pqc
/
execve_hook
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

使用共享内存代替,方便外部扩展,运行目录全部移至/tmp

This commit is contained in:
Pan Qiancheng 2025-04-07 13:58:38 +08:00
parent c70317e54d
commit e6568b3d81
5 changed files with 126 additions and 217 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

181
execve_intercept.c
View File

@ -1,80 +1,91 @@
#define _GNU_SOURCE
#include <dlfcn.h>
#include <errno.h>
#include <fcntl.h>
#include <json-c/json.h>
#include <stdbool.h> // 引入 bool 类型
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/ipc.h>
#include <sys/shm.h>
#include <sys/stat.h>
#include <time.h>
#include <unistd.h>
#ifdef DEBUG
#define DEBUG_LOG(fmt, ...) \
fprintf(stderr, "[DEBUG] %s:%d:%s(): " fmt "\n", __FILE__, __LINE__, \
__func__, ##__VA_ARGS__)
#else
#define DEBUG_LOG(fmt, ...) ((void)0)
#endif
#define CONFIG_FILE "./config/execve_rules.json"
#define LOG_FILE "./logs/execve.log"
#define LOG_OUT_FILE "./logs/execve_out.log"
#define CONFIG_FILE "/tmp/exec_hook/config/execve_rules.json"
#define LOG_FILE "/tmp/exec_hook/logs/execve.log"
#define LOG_OUT_FILE "/tmp/exec_hook/logs/execve_out.log"
#define COMMAND_NOT_FOUND "/usr/lib/command-not-found"
#define ANSI_COLOR_RED "\033[31m"
#define ANSI_COLOR_YELLOW "\033[33m"
#define ANSI_COLOR_RESET "\033[0m"
#define SHM_KEY 12345 // 用于标识共享内存的键值,需要确保唯一性
#define MAX_RULES 100 // 假设最大规则数量
#define MAX_ARGS 10 // 支持最多 10 个参数
typedef struct {
char cmd[256];
char type[32];
char msg[1024];
char args[10][256]; // 支持最多 10 个参数
char args[MAX_ARGS][256]; // 支持最多 MAX_ARGS 个参数
int arg_count;
} Rule;
typedef struct {
bool enabled;
Rule *rules;
Rule rules[MAX_RULES];
int rule_count;
} Config;
} ConfigData;
// 加载配置
Config load_config() {
DEBUG_LOG("Loading configuration from %s", CONFIG_FILE);
Config config = {false, NULL, 0};
// 全局变量,指向共享内存中的配置数据
static ConfigData *shared_config = NULL;
static int shm_id = -1;
static time_t last_modified_time = 0;
// 加载配置到共享内存
int load_config_to_shm() {
DEBUG_LOG("Loading configuration from %s to shared memory", CONFIG_FILE);
json_object *root = json_object_from_file(CONFIG_FILE);
if (!root) {
DEBUG_LOG("Failed to parse config file from %s", CONFIG_FILE);
return config;
return -1;
}
ConfigData temp_config;
temp_config.enabled = false;
temp_config.rule_count = 0;
json_object *enabled_obj;
if (json_object_object_get_ex(root, "enabled", &enabled_obj)) {
config.enabled = json_object_get_boolean(enabled_obj);
temp_config.enabled = json_object_get_boolean(enabled_obj);
}
if (!config.enabled) {
if (!temp_config.enabled) {
json_object_put(root);
return config;
return 0; // 功能未启用,不加载规则
}
json_object *rules_array_obj;
if (json_object_object_get_ex(root, "rules", &rules_array_obj) &&
json_object_get_type(rules_array_obj) == json_type_array) {
config.rule_count = json_object_array_length(rules_array_obj);
config.rules = malloc(sizeof(Rule) * config.rule_count);
if (!config.rules) {
fprintf(stderr, "Failed to allocate memory for rules\n");
json_object_put(root);
config.rule_count = 0;
return config;
}
int rules_len = json_object_array_length(rules_array_obj);
temp_config.rule_count = rules_len < MAX_RULES ? rules_len : MAX_RULES;
for (int i = 0; i < config.rule_count; i++) {
for (int i = 0; i < temp_config.rule_count; i++) {
json_object *rule_obj =
json_object_array_get_idx(rules_array_obj, i);
json_object *cmd, *type, *msg, *args;
@ -84,25 +95,30 @@ Config load_config() {
json_object_object_get_ex(rule_obj, "msg", &msg);
if (cmd)
strncpy(config.rules[i].cmd, json_object_get_string(cmd), 255);
strncpy(temp_config.rules[i].cmd, json_object_get_string(cmd),
sizeof(temp_config.rules[i].cmd) - 1);
if (type)
strncpy(config.rules[i].type, json_object_get_string(type), 31);
strncpy(temp_config.rules[i].type, json_object_get_string(type),
sizeof(temp_config.rules[i].type) - 1);
if (msg)
strncpy(config.rules[i].msg, json_object_get_string(msg), 1023);
strncpy(temp_config.rules[i].msg, json_object_get_string(msg),
sizeof(temp_config.rules[i].msg) - 1);
// 解析 args 参数
config.rules[i].arg_count = 0;
temp_config.rules[i].arg_count = 0;
if (json_object_object_get_ex(rule_obj, "args", &args) &&
json_object_get_type(args) == json_type_array) {
int args_len = json_object_array_length(args);
config.rules[i].arg_count =
args_len < 10 ? args_len : 10; // 限制最多 10 个参数
temp_config.rules[i].arg_count =
args_len < MAX_ARGS ? args_len
: MAX_ARGS; // 限制最多 MAX_ARGS 个参数
for (int j = 0; j < config.rules[i].arg_count; j++) {
for (int j = 0; j < temp_config.rules[i].arg_count; j++) {
json_object *arg_item = json_object_array_get_idx(args, j);
if (arg_item) {
strncpy(config.rules[i].args[j],
json_object_get_string(arg_item), 255);
strncpy(temp_config.rules[i].args[j],
json_object_get_string(arg_item),
sizeof(temp_config.rules[i].args[j]) - 1);
}
}
}
@ -110,8 +126,12 @@ Config load_config() {
}
json_object_put(root);
DEBUG_LOG("Loaded %d rules", config.rule_count);
return config;
// 将临时配置复制到共享内存
memcpy(shared_config, &temp_config, sizeof(ConfigData));
DEBUG_LOG("Loaded %d rules to shared memory", shared_config->rule_count);
return 0;
}
// 检查 args 是否匹配
@ -227,9 +247,6 @@ void duplicate_output_to_log() {
typedef int (*orig_execve_type)(const char *filename, char *const argv[],
char *const envp[]);
static Config config;
static time_t last_modified_time = 0;
// 判断父进程是否为终端 shell (bash, zsh, fish 等)
int is_terminal_shell() {
pid_t ppid = getppid();
@ -261,24 +278,44 @@ int config_file_modified() {
}
int isChanged = file_stat.st_mtime != last_modified_time;
if (isChanged != 0) {
DEBUG_LOG("Updating last_modified_time to: %ld", last_modified_time);
DEBUG_LOG("Updating last_modified_time to: %ld", file_stat.st_mtime);
last_modified_time = file_stat.st_mtime;
return 1;
}
return 0;
}
// 加载或重新加载配置
// 加载或重新加载配置到共享内存
void load_config_if_needed() {
if (config.rules == NULL || config_file_modified()) {
DEBUG_LOG("Config has been modified.");
// 释放旧的规则
if (config.rules) {
free(config.rules);
config.rules = NULL;
config.rule_count = 0;
if (shared_config == NULL) {
// 首次加载,创建共享内存
shm_id = shmget(SHM_KEY, sizeof(ConfigData), IPC_CREAT | 0644);
if (shm_id == -1) {
perror("shmget failed");
return;
}
config = load_config();
shared_config = (ConfigData *)shmat(shm_id, NULL, 0);
if (shared_config == (void *)-1) {
perror("shmat failed");
shared_config = NULL;
return;
}
// 首次加载时读取配置文件
struct stat file_stat;
if (stat(CONFIG_FILE, &file_stat) == 0) {
last_modified_time = file_stat.st_mtime;
load_config_to_shm();
} else {
DEBUG_LOG("Cannot get stat for FILE: %s", CONFIG_FILE);
// 初始化一个空的配置
shared_config->enabled = false;
shared_config->rule_count = 0;
}
} else if (config_file_modified()) {
DEBUG_LOG("Config file has been modified.");
load_config_to_shm();
} else {
DEBUG_LOG("Config file has not been modified, skipping reload.");
}
}
@ -297,8 +334,19 @@ int execve(const char *filename, char *const argv[], char *const envp[]) {
// 加载配置(仅在需要时)
load_config_if_needed();
// 当前配置信息
DEBUG_LOG("Current Config rule count : %d", shared_config->rule_count);
// 如果共享内存未成功加载,则直接执行
if (shared_config == NULL) {
DEBUG_LOG("Shared memory not initialized, bypassing interception.");
orig_execve_type orig_execve =
(orig_execve_type)dlsym(RTLD_NEXT, "execve");
return orig_execve(filename, argv, envp);
}
// 如果功能被禁用,则直接执行
if (!config.enabled) {
if (!shared_config->enabled) {
DEBUG_LOG("Not enabled.");
orig_execve_type orig_execve =
(orig_execve_type)dlsym(RTLD_NEXT, "execve");
@ -320,14 +368,15 @@ int execve(const char *filename, char *const argv[], char *const envp[]) {
return orig_execve(filename, argv, envp);
}
for (int i = 0; i < config.rule_count; i++) {
if (strcmp(basename, config.rules[i].cmd) == 0 &&
args_match(argv, &config.rules[i])) {
DEBUG_LOG("Rule matched: %s (type: %s)", config.rules[i].cmd,
config.rules[i].type);
if (strcmp(config.rules[i].type, "warn") == 0) {
for (int i = 0; i < shared_config->rule_count; i++) {
if (strcmp(basename, shared_config->rules[i].cmd) == 0 &&
args_match(argv, &shared_config->rules[i])) {
DEBUG_LOG("Rule matched: %s (type: %s)",
shared_config->rules[i].cmd,
shared_config->rules[i].type);
if (strcmp(shared_config->rules[i].type, "warn") == 0) {
printf(ANSI_COLOR_YELLOW "[Warning] %s\n" ANSI_COLOR_RESET,
config.rules[i].msg);
shared_config->rules[i].msg);
printf("按下 'Y' 继续执行, 或按任意键取消: ");
char input = getchar();
if (input != 'Y' && input != 'y') {
@ -335,9 +384,9 @@ int execve(const char *filename, char *const argv[], char *const envp[]) {
return -1;
}
printf("\nContinuing execution...\n");
} else if (strcmp(config.rules[i].type, "error") == 0) {
} else if (strcmp(shared_config->rules[i].type, "error") == 0) {
printf(ANSI_COLOR_RED "[Error] %s" ANSI_COLOR_RESET "\n",
config.rules[i].msg);
shared_config->rules[i].msg);
return -1;
}
break;
@ -349,4 +398,18 @@ int execve(const char *filename, char *const argv[], char *const envp[]) {
orig_execve_type orig_execve = (orig_execve_type)dlsym(RTLD_NEXT, "execve");
return orig_execve(filename, argv, envp);
}
}
// 在库卸载时分离和删除共享内存
__attribute__((destructor)) static void cleanup_shared_memory() {
DEBUG_LOG("Cleaning up shared memory.");
if (shared_config != NULL) {
if (shmdt(shared_config) == -1) {
perror("shmdt failed");
}
shared_config = NULL;
}
// 注意:这里不删除共享内存段,因为可能被其他进程使用。
// 如果需要删除,需要一个明确的机制来判断是否是最后一个使用者。
// 例如,可以创建一个单独的工具来管理共享内存的生命周期。
}

BIN
intercept.so
View File

Binary file not shown.

74
logs/execve.log
View File

@ -1,74 +0,0 @@
[Mon Apr 7 13:05:57 2025
] Command: /usr/bin/lesspipe
arg[0]: lesspipe
[Mon Apr 7 13:05:57 2025
] Command: /usr/bin/dircolors
arg[0]: dircolors
arg[1]: -b
[Mon Apr 7 13:05:58 2025
] Command: /usr/bin/ls
arg[0]: ls
arg[1]: --color=auto
[Mon Apr 7 13:06:00 2025
] Command: /usr/bin/ls
arg[0]: ls
arg[1]: --color=auto
arg[2]: -alF
[Mon Apr 7 13:06:03 2025
] Command: /usr/lib/command-not-found
arg[0]: /usr/lib/command-not-found
arg[1]: --
arg[2]: conda
[Mon Apr 7 13:07:03 2025
] Command: /usr/bin/lesspipe
arg[0]: lesspipe
[Mon Apr 7 13:07:03 2025
] Command: /usr/bin/dircolors
arg[0]: dircolors
arg[1]: -b
[Mon Apr 7 13:07:04 2025
] Command: /usr/bin/ls
arg[0]: ls
arg[1]: --color=auto
[Mon Apr 7 13:07:06 2025
] Command: /usr/bin/ls
arg[0]: ls
arg[1]: --color=auto
arg[2]: -alF
[Mon Apr 7 13:07:07 2025
] Command: /usr/bin/ls
arg[0]: ls
arg[1]: --color=auto
[Mon Apr 7 13:14:07 2025
] Command: /usr/bin/lesspipe
arg[0]: lesspipe
[Mon Apr 7 13:14:07 2025
] Command: /usr/bin/dircolors
arg[0]: dircolors
arg[1]: -b
[Mon Apr 7 13:14:08 2025
] Command: /usr/bin/ls
arg[0]: ls
arg[1]: --color=auto
[Mon Apr 7 13:14:09 2025
] Command: /usr/bin/ls
arg[0]: ls
arg[1]: --color=auto
arg[2]: -alF
[Mon Apr 7 13:17:50 2025
] Command: /usr/bin/lesspipe
arg[0]: lesspipe
[Mon Apr 7 13:17:50 2025
] Command: /usr/bin/dircolors
arg[0]: dircolors
arg[1]: -b
[Mon Apr 7 13:17:51 2025
] Command: /usr/bin/ls
arg[0]: ls
arg[1]: --color=auto
[Mon Apr 7 13:17:53 2025
] Command: /usr/bin/ls
arg[0]: ls
arg[1]: --color=auto
arg[2]: -alF

83
logs/execve_out.log
View File

@ -1,83 +0,0 @@
export LESSOPEN="| /usr/bin/lesspipe %s";
export LESSCLOSE="/usr/bin/lesspipe %s %s";
LS_COLORS='rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:';
export LS_COLORS
config
execve_intercept.c
intercept.so
logs
Makefile
README.md
test_bash.sh
总计 67
drwxrwxr-x 6 qcqcqc qcqcqc 11 4月 7 13:05 ./
drwxrwxr-x 12 qcqcqc qcqcqc 12 3月 20 21:08 ../
drwxrwxr-x 2 qcqcqc qcqcqc 3 3月 26 09:04 config/
-rw-rw-r-- 1 qcqcqc qcqcqc 11067 4月 7 13:05 execve_intercept.c
drwxrwxr-x 8 qcqcqc qcqcqc 14 4月 7 09:30 .git/
-rwxrwxr-x 1 qcqcqc qcqcqc 26328 4月 7 13:05 intercept.so*
drwxrwxr-x 2 qcqcqc qcqcqc 4 3月 26 16:09 logs/
-rw-rw-r-- 1 qcqcqc qcqcqc 323 4月 7 13:01 Makefile
-rw-rw-r-- 1 qcqcqc qcqcqc 4361 4月 3 16:52 README.md
-rwxrwxr-x 1 qcqcqc qcqcqc 2390 3月 26 16:49 test_bash.sh*
drwxrwxr-x 2 qcqcqc qcqcqc 3 4月 7 09:16 .vscode/
conda未找到命令
[DEBUG] execve_intercept.c:284:execve(): Intercepted execve for: /usr/bin/basename
[DEBUG] execve_intercept.c:285:execve(): argv[0] = basename
[DEBUG] execve_intercept.c:289:execve(): Not a terminal shell, bypassing interception.
[DEBUG] execve_intercept.c:284:execve(): Intercepted execve for: /usr/bin/dirname
[DEBUG] execve_intercept.c:285:execve(): argv[0] = dirname
[DEBUG] execve_intercept.c:289:execve(): Not a terminal shell, bypassing interception.
export LESSOPEN="| /usr/bin/lesspipe %s";
export LESSCLOSE="/usr/bin/lesspipe %s %s";
LS_COLORS='rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:';
export LS_COLORS
config
execve_intercept.c
intercept.so
logs
Makefile
README.md
test_bash.sh
总计 67
drwxrwxr-x 6 qcqcqc qcqcqc 11 4月 7 13:14 ./
drwxrwxr-x 12 qcqcqc qcqcqc 12 3月 20 21:08 ../
drwxrwxr-x 2 qcqcqc qcqcqc 3 3月 26 09:04 config/
-rw-rw-r-- 1 qcqcqc qcqcqc 11179 4月 7 13:14 execve_intercept.c
drwxrwxr-x 8 qcqcqc qcqcqc 14 4月 7 13:10 .git/
-rwxrwxr-x 1 qcqcqc qcqcqc 26568 4月 7 13:14 intercept.so*
drwxrwxr-x 2 qcqcqc qcqcqc 4 3月 26 16:09 logs/
-rw-rw-r-- 1 qcqcqc qcqcqc 323 4月 7 13:01 Makefile
-rw-rw-r-- 1 qcqcqc qcqcqc 4361 4月 3 16:52 README.md
-rwxrwxr-x 1 qcqcqc qcqcqc 2390 3月 26 16:49 test_bash.sh*
drwxrwxr-x 2 qcqcqc qcqcqc 3 4月 7 09:16 .vscode/
[DEBUG] execve_intercept.c:286:execve(): Intercepted execve for: /usr/bin/basename
[DEBUG] execve_intercept.c:287:execve(): argv[0] = basename
[DEBUG] execve_intercept.c:291:execve(): Not a terminal shell, bypassing interception.
[DEBUG] execve_intercept.c:286:execve(): Intercepted execve for: /usr/bin/dirname
[DEBUG] execve_intercept.c:287:execve(): argv[0] = dirname
[DEBUG] execve_intercept.c:291:execve(): Not a terminal shell, bypassing interception.
export LESSOPEN="| /usr/bin/lesspipe %s";
export LESSCLOSE="/usr/bin/lesspipe %s %s";
LS_COLORS='rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:';
export LS_COLORS
config
execve_intercept.c
intercept.so
logs
Makefile
README.md
test_bash.sh
总计 67
drwxrwxr-x 6 qcqcqc qcqcqc 11 4月 7 13:17 ./
drwxrwxr-x 12 qcqcqc qcqcqc 12 3月 20 21:08 ../
drwxrwxr-x 2 qcqcqc qcqcqc 3 3月 26 09:04 config/
-rw-rw-r-- 1 qcqcqc qcqcqc 11235 4月 7 13:17 execve_intercept.c
drwxrwxr-x 8 qcqcqc qcqcqc 14 4月 7 13:10 .git/
-rwxrwxr-x 1 qcqcqc qcqcqc 26568 4月 7 13:17 intercept.so*
drwxrwxr-x 2 qcqcqc qcqcqc 4 3月 26 16:09 logs/
-rw-rw-r-- 1 qcqcqc qcqcqc 323 4月 7 13:01 Makefile
-rw-rw-r-- 1 qcqcqc qcqcqc 4361 4月 3 16:52 README.md
-rwxrwxr-x 1 qcqcqc qcqcqc 2390 3月 26 16:49 test_bash.sh*
drwxrwxr-x 2 qcqcqc qcqcqc 3 4月 7 09:16 .vscode/

5
test_bash.sh
View File

@ -32,5 +32,8 @@ echo -e "${GREEN}愿你在这里畅享计算的乐趣!${RESET}"
echo -e "${CYAN}=============================================${RESET}"
HOOK_EXEC_PATH=/tmp/exec_hook/intercept.so
LD_PRELOAD=./intercept.so bash
rm -rf $HOOK_EXEC_PATH
cp ./intercept.so $HOOK_EXEC_PATH
LD_PRELOAD=$HOOK_EXEC_PATH bash