From 0371ea51c825d5438fbfca0dec5e2f8be054bb98 Mon Sep 17 00:00:00 2001 From: "QCQCQC@Ubuntu" <1220204124@zust.edu.cn> Date: Wed, 26 Mar 2025 16:09:27 +0800 Subject: [PATCH] rewrite --- execve_intercept.c | 70 +++++++-------------------------------------- intercept.so | Bin 21864 -> 21664 bytes 2 files changed, 10 insertions(+), 60 deletions(-) diff --git a/execve_intercept.c b/execve_intercept.c index a9a4918..44f9ae8 100644 --- a/execve_intercept.c +++ b/execve_intercept.c @@ -114,75 +114,25 @@ void write_log(const char *filename, char *const argv[]) { // 复制标准输出和错误输出到日志文件 void duplicate_output_to_log() { - int stdout_pipe[2], stderr_pipe[2]; - - // 创建 stdout 和 stderr 的管道 - if (pipe(stdout_pipe) < 0 || pipe(stderr_pipe) < 0) { - perror("pipe"); + int out_fd = open(LOG_OUT_FILE, O_WRONLY | O_CREAT | O_APPEND, 0644); + if (out_fd == -1) { + perror("Failed to open log file"); return; } - pid_t pid = fork(); - if (pid < 0) { - perror("fork"); + // 复制 stdout 和 stderr 到 log 文件 + if (dup2(out_fd, STDOUT_FILENO) == -1 || dup2(out_fd, STDERR_FILENO) == -1) { + perror("Failed to redirect output"); + close(out_fd); return; } - if (pid == 0) { // 子进程 - close(stdout_pipe[1]); // 关闭 stdout 写端 - close(stderr_pipe[1]); // 关闭 stderr 写端 - - // 打开日志文件(追加模式) - int log_fd = open(LOG_OUT_FILE, O_WRONLY | O_CREAT | O_APPEND, 0644); - if (log_fd < 0) { - perror("open log file"); - exit(1); - } - - // 让 tee 进程读取 stdout_pipe[0] 并写入日志和终端 - dup2(stdout_pipe[0], STDIN_FILENO); - dup2(log_fd, STDOUT_FILENO); - execlp("tee", "tee", "/dev/tty", NULL); - perror("execlp tee stdout"); - exit(1); - } - - pid_t pid_err = fork(); - if (pid_err < 0) { - perror("fork"); - return; - } - - if (pid_err == 0) { // 另一个子进程 - close(stderr_pipe[1]); // 关闭 stderr 写端 - - int log_fd = open(LOG_OUT_FILE, O_WRONLY | O_CREAT | O_APPEND, 0644); - if (log_fd < 0) { - perror("open log file"); - exit(1); - } - - // 让 tee 进程读取 stderr_pipe[0] 并写入日志和终端 - dup2(stderr_pipe[0], STDIN_FILENO); - dup2(log_fd, STDOUT_FILENO); - execlp("tee", "tee", "/dev/tty", NULL); - perror("execlp tee stderr"); - exit(1); - } - - // 父进程 - close(stdout_pipe[0]); // 关闭 stdout 读端 - close(stderr_pipe[0]); // 关闭 stderr 读端 - - // 让标准输出、错误输出流向管道 - dup2(stdout_pipe[1], STDOUT_FILENO); - dup2(stderr_pipe[1], STDERR_FILENO); - - close(stdout_pipe[1]); // 关闭写端(子进程 tee 负责处理) - close(stderr_pipe[1]); + // 关闭文件描述符,因为 stdout/stderr 现在已经指向它 + close(out_fd); } + typedef int (*orig_execve_type)(const char *filename, char *const argv[], char *const envp[]); diff --git a/intercept.so b/intercept.so index e05f950bf9fccd7a7386f782a5c9641721d8c140..49bbfac8704431c820a1a11f7ab984dc34f47082 100755 GIT binary patch delta 4302 zcmZWt3s6&68onoRkpLm0gd_+gJbh3}zz1NFhZ?zdRf2`}(fV3Ji@JrQ{Su%Ca`}wD(=zwp?U1>Y9QV!7Bu>Bq3BFJuh9O z*eJZlKvd9Nav4g4^w1C_k;kmogSGXnRv2s`@3C45o{rM8EO!%q?^^2 zh^?>(**6&n7-kQ#!p;x_oD8wne~Bp!6CwpwJT{9(6U^m81$V`A9k>uO6nvk70~Zwh zV+G$4$AQ%fUZ~)8Mh=9cPRlipj}x?s9N4GgvK$3XXq}Gh>B=xSDuE0mya$Ffld#I# z+Ui=N!da6Av(^0|g~ikpK_vvSi{QvU{|gqh*uYSXX~*kO+YTJ|5W%QmUZ#seilRqX zRcQnvSgaC0wCPBoRE}dXfzL!;49Z_hxtrA*nD~qt~Qy4!gHQrbZ8I zHF-n_f6-XrMtFqgJnb-+A$aNGsixSN&UAk3A7G7zg^_E>NH`a1fjDi1_l2|?^6^lI zs{W3g>YOYHTGKQ^xT{Tggt}*t?i!@m4blhu|9X(Ua*)1ofG*Mo%e{w(og{gZXY#r{ zL6AIREfu-_4xQu{f0~4KSBFC__h?NGv}Y$2iToLiKVeE9tk;boe}kR6gwY~mf-}8b zYMOiieFdrIzm5pWJ^9*;g5Wbgm1SRrEX!TuxA1RWUfxpN1X4@4FZU-|mRfA*rKY;` zf-?^rE}#v&F&*7x%JFDQ8TB->57RV!*I;f;zTp8zM8_U<>=B%1$&E2EULPEc8Nc|I zC(P)RJmrVcf>P6oyG3fDQGD^VO;34;V)-y&3F4NMie*Q@(o36j+YVEI4;1RtBD)?l zq=O<0p1>A^9^Crjk-z2eNeU-%_=J9V@GlXDKkJ9XO})D=9opu9(h+mp z&QP~+Aj$B`urD65KJ+2lN6~`E*v7=r6$m%kJ|Zkwk0H&tgE!bCxy$=2r1a=idfGWe z-y$#>-yv_q2gZ#P%V;c*xHE>f+l94OR_pe;{f#u$^$FVMT{H_1ju*B!^dT&Yjfq^r znSAJv!aK2JBl8DB4e)tvdcC7xmamgm%$4R4?9ZVN;ZrB*`Yy-iAT`|>`sqI0=EsWg zNW?5I;pWArcyq$wdMxA z&jgH{xN%az_}74O)r0BGH9lb79k9-3uFe?A?P{l4VbX8km*vBB;I2mxKr8RV-xKtz z)%U@dUpU9LO^Z*h~(I)43RCAAOw|8hi!9DW)suJ!)nJINtBIRHghVi*uz#7&z zAH^pNPQcM&JRsbMy{4FY$U>Fv=r(HbX!bLEU`J2FBzs?{zHaf8aVRjd7V8IS9TWTE z9(KmSLt0h}+TV7PnB!PN}LRMa#MQXp~ySYKptX*H9QRoHJp7{|iXz7UztE z+2%|Y+=E7Q?6STn>duabnKXiDyOp-)cG;=$XwC-g)E(_P&)JUz>=D%Nc8yZ9J;;*R zyq^U>nNvpe++{`<9J}%cHMVq0Zr$Q6*pL{LPM?CG(g&83%x=zSjUnIqjGsXHY3fDH zuDg{92NNwRpW)M3aSZ>FA1o0V5VI*%vN?NaYf_B%28L;IrLZ38)?`9z(yXLCcW5fE zdAwUpV1uzVK1(n(6SgHy7@CW;CYKpm1hYP2g$qfR`Ma!wkn4&=Q2VZ(os`cetAqyd zxR%hc?C42QCh8gn!ifo&*r_Tm#t>M2?)bQS8-cJ_OhnTTXjJ&r@7?EqI_&i$`Z??u_u`ZIF{Q7q7J7DzaS-EFpqN z@NuN$8OV5hF*fdY*IYJ^x=BCdQ!@H6as?+hkKtr|UD%Qm8+Qobe-%Q$5^WQmVYlvI z8Bm`Zzp8-|lyk7Dj}DmFJP@l!%=ZXyn`~Da>aNUpnDD;NVMLyX^L$Tk;YO!}()$%V zm&DDA;R+gh8+m&r88jioo6N*AZor^83niFLJWFQgw1Ewu@<+Y?a+B>Uaf`mOIMcSP z+IN@Z0fQ$#-~TF}a|OQP(MeWj=TaZ|Qj@$9Y4_A#YuY^3R_li149n{36>nN9*H$ij zt8#I*(~*I?Fnwv&>dFeUquN|uQ~A0XA@g!X2H>@o6;-vB%N%BOsc|~sl64srW^S6Z z{ySM-kDdFnN0#@YyoB;Il;^I<@>!I^_p*Es#RZhnI4hTZvOFH8qgR&8P~Q1LmK`V; zU6V;eTLPRssoz zBUvWZ=hxt3RzlK#Y#b=b7CCgIYN{qgwK-x4zNu0lnw-H0vEvd{Z}q|?6vumE0g6A} z^!{ethA^eMM=P~Yaub;q&k!gQ}P#)d9XL%MC{O+Zy`(IcD^af z8qU4wdn+w9kXT?L0+be*RPAbSZ9x|yIWWJddPWEB=75500$;@=g}y;}qJsMq^SfkY zg$PEW5Td47NDUNCDK<)jUeVhXjve++(POqpkhvCmr&x@KlKpYGyvUda0blB;TJWoE z=~O)_gmqKbs8sQAXXgf%p1~hm?Fv5lW6MjuNEf?b zq<8Uu$TUNdYB+hyPz^*)*Q+z|DMjPf!Hnr6aj+00zo2*Ha>Zg8!IR#gOv*aOS5_=D|~f)D=k`wnrQQa=k651qw&Orot=FTRSeR8g32v^PKaAEZ!dfHv*qMpR!d-py*|{gtVwvou7~gKQR*6e+S7tgrP+oCMe|Gl9%A$rrBTED zOV2OwM#AROj4=P2z{P#MbUOJ1sOMPJfxiZd=47iwvv@OrM7R9eBJMW?=f-+eD3=IrI<-uwN2 z-~I0Q-TS@!-hHnfV7@=HoteznH6=fy$sq8n$R@ z>lEQRh+#j(9L<%fKn)hv@q&#t?+l!HW6!UK-+uXp|K#p*e)iO6Bk57sO#CzahvPp@ z7%#BC1z!_34gc8?6SkcF099coXbTfr4D5Z>1bx`@aI9EuW^eIUlR5{^Y0RvLB=#=H z&LFF$9=kL->;mL!{=lB$bQpo`0B`T$s7`289j>?qJ$bN zdV`lBX^vizl72`3eNFhvH|D|oSj-&6F*qfFOb8GlHqpC|+S zlmV(yB!_PE`4faJW%gfI3~ijyyN~qt`;1ueboAR(# zzh-?CoEtw1r?uwRFr0i9E(HCkW+6XX9JP>+!$;%LmH2m^*PaKWx%-CWiP4=Zwf zLxWzxJ`P20PHfQ9Qdgi%7mbjhaKa=6)B`V}s1jBx3Zsj-9_E644MBT^$#PJMxTfks zwg%pc$YMsg5Mcscq)tCnA@h_^lRzJ7Vv`{~vW#VRZ-}g5FsRePNuACzMb_fwehLe( zarmDK-|EU(Jj~SF;aR;-e=dld1}*wBIFIOP5Nd}D`pwJ=)lv2*v$!3(n5{TUR?~v; z;vigEUCxR@czTe2We}bLT~T`uMLSh<*3rz}7}$GHl6HP?NV&6)y4)D(3dk8;ZV$+l zx%@QAkP~O>9v63nwNlR;Qu>BDf?%*dDhP^PA0j^yB3FmVi$Y{ah+G&V&s5}A|A5m& z6w*WF2_dr4FN@wn3${hCCYGv#QKwP#Xtq6!ZC8&|EA<(yZ5X)lp;Dv%z$2tT^D@P%=%xfj;~JN9A6 zKB3trde8>i>w)PBGgc?za7g+@Z}nkhu-2CZtoZIxS8sKX!eosxS7hd-!X%6_r-<=5 z4$~NmpeG?CYR7*$(nCn%T`-tU5NV3jFP7nx1Yd?Ivl&WFaq0v_A=eZK8%#!9v6*70 zfPB}{QCE+l^AnmdkK+tsd*F4`%GlOBJcJ=chX|GK;1ILMPe!=IagcFiwdM@VT6w%a z(NjHICuYT`)7J0Q_)_3i^LDln(kwe>O(I)fjTxUoqWdFkMe|m#Z>4{bj+P<8(D@2^ z;l=5~@y?9GMN2}|RopaClxN-ps>JD0$AY0sC``r=ye&xsYTV9zz1YJ1p!DDxiHb%M zY0%S!7=w!(^f(65@moJglE*QEtwC(PyAM^4m8dB&&6Rixrd5gNA`a_z^mnxM3tKJ7 zp66_@?`y=5V=uv{!!a;>j$vCsdmFgr{$s?UxC+H1L}A}IdEXDP^=ICqNq$4NCr{ll z8bu5cYo+Pk9vEalwtQExa68U-w49ftoF(`5twem_K8`_*!SyD#qa! zZpS}SFRyEeTQr`GB^z9^4K+UM)DRJ*a9~W~RaC%zbNN{Bt}$}EOg=nDZW$x%Z?5KD zCycSRW30%#HYbQ4*M9N}ovt5|q{Fn9*W!cF3PKUY?c~7?Vc7`mO19g+islpIyN7z{ z=s2!R7HFr`6y?FC z?0BClp?NymD$F4#P}BGbX?pb)yu;W=J_9=rY$RhIO`9^50ozV$V}Q%f-awNc*)q!M zIKEr68d;BK1?l`oZ0MPUui2zLn|q-tAl#$LqsrCOoD$SM12uXz$+<8(Ay?IM1F}*Q z*Sx}e^R0Lp8SuWCLt%Jal~j54+s61=GC%tPe$5!4K)lD5Nj&=VGWT7-E(i9fOiKFu zFekZjBv%sYJ|TLHQ*z*HN=A}f=DBg?69c@@4w=>rt;l)f5j!lm+RN8QQOw+HC0kHJ`ChkscYr9F?jxPCQqV7x*X)HEV@ z@sn&+OMs;|YxG1i>$0IHL*KpG&|$N$sLK|F0#`DEh8HUNV=}N}!E;ha zp7;9t&=4+9q{ttsnki@kn-4rZE?kGm)U@Q=vgT||xQ+N$OlEp}(Vpb94nukB)LC)Y z(YUAj4ED!20DhO&QbhDL#q6WE0Ajqx7~Y*LT)z$nQgc-^ro;JEYs?^$I(BQbL@<$!54AL?`9qqw>(?1^&Fpf zDlbFRcY$8-r{_&%B2?v>3X0Kun{uo|YeF*qo%nz9iX`!)qa!MMhpJQ`9+noS8#kWw zyOCcHd-JTV>F5MMk@~e%5-D*la#D}Z@sqEg535!At&sD}zLBJD=$sJXo0*@FNBnIJ zW5w|ts?ue^yt%8`Vc0v@%GSb(xpw?)Fg({9a}YCuE;_N%H3X?ecGd<}MOJ-EgpA=k zRigl@OHJ@v)cQlkvsr2rKIZ6ZQ|g^c{hCtOKtV}kd9mW6tSjIVo{qdxLQ@Eys^I=m z{QCLWV1h-ch2auAL(k@wS=Lp_tpA|AU(soT_IW0@1%5lvj$buS&9hr{bQ%o0{*7%W zn1vdMDYdhsP*Q4QwXmXev#Q1lpOl_vgZPQW%5KAnM;qBM`R9^fQ<=LLXOzA_gnsxq zqTrz)KK{!4e!xjl68sELQtU(n``$KWrW99QoSLbEtWzX!^E?CJ_4Njgy6&NcO$=5ox{R4tve+JTSV=#By%yRL_2-|zu7wke?b$<53JIzJ*ed7K`5xqkLgh)f87S{mG)SF#`^11(eOcKc7#8b z@GiPjIiI};B~^Cq*yp~jRry+5p1fSP?ju!YjMV^JV%Pe=+u-f6Bwt^vq;72qszPdb l9PC_@i79wwNs)FZVR)gdOVOApOMiiqrTOeL*t&G`{{Zr3BS`=N