kobject_prev = &THIS_MODULE->mkobj.kobj;
kobject_parent_prev = THIS_MODULE->mkobj.kobj.parent;
kobject_list_prev = THIS_MODULE->mkobj.kobj.entry.prev;
kobject_del(&THIS_MODULE->mkobj.kobj); //sysfs view
//list_del(&THIS_MODULE->mkobj.kobj.entry);
module_hidden = (unsigned int)0x1;
}
//SHOW
void unhide(void) {
if(!module_hidden) //is not hidden
return;
list_add(&THIS_MODULE->list, module_prev); //procfs view
//list_add(&THIS_MODULE->mkobj.kobj.entry, kobject_list_prev);
kobject_add(kobject_prev, kobject_parent_prev, "my_module");//sysfs view
module_hidden = (unsigned int)0x0;
}
What can be the problem?
Thanks.
