From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <systemtap-return-21448-listarch-systemtap=sources.redhat.com@sourceware.org>
Received: (qmail 18649 invoked by alias); 19 Oct 2013 11:07:29 -0000
Mailing-List: contact systemtap-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <systemtap.sourceware.org>
List-Subscribe: <mailto:systemtap-subscribe@sourceware.org>
List-Post: <mailto:systemtap@sourceware.org>
List-Help: <mailto:systemtap-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: systemtap-owner@sourceware.org
Received: (qmail 18641 invoked by uid 89); 19 Oct 2013 11:07:29 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=1.0 required=5.0 tests=AWL,BAYES_50,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=no version=3.3.2
X-HELO: mail-in-12.arcor-online.net
Received: from mail-in-12.arcor-online.net (HELO mail-in-12.arcor-online.net) (151.189.21.52) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (CAMELLIA256-SHA encrypted) ESMTPS; Sat, 19 Oct 2013 11:07:28 +0000
Received: from mail-in-12-z2.arcor-online.net (mail-in-12-z2.arcor-online.net [151.189.8.29])	by mx.arcor.de (Postfix) with ESMTP id 859E726343	for <systemtap@sourceware.org>; Sat, 19 Oct 2013 13:07:24 +0200 (CEST)
Received: from mail-in-16.arcor-online.net (mail-in-16.arcor-online.net [151.189.21.56])	by mail-in-12-z2.arcor-online.net (Postfix) with ESMTP id 7D90B2E6055	for <systemtap@sourceware.org>; Sat, 19 Oct 2013 13:07:24 +0200 (CEST)
Received: from webmail11.arcor-online.net (webmail11.arcor-online.net [151.189.8.83])	by mail-in-16.arcor-online.net (Postfix) with ESMTP id 7CF2B8251	for <systemtap@sourceware.org>; Sat, 19 Oct 2013 13:07:24 +0200 (CEST)
X-DKIM: Sendmail DKIM Filter v2.8.2 mail-in-16.arcor-online.net 7CF2B8251
Received: from [37.201.128.42] by webmail11.arcor-online.net (151.189.8.83) with HTTP (Arcor Webmail); Sat, 19 Oct 2013 13:07:24 +0200 (CEST)
Date: Sat, 19 Oct 2013 11:07:00 -0000
From: ch2009@arcor.de
To: systemtap@sourceware.org
Message-ID: <1555905208.2010315.1382180844427.JavaMail.ngmail@webmail11.arcor-online.net>
Subject: rootkits and hidden processes
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-ngMessageSubType: MessageSubType_MAIL
X-WebmailclientIP: 37.201.128.42
X-IsSubscribed: yes
X-SW-Source: 2013-q4/txt/msg00074.txt.bz2

Dear all,

is it possible to find rootkits with systemtap? How to list all processes?

There's a presentation about systemtap and "rootkits made trivial",
so finding rootkits shouldn't be too hard!

Thank you in advance.

Chris