Module tty_check 

Linux TTY operations hook detector.

Walks the tty_drivers list and checks each driver’s tty_operations function pointers against the kernel text region (_stext.._etext). Handlers pointing outside this range indicate potential rootkit hooks on TTY devices.

Functions

check_tty_hooks

Check TTY driver operations for hooks.