diff --git a/build/config.o b/build/config.o
index f238911..0b9839b 100644
Binary files a/build/config.o and b/build/config.o differ
diff --git a/build/debug.o b/build/debug.o
index 4d648ea..7699e81 100644
Binary files a/build/debug.o and b/build/debug.o differ
diff --git a/build/execve_interceptor.o b/build/execve_interceptor.o
index 368d94b..f94cad2 100644
Binary files a/build/execve_interceptor.o and b/build/execve_interceptor.o differ
diff --git a/build/hook_write.o b/build/hook_write.o
index 9950552..d64dc30 100644
Binary files a/build/hook_write.o and b/build/hook_write.o differ
diff --git a/build/hook_write.so b/build/hook_write.so
index 2f2dc26..d17bd7c 100755
Binary files a/build/hook_write.so and b/build/hook_write.so differ
diff --git a/build/init_cleanup.o b/build/init_cleanup.o
index 370a793..4c27e2f 100644
Binary files a/build/init_cleanup.o and b/build/init_cleanup.o differ
diff --git a/build/intercept.so b/build/intercept.so
index 9669441..52d9c83 100755
Binary files a/build/intercept.so and b/build/intercept.so differ
diff --git a/build/logging.o b/build/logging.o
index 71aa599..e408358 100644
Binary files a/build/logging.o and b/build/logging.o differ
diff --git a/build/pty_dup.o b/build/pty_dup.o
index ace5756..64c13cc 100644
Binary files a/build/pty_dup.o and b/build/pty_dup.o differ
diff --git a/build/rules.o b/build/rules.o
index 4b46a32..a8df34e 100644
Binary files a/build/rules.o and b/build/rules.o differ
diff --git a/build/signal_handlers.o b/build/signal_handlers.o
index 71e1f95..6c87b3d 100644
Binary files a/build/signal_handlers.o and b/build/signal_handlers.o differ
diff --git a/build/terminal_utils.o b/build/terminal_utils.o
index 69d3894..e1774cc 100644
Binary files a/build/terminal_utils.o and b/build/terminal_utils.o differ
diff --git a/build/utils.o b/build/utils.o
index d23d0cf..497c020 100644
Binary files a/build/utils.o and b/build/utils.o differ
diff --git a/logs/execve.log b/logs/execve.log
index e69de29..1742a2d 100644
--- a/logs/execve.log
+++ b/logs/execve.log
@@ -0,0 +1,102 @@
+[Thu Apr 10 13:38:46 2025
+] Command: /bin/lesspipe
+arg[0]: lesspipe
+[Thu Apr 10 13:38:46 2025
+] Command: /bin/dircolors
+arg[0]: dircolors
+arg[1]: -b
+[Thu Apr 10 13:38:48 2025
+] Command: /bin/ls
+arg[0]: ls
+arg[1]: --color=auto
+arg[2]: -CF
+[Thu Apr 10 13:38:57 2025
+] Command: /bin/ls
+arg[0]: ls
+arg[1]: --color=auto
+[Thu Apr 10 13:39:06 2025
+] Command: /usr/lib/command-not-found
+arg[0]: /usr/lib/command-not-found
+arg[1]: --
+arg[2]: nvidia-smi
+[Thu Apr 10 13:39:26 2025
+] Command: /bin/rm
+arg[0]: rm
+[Thu Apr 10 13:39:30 2025
+] Command: /bin/rm
+arg[0]: rm
+arg[1]: -rf
+arg[2]: ./Makefile
+arg[3]: ./README.md
+arg[4]: ./build
+arg[5]: ./config
+arg[6]: ./logs
+arg[7]: ./output.txt
+arg[8]: ./src
+arg[9]: ./test_bash.sh
+arg[10]: ./tests
+[Thu Apr 10 13:40:41 2025
+] Command: /bin/lesspipe
+arg[0]: lesspipe
+[Thu Apr 10 13:40:41 2025
+] Command: /bin/dircolors
+arg[0]: dircolors
+arg[1]: -b
+[Thu Apr 10 13:40:48 2025
+] Command: /home/qcqcqc/miniconda3/bin/python
+arg[0]: python
+[Thu Apr 10 13:41:01 2025
+] Command: /home/qcqcqc/miniconda3/bin/pip
+arg[0]: pip
+arg[1]: install
+arg[2]: abcdefaaaaa
+[Thu Apr 10 16:50:23 2025
+] Command: /bin/lesspipe
+arg[0]: lesspipe
+[Thu Apr 10 16:50:23 2025
+] Command: /bin/dircolors
+arg[0]: dircolors
+arg[1]: -b
+[Thu Apr 10 16:50:25 2025
+] Command: /bin/ls
+arg[0]: ls
+arg[1]: --color=auto
+[Thu Apr 10 16:50:25 2025
+] Command: /bin/ls
+arg[0]: ls
+arg[1]: --color=auto
+arg[2]: -CF
+[Sat Apr 12 10:04:23 2025
+] Command: /bin/lesspipe
+arg[0]: lesspipe
+[Sat Apr 12 10:04:23 2025
+] Command: /bin/dircolors
+arg[0]: dircolors
+arg[1]: -b
+[Sat Apr 12 10:04:26 2025
+] Command: /bin/ls
+arg[0]: ls
+arg[1]: --color=auto
+arg[2]: -CF
+[Sat Apr 12 10:04:43 2025
+] Command: /bin/ls
+arg[0]: ls
+arg[1]: --color=auto
+[Sat Apr 12 10:06:47 2025
+] Command: /bin/ls
+arg[0]: ls
+arg[1]: --color=auto
+[Sat Apr 12 10:08:51 2025
+] Command: /bin/ls
+arg[0]: ls
+arg[1]: --color=auto
+arg[2]: -CF
+[Sat Apr 12 10:08:52 2025
+] Command: /bin/ls
+arg[0]: ls
+arg[1]: --color=auto
+[Sat Apr 12 10:14:16 2025
+] Command: /home/qcqcqc/miniconda3/bin/pip
+arg[0]: pip
+arg[1]: install
+arg[2]: torch
diff --git a/logs/execve_out.log b/logs/execve_out.log
index e69de29..5212d2a 100644
--- a/logs/execve_out.log
+++ b/logs/execve_out.log
@@ -0,0 +1,49 @@
+[DEBUG][PID 176170] src/pty_dup.c:43:dupIO(): forkpty result is: 0.
+[DEBUG][PID 176170] src/pty_dup.c:50:dupIO(): Child process ready.
+Makefile  README.md  [0m[01;34mbuild[0m/  [01;34mconfig[0m/  [01;34mlogs[0m/  output.txt  [01;34msrc[0m/  [01;32mtest_bash.sh[0m*  [01;34mtests[0m/
+[DEBUG][PID 176315] src/pty_dup.c:43:dupIO(): forkpty result is: 0.
+[DEBUG][PID 176315] src/pty_dup.c:50:dupIO(): Child process ready.
+Makefile  README.md  [0m[01;34mbuild[0m  [01;34mconfig[0m  [01;34mlogs[0m  output.txt  [01;34msrc[0m  [01;32mtest_bash.sh[0m  [01;34mtests[0m
+[DEBUG][PID 177976] src/pty_dup.c:43:dupIO(): forkpty result is: 0.
+[DEBUG][PID 177976] src/pty_dup.c:50:dupIO(): Child process ready.
+Python 3.12.9 | packaged by Anaconda, Inc. | (main, Feb  6 2025, 18:56:27) [GCC 11.2.0] on linux
+Type "help", "copyright", "credits" or "license" for more information.
+>>> [DEBUG][PID 178205] src/pty_dup.c:43:dupIO(): forkpty result is: 0.
+[DEBUG][PID 178205] src/pty_dup.c:50:dupIO(): Child process ready.
+Looking in indexes: https://pypi.tuna.tsinghua.edu.cn/simple
+[31mERROR: Could not find a version that satisfies the requirement abcdefaaaaa (from versions: none)[0m[31m
+[0m[31mERROR: No matching distribution found for abcdefaaaaa[0m[31m
+[0m[DEBUG][PID 458319] src/pty_dup.c:43:dupIO(): forkpty result is: 0.
+[DEBUG][PID 458319] src/pty_dup.c:50:dupIO(): Child process ready.
+Makefile  README.md  [0m[01;34mbuild[0m  [01;34mconfig[0m  [01;34mlogs[0m  output.txt  [01;34msrc[0m  [01;32mtest_bash.sh[0m  [01;34mtests[0m
+[DEBUG][PID 458327] src/pty_dup.c:43:dupIO(): forkpty result is: 0.
+[DEBUG][PID 458327] src/pty_dup.c:50:dupIO(): Child process ready.
+Makefile  README.md  [0m[01;34mbuild[0m/  [01;34mconfig[0m/  [01;34mlogs[0m/  output.txt  [01;34msrc[0m/  [01;32mtest_bash.sh[0m*  [01;34mtests[0m/
+Welcome to the System!
+[DEBUG][PID 2236478] src/pty_dup.c:43:dupIO(): forkpty result is: 0.
+[DEBUG][PID 2236478] src/pty_dup.c:50:dupIO(): Child process ready.
+Makefile  README.md  [0m[01;34mbuild[0m/  [01;34mconfig[0m/  [01;34mlogs[0m/  output.txt  [01;34msrc[0m/  [01;32mtest_bash.sh[0m*  [01;34mtests[0m/
+Welcome to the System!
+[DEBUG][PID 2236933] src/pty_dup.c:43:dupIO(): forkpty result is: 0.
+[DEBUG][PID 2236933] src/pty_dup.c:50:dupIO(): Child process ready.
+Makefile  README.md  [0m[01;34mbuild[0m  [01;34mconfig[0m  [01;34mlogs[0m  output.txt  [01;34msrc[0m  [01;32mtest_bash.sh[0m  [01;34mtests[0m
+[DEBUG][PID 2240596] src/pty_dup.c:43:dupIO(): forkpty result is: 0.
+[DEBUG][PID 2240596] src/pty_dup.c:50:dupIO(): Child process ready.
+Makefile  README.md  [0m[01;34mbuild[0m  [01;34mconfig[0m  [01;34mlogs[0m  output.txt  [01;34msrc[0m  [01;32mtest_bash.sh[0m  [01;34mtests[0m
+欢迎使用北冥云计算服务!
+[DEBUG][PID 2244514] src/pty_dup.c:43:dupIO(): forkpty result is: 0.
+[DEBUG][PID 2244514] src/pty_dup.c:50:dupIO(): Child process ready.
+Makefile  README.md  [0m[01;34mbuild[0m/  [01;34mconfig[0m/  [01;34mlogs[0m/  output.txt  [01;34msrc[0m/  [01;32mtest_bash.sh[0m*  [01;34mtests[0m/
+欢迎使用北冥云计算服务!
+[DEBUG][PID 2244525] src/pty_dup.c:43:dupIO(): forkpty result is: 0.
+[DEBUG][PID 2244525] src/pty_dup.c:50:dupIO(): Child process ready.
+Makefile  README.md  [0m[01;34mbuild[0m  [01;34mconfig[0m  [01;34mlogs[0m  output.txt  [01;34msrc[0m  [01;32mtest_bash.sh[0m  [01;34mtests[0m
+[DEBUG][PID 2252763] src/pty_dup.c:43:dupIO(): forkpty result is: 0.
+[DEBUG][PID 2252763] src/pty_dup.c:50:dupIO(): Child process ready.
+欢迎使用北冥云计算服务!
+Looking in indexes: https://pypi.tuna.tsinghua.edu.cn/simple
+Collecting torch
+  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/e5/35/0c52d708144c2deb595cd22819a609f78fdd699b95ff6f0ebcd456e3c7c1/torch-2.6.0-cp312-cp312-manylinux1_x86_64.whl (766.6 MB)
+[?25l     [38;5;237m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m0.0/766.6 MB[0m [31m?[0m eta [36m-:--:--[0m[2K     [38;5;237m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m0.3/766.6 MB[0m [31m?[0m eta [36m-:--:--[0m[2K     [38;5;237m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m1.0/766.6 MB[0m [31m3.8 MB/s[0m eta [36m0:03:23[0m[2K     [38;5;237m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m2.6/766.6 MB[0m [31m5.6 MB/s[0m eta [36m0:02:17[0m[2K     [38;5;237m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m3.9/766.6 MB[0m [31m5.9 MB/s[0m eta [36m0:02:10[0m[2K     [38;5;237m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m5.5/766.6 MB[0m [31m6.4 MB/s[0m eta [36m0:01:59[0m[2K     [38;5;237m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m7.9/766.6 MB[0m [31m7.3 MB/s[0m eta [36m0:01:45[0m[2K     [38;2;249;38;114m╸[0m[38;5;237m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m9.7/766.6 MB[0m [31m7.9 MB/s[0m eta [36m0:01:36[0m[2K     [38;2;249;38;114m╸[0m[38;5;237m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m12.1/766.6 MB[0m [31m8.1 MB/s[0m eta [36m0:01:33[0m[2K     [38;2;249;38;114m╸[0m[38;5;237m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m13.9/766.6 MB[0m [31m8.5 MB/s[0m eta [36m0:01:29[0m[2K     [38;2;249;38;114m╸[0m[38;5;237m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m16.3/766.6 MB[0m [31m8.7 MB/s[0m eta [36m0:01:27[0m[2K     [38;2;249;38;114m╸[0m[38;5;237m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m19.1/766.6 MB[0m [31m9.2 MB/s[0m eta [36m0:01:22[0m[2K     [38;2;249;38;114m━[0m[38;5;237m╺[0m[38;5;237m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m21.0/766.6 MB[0m [31m9.3 MB/s[0m eta [36m0:01:21[0m[2K     [38;2;249;38;114m━[0m[38;5;237m╺[0m[38;5;237m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m23.1/766.6 MB[0m [31m9.4 MB/s[0m eta [36m0:01:19[0m[2K     [38;2;249;38;114m━[0m[38;5;237m╺[0m[38;5;237m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m23.1/766.6 MB[0m [31m9.4 MB/s[0m eta [36m0:01:19[0m
+[?25h[31mERROR: Operation cancelled by user[0m[31m
+[0m
\ No newline at end of file
diff --git a/src/execve_interceptor.c b/src/execve_interceptor.c
index ac35352..41f92be 100644
--- a/src/execve_interceptor.c
+++ b/src/execve_interceptor.c
@@ -122,8 +122,6 @@ int enhance_execve(const char *filename, char *const argv[],
 #endif
     }
 
-    write_log(filename, argv);
-
     const char *basename = argv[0];
     if (strcmp(filename, COMMAND_NOT_FOUND) == 0 && argv[2]) {
         basename = argv[2];
@@ -141,9 +139,11 @@ int enhance_execve(const char *filename, char *const argv[],
 #endif
     }
 
+    int hasMatch = 0;
     for (int i = 0; i < shared_config->rule_count; i++) {
         if (strcmp(basename, shared_config->rules[i].cmd) == 0 &&
             args_match(argv, &shared_config->rules[i])) {
+            hasMatch++;
             DEBUG_LOG("Rule matched: %s (type: %s)",
                       shared_config->rules[i].cmd,
                       shared_config->rules[i].type);
@@ -179,6 +179,18 @@ int enhance_execve(const char *filename, char *const argv[],
         }
     }
 
+    if (hasMatch == 0) {
+        // 直接执行
+#ifdef HOOK
+        return orig_execve(filename, argv, envp);
+#else
+        return execve(filename, argv, envp);
+// return 1;
+#endif
+    }
+
+    write_log(filename, argv);
+
     // Duplicate stdout and stderr to the log file
     dupIO();