Make the LKM rootkit visible again.
For example, it involves getting the memory address of the rootkit's "show_module" function and using it to call it, add it back to lsmod so that the LKM rootkit can be removed.
We can get the function address in a very simple kernel using /sys/ kernel /tracing/available_filter_functions_addrs , however, it is only available in kernel 6.5x and above. Another way is to scan the kernel memory and then add it to lsmod again so that it can be removed. All in all, this LKM abuses the functionality of the lkm rootkit to have the functionality visible again. OBS: There is another trick to remove/unhack LKM rootkits, but it will be in an upcoming research. Download Imperius