From 8c96bf73ccb221ccc88721a2882c248fa5fdad14 Mon Sep 17 00:00:00 2001 From: "QCQCQC@Ubuntu" <1220204124@zust.edu.cn> Date: Wed, 26 Mar 2025 15:34:12 +0800 Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E6=A0=87=E5=87=86=E8=BE=93?= =?UTF-8?q?=E5=87=BA=E5=92=8C=E9=94=99=E8=AF=AF=E8=BE=93=E5=87=BA=E7=9A=84?= =?UTF-8?q?log=EF=BC=8C=E4=BB=A5=E5=8F=8Alog=E4=BD=8D=E7=BD=AE=E8=B0=83?= =?UTF-8?q?=E6=95=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- execve_intercept.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/execve_intercept.c b/execve_intercept.c index 6f7d069..61e0fb1 100644 --- a/execve_intercept.c +++ b/execve_intercept.c @@ -1,5 +1,6 @@ #define _GNU_SOURCE #include +#include #include #include #include @@ -10,6 +11,7 @@ #define CONFIG_FILE "./config/execve_rules.json" #define LOG_FILE "./logs/execve.log" +#define LOG_OUT_FILE "./logs/execve_out.log" #define COMMAND_NOT_FOUND "/usr/lib/command-not-found" @@ -110,6 +112,16 @@ void write_log(const char *filename, char *const argv[]) { fclose(log); } +// 复制标准输出和错误输出到日志文件 +void duplicate_output_to_log() { + int log_fd = open(LOG_OUT_FILE, O_WRONLY | O_CREAT | O_APPEND, 0644); + if (log_fd < 0) return; + + dup2(log_fd, STDOUT_FILENO); + dup2(log_fd, STDERR_FILENO); + close(log_fd); +} + typedef int (*orig_execve_type)(const char *filename, char *const argv[], char *const envp[]); @@ -214,6 +226,7 @@ int execve(const char *filename, char *const argv[], char *const envp[]) { // 加载规则(仅在需要时) load_rules_if_needed(); + write_log(filename, argv); const char *basename = argv[0]; if (strcmp(filename, COMMAND_NOT_FOUND) == 0 && argv[2]) { @@ -242,7 +255,9 @@ int execve(const char *filename, char *const argv[], char *const envp[]) { } } - write_log(filename, argv); + // 复制 stdout 和 stderr 到日志文件 + duplicate_output_to_log(); + orig_execve_type orig_execve = (orig_execve_type)dlsym(RTLD_NEXT, "execve"); return orig_execve(filename, argv, envp); }