q2.bpf.c

eBPF rootkit component source filename recovered from .BTF.ext debug metadata left in the embedded ELF object (214 verbatim source lines). Provides process hiding (/proc rewriting), TCP socket hiding (netlink filtering), and anti-debugging (ptrace interception, SIGKILL).