#!/usr/bin/perl
#
# Find Hidden PIDs v0.1
# a utility for using with chkproc from chkrootkit package.
# (c) DS <desi@netway.org> 
#
# Greetz:
# !dSR Crew, haxorcitos
#


use strict;

my $chkproc = "/usr/lib/chkrootkit-0.43/chkproc";
# configure this with path to chkproc and comment the next line.
#die "I have to set chkproc path ...\n";

my $PIPE;
my $i = 0;
my @pids = ();

open (PIPE, "-|") || exec ("$chkproc -v") or die "Can't create chkproc pipe\n";

while (<PIPE>) {
if (/readdir output/) {
$_ =~ s/(.*\ +)(\d*)(\:\ *.*)/$2/g;
s/\n//g;
push @pids, $_;
}
}

print "Searching ps hidden pids ...\n";
find_in_proc (@pids);

sub find_in_proc {
my @find = @_;
my $DIR;

opendir (DIR, "/proc") or die "Can't open proc\n";

for (readdir(DIR)) {
s/\n//g;
if (/\d/) {
find_recursive ("/proc/$_", @find);
}
}
closedir (DIR);
print "Founded $i hidden pid(s)\n";
}

sub find_recursive {
my ($tmp) = shift;
my @find = @_;
my $DIR;

foreach (@find) {
unless (opendir (DIR, "$tmp/task/$_")) {

} else {
my $ret = GetProc($tmp);
print "PID $_:\tis part of $ret\n";
$i++;
}
closedir (DIR);
}
}

sub GetProc {
my $tmp = shift;
my $FILE;
my $ret;

open (FILE, "<$tmp/status");
if ((read FILE, $ret, 1024) > 0) {
my @r = split (/\s/, $ret);
return $r[1];
}
return "Not found!";
}