debug

2025-04-07 13:07:37 +08:00 · 2025-04-07 13:07:37 +08:00 · 95d4e85d33
parent 16883041db
commit 95d4e85d33
5 changed files with 82 additions and 12 deletions
--- a/5
+++ b/5
@ -4,6 +4,11 @@ LDFLAGS = -ldl -ljson-c
 TARGET = intercept.so
 SRC = execve_intercept.c

+# 如果需要开启 debug，只需执行 make DEBUG=1
+ifeq ($(DEBUG),1)
+    CFLAGS += -DDEBUG
+endif
+
 all: $(TARGET)

 $(TARGET): $(SRC)
--- a/execve_intercept.c
+++ b/execve_intercept.c
@ -10,6 +10,14 @@
 #include <time.h>
 #include <unistd.h>

+#ifdef DEBUG
+#define DEBUG_LOG(fmt, ...)                                              \
+    fprintf(stderr, "[DEBUG] %s:%d:%s(): " fmt "\n", __FILE__, __LINE__, \
+            __func__, ##__VA_ARGS__)
+#else
+#define DEBUG_LOG(fmt, ...) ((void)0)
+#endif
+
 #define CONFIG_FILE "./config/execve_rules.json"
 #define LOG_FILE "./logs/execve.log"
 #define LOG_OUT_FILE "./logs/execve_out.log"
@ -36,10 +44,11 @@ typedef struct {

 // 加载配置
 Config load_config() {
+    DEBUG_LOG("Loading configuration from %s", CONFIG_FILE);
    Config config = {false, NULL, 0};
    json_object *root = json_object_from_file(CONFIG_FILE);
    if (!root) {
-        fprintf(stderr, "Failed to parse JSON from %s\n", CONFIG_FILE);
+        DEBUG_LOG("Failed to parse config file from %s", CONFIG_FILE);
        return config;
    }

@ -101,11 +110,13 @@ Config load_config() {
    }

    json_object_put(root);
+    DEBUG_LOG("Loaded %d rules", config.rule_count);
    return config;
 }

 // 检查 args 是否匹配
 int args_match(char *const argv[], Rule *rule) {
+    DEBUG_LOG("Matching args for rule with cmd: %s", rule->cmd);
    if (rule->arg_count == 0) {
        return 1;  // 没有 args 约束，则直接匹配
    }
@ -125,6 +136,7 @@ int args_match(char *const argv[], Rule *rule) {

 // 写入日志
 void write_log(const char *filename, char *const argv[]) {
+    DEBUG_LOG("Writing exec log for command: %s", filename);
    time_t now;
    time(&now);

@ -148,6 +160,7 @@ int is_ansi_escape_sequence(const char *str) {

 // 复制标准输出和错误输出到日志文件
 void duplicate_output_to_log() {
+    DEBUG_LOG("Duplicating stdout/stderr to log file: %s", LOG_OUT_FILE);
    int log_fd = open(LOG_OUT_FILE, O_WRONLY | O_CREAT | O_APPEND, 0644);
    if (log_fd == -1) {
        perror("Failed to open log file");
@ -266,15 +279,12 @@ void load_config_if_needed() {
 }

 int execve(const char *filename, char *const argv[], char *const envp[]) {
-    // 如果功能被禁用，则直接执行
-    if (!config.enabled) {
-        orig_execve_type orig_execve =
-            (orig_execve_type)dlsym(RTLD_NEXT, "execve");
-        return orig_execve(filename, argv, envp);
-    }
+    DEBUG_LOG("Intercepted execve for: %s", filename);
+    DEBUG_LOG("argv[0] = %s", argv[0]);

    // 仅在 shell 终端调用 execve 时拦截
    if (!is_terminal_shell()) {
+        DEBUG_LOG("Not a terminal shell, bypassing interception.");
        orig_execve_type orig_execve =
            (orig_execve_type)dlsym(RTLD_NEXT, "execve");
        return orig_execve(filename, argv, envp);
@ -283,6 +293,14 @@ int execve(const char *filename, char *const argv[], char *const envp[]) {
    // 加载配置（仅在需要时）
    load_config_if_needed();

+    // 如果功能被禁用，则直接执行
+    if (!config.enabled) {
+        DEBUG_LOG("Not enabled.");
+        orig_execve_type orig_execve =
+            (orig_execve_type)dlsym(RTLD_NEXT, "execve");
+        return orig_execve(filename, argv, envp);
+    }
+
    write_log(filename, argv);

    const char *basename = argv[0];
@ -301,6 +319,8 @@ int execve(const char *filename, char *const argv[], char *const envp[]) {
    for (int i = 0; i < config.rule_count; i++) {
        if (strcmp(basename, config.rules[i].cmd) == 0 &&
            args_match(argv, &config.rules[i])) {
+            DEBUG_LOG("Rule matched: %s (type: %s)", config.rules[i].cmd,
+                      config.rules[i].type);
            if (strcmp(config.rules[i].type, "warn") == 0) {
                printf(ANSI_COLOR_YELLOW "[Warning] %s\n" ANSI_COLOR_RESET,
                       config.rules[i].msg);
@ -321,7 +341,7 @@ int execve(const char *filename, char *const argv[], char *const envp[]) {
    }

    // 复制 stdout 和 stderr 到日志文件
-    duplicate_output_to_log();
+    // duplicate_output_to_log();

    orig_execve_type orig_execve = (orig_execve_type)dlsym(RTLD_NEXT, "execve");
    return orig_execve(filename, argv, envp);
--- a/intercept.so
+++ b/intercept.so
--- a/logs/execve.log
+++ b/logs/execve.log
@ -1,11 +1,42 @@
-[Thu Apr  3 16:51:04 2025
+
+[Mon Apr  7 13:05:57 2025
 ] Command: /usr/bin/lesspipe
 arg[0]: lesspipe
-[Thu Apr  3 16:51:04 2025
+[Mon Apr  7 13:05:57 2025
 ] Command: /usr/bin/dircolors
 arg[0]: dircolors
 arg[1]: -b
-[Thu Apr  3 16:51:05 2025
+[Mon Apr  7 13:05:58 2025
+] Command: /usr/bin/ls
+arg[0]: ls
+arg[1]: --color=auto
+[Mon Apr  7 13:06:00 2025
+] Command: /usr/bin/ls
+arg[0]: ls
+arg[1]: --color=auto
+arg[2]: -alF
+[Mon Apr  7 13:06:03 2025
+] Command: /usr/lib/command-not-found
+arg[0]: /usr/lib/command-not-found
+arg[1]: --
+arg[2]: conda
+[Mon Apr  7 13:07:03 2025
+] Command: /usr/bin/lesspipe
+arg[0]: lesspipe
+[Mon Apr  7 13:07:03 2025
+] Command: /usr/bin/dircolors
+arg[0]: dircolors
+arg[1]: -b
+[Mon Apr  7 13:07:04 2025
+] Command: /usr/bin/ls
+arg[0]: ls
+arg[1]: --color=auto
+[Mon Apr  7 13:07:06 2025
+] Command: /usr/bin/ls
+arg[0]: ls
+arg[1]: --color=auto
+arg[2]: -alF
+[Mon Apr  7 13:07:07 2025
 ] Command: /usr/bin/ls
 arg[0]: ls
 arg[1]: --color=auto
--- a/logs/execve_out.log
+++ b/logs/execve_out.log
@ -1,3 +1,4 @@
+
 export LESSOPEN="| /usr/bin/lesspipe %s";
 export LESSCLOSE="/usr/bin/lesspipe %s %s";
 LS_COLORS='rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:';
@ -9,3 +10,16 @@ logs
 Makefile
 README.md
 test_bash.sh
+总计 67
+drwxrwxr-x  6 qcqcqc qcqcqc    11  4月  7 13:05 ./
+drwxrwxr-x 12 qcqcqc qcqcqc    12  3月 20 21:08 ../
+drwxrwxr-x  2 qcqcqc qcqcqc     3  3月 26 09:04 config/
+-rw-rw-r--  1 qcqcqc qcqcqc 11067  4月  7 13:05 execve_intercept.c
+drwxrwxr-x  8 qcqcqc qcqcqc    14  4月  7 09:30 .git/
+-rwxrwxr-x  1 qcqcqc qcqcqc 26328  4月  7 13:05 intercept.so*
+drwxrwxr-x  2 qcqcqc qcqcqc     4  3月 26 16:09 logs/
+-rw-rw-r--  1 qcqcqc qcqcqc   323  4月  7 13:01 Makefile
+-rw-rw-r--  1 qcqcqc qcqcqc  4361  4月  3 16:52 README.md
+-rwxrwxr-x  1 qcqcqc qcqcqc  2390  3月 26 16:49 test_bash.sh*
+drwxrwxr-x  2 qcqcqc qcqcqc     3  4月  7 09:16 .vscode/
+conda：未找到命令