From e6568b3d810cb8f51ed3113421de5043b856bf74 Mon Sep 17 00:00:00 2001 From: "QCQCQC@Ubuntu" <1220204124@zust.edu.cn> Date: Mon, 7 Apr 2025 13:58:38 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BD=BF=E7=94=A8=E5=85=B1=E4=BA=AB=E5=86=85?= =?UTF-8?q?=E5=AD=98=E4=BB=A3=E6=9B=BF=EF=BC=8C=E6=96=B9=E4=BE=BF=E5=A4=96?= =?UTF-8?q?=E9=83=A8=E6=89=A9=E5=B1=95=EF=BC=8C=E8=BF=90=E8=A1=8C=E7=9B=AE?= =?UTF-8?q?=E5=BD=95=E5=85=A8=E9=83=A8=E7=A7=BB=E8=87=B3/tmp?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- execve_intercept.c | 181 +++++++++++++++++++++++++++++--------------- intercept.so | Bin 26568 -> 26768 bytes logs/execve.log | 74 ------------------ logs/execve_out.log | 83 -------------------- test_bash.sh | 5 +- 5 files changed, 126 insertions(+), 217 deletions(-) delete mode 100644 logs/execve.log delete mode 100644 logs/execve_out.log diff --git a/execve_intercept.c b/execve_intercept.c index d41405b..1fb13a4 100644 --- a/execve_intercept.c +++ b/execve_intercept.c @@ -1,80 +1,91 @@ #define _GNU_SOURCE #include +#include #include #include #include // 引入 bool 类型 #include #include #include +#include +#include #include #include #include #ifdef DEBUG + #define DEBUG_LOG(fmt, ...) \ fprintf(stderr, "[DEBUG] %s:%d:%s(): " fmt "\n", __FILE__, __LINE__, \ __func__, ##__VA_ARGS__) #else + #define DEBUG_LOG(fmt, ...) ((void)0) + #endif -#define CONFIG_FILE "./config/execve_rules.json" -#define LOG_FILE "./logs/execve.log" -#define LOG_OUT_FILE "./logs/execve_out.log" - +#define CONFIG_FILE "/tmp/exec_hook/config/execve_rules.json" +#define LOG_FILE "/tmp/exec_hook/logs/execve.log" +#define LOG_OUT_FILE "/tmp/exec_hook/logs/execve_out.log" #define COMMAND_NOT_FOUND "/usr/lib/command-not-found" #define ANSI_COLOR_RED "\033[31m" #define ANSI_COLOR_YELLOW "\033[33m" #define ANSI_COLOR_RESET "\033[0m" +#define SHM_KEY 12345 // 用于标识共享内存的键值,需要确保唯一性 +#define MAX_RULES 100 // 假设最大规则数量 +#define MAX_ARGS 10 // 支持最多 10 个参数 + typedef struct { char cmd[256]; char type[32]; char msg[1024]; - char args[10][256]; // 支持最多 10 个参数 + char args[MAX_ARGS][256]; // 支持最多 MAX_ARGS 个参数 int arg_count; } Rule; typedef struct { bool enabled; - Rule *rules; + Rule rules[MAX_RULES]; int rule_count; -} Config; +} ConfigData; -// 加载配置 -Config load_config() { - DEBUG_LOG("Loading configuration from %s", CONFIG_FILE); - Config config = {false, NULL, 0}; +// 全局变量,指向共享内存中的配置数据 +static ConfigData *shared_config = NULL; +static int shm_id = -1; +static time_t last_modified_time = 0; + +// 加载配置到共享内存 +int load_config_to_shm() { + DEBUG_LOG("Loading configuration from %s to shared memory", CONFIG_FILE); json_object *root = json_object_from_file(CONFIG_FILE); if (!root) { DEBUG_LOG("Failed to parse config file from %s", CONFIG_FILE); - return config; + return -1; } + ConfigData temp_config; + temp_config.enabled = false; + temp_config.rule_count = 0; + json_object *enabled_obj; if (json_object_object_get_ex(root, "enabled", &enabled_obj)) { - config.enabled = json_object_get_boolean(enabled_obj); + temp_config.enabled = json_object_get_boolean(enabled_obj); } - if (!config.enabled) { + if (!temp_config.enabled) { json_object_put(root); - return config; + return 0; // 功能未启用,不加载规则 } json_object *rules_array_obj; if (json_object_object_get_ex(root, "rules", &rules_array_obj) && json_object_get_type(rules_array_obj) == json_type_array) { - config.rule_count = json_object_array_length(rules_array_obj); - config.rules = malloc(sizeof(Rule) * config.rule_count); - if (!config.rules) { - fprintf(stderr, "Failed to allocate memory for rules\n"); - json_object_put(root); - config.rule_count = 0; - return config; - } + int rules_len = json_object_array_length(rules_array_obj); + temp_config.rule_count = rules_len < MAX_RULES ? rules_len : MAX_RULES; - for (int i = 0; i < config.rule_count; i++) { + for (int i = 0; i < temp_config.rule_count; i++) { json_object *rule_obj = json_object_array_get_idx(rules_array_obj, i); json_object *cmd, *type, *msg, *args; @@ -84,25 +95,30 @@ Config load_config() { json_object_object_get_ex(rule_obj, "msg", &msg); if (cmd) - strncpy(config.rules[i].cmd, json_object_get_string(cmd), 255); + strncpy(temp_config.rules[i].cmd, json_object_get_string(cmd), + sizeof(temp_config.rules[i].cmd) - 1); if (type) - strncpy(config.rules[i].type, json_object_get_string(type), 31); + strncpy(temp_config.rules[i].type, json_object_get_string(type), + sizeof(temp_config.rules[i].type) - 1); if (msg) - strncpy(config.rules[i].msg, json_object_get_string(msg), 1023); + strncpy(temp_config.rules[i].msg, json_object_get_string(msg), + sizeof(temp_config.rules[i].msg) - 1); // 解析 args 参数 - config.rules[i].arg_count = 0; + temp_config.rules[i].arg_count = 0; if (json_object_object_get_ex(rule_obj, "args", &args) && json_object_get_type(args) == json_type_array) { int args_len = json_object_array_length(args); - config.rules[i].arg_count = - args_len < 10 ? args_len : 10; // 限制最多 10 个参数 + temp_config.rules[i].arg_count = + args_len < MAX_ARGS ? args_len + : MAX_ARGS; // 限制最多 MAX_ARGS 个参数 - for (int j = 0; j < config.rules[i].arg_count; j++) { + for (int j = 0; j < temp_config.rules[i].arg_count; j++) { json_object *arg_item = json_object_array_get_idx(args, j); if (arg_item) { - strncpy(config.rules[i].args[j], - json_object_get_string(arg_item), 255); + strncpy(temp_config.rules[i].args[j], + json_object_get_string(arg_item), + sizeof(temp_config.rules[i].args[j]) - 1); } } } @@ -110,8 +126,12 @@ Config load_config() { } json_object_put(root); - DEBUG_LOG("Loaded %d rules", config.rule_count); - return config; + + // 将临时配置复制到共享内存 + memcpy(shared_config, &temp_config, sizeof(ConfigData)); + + DEBUG_LOG("Loaded %d rules to shared memory", shared_config->rule_count); + return 0; } // 检查 args 是否匹配 @@ -227,9 +247,6 @@ void duplicate_output_to_log() { typedef int (*orig_execve_type)(const char *filename, char *const argv[], char *const envp[]); -static Config config; -static time_t last_modified_time = 0; - // 判断父进程是否为终端 shell (bash, zsh, fish 等) int is_terminal_shell() { pid_t ppid = getppid(); @@ -261,24 +278,44 @@ int config_file_modified() { } int isChanged = file_stat.st_mtime != last_modified_time; if (isChanged != 0) { - DEBUG_LOG("Updating last_modified_time to: %ld", last_modified_time); + DEBUG_LOG("Updating last_modified_time to: %ld", file_stat.st_mtime); last_modified_time = file_stat.st_mtime; return 1; } return 0; } -// 加载或重新加载配置 +// 加载或重新加载配置到共享内存 void load_config_if_needed() { - if (config.rules == NULL || config_file_modified()) { - DEBUG_LOG("Config has been modified."); - // 释放旧的规则 - if (config.rules) { - free(config.rules); - config.rules = NULL; - config.rule_count = 0; + if (shared_config == NULL) { + // 首次加载,创建共享内存 + shm_id = shmget(SHM_KEY, sizeof(ConfigData), IPC_CREAT | 0644); + if (shm_id == -1) { + perror("shmget failed"); + return; } - config = load_config(); + shared_config = (ConfigData *)shmat(shm_id, NULL, 0); + if (shared_config == (void *)-1) { + perror("shmat failed"); + shared_config = NULL; + return; + } + // 首次加载时读取配置文件 + struct stat file_stat; + if (stat(CONFIG_FILE, &file_stat) == 0) { + last_modified_time = file_stat.st_mtime; + load_config_to_shm(); + } else { + DEBUG_LOG("Cannot get stat for FILE: %s", CONFIG_FILE); + // 初始化一个空的配置 + shared_config->enabled = false; + shared_config->rule_count = 0; + } + } else if (config_file_modified()) { + DEBUG_LOG("Config file has been modified."); + load_config_to_shm(); + } else { + DEBUG_LOG("Config file has not been modified, skipping reload."); } } @@ -297,8 +334,19 @@ int execve(const char *filename, char *const argv[], char *const envp[]) { // 加载配置(仅在需要时) load_config_if_needed(); + // 当前配置信息 + DEBUG_LOG("Current Config rule count : %d", shared_config->rule_count); + + // 如果共享内存未成功加载,则直接执行 + if (shared_config == NULL) { + DEBUG_LOG("Shared memory not initialized, bypassing interception."); + orig_execve_type orig_execve = + (orig_execve_type)dlsym(RTLD_NEXT, "execve"); + return orig_execve(filename, argv, envp); + } + // 如果功能被禁用,则直接执行 - if (!config.enabled) { + if (!shared_config->enabled) { DEBUG_LOG("Not enabled."); orig_execve_type orig_execve = (orig_execve_type)dlsym(RTLD_NEXT, "execve"); @@ -320,14 +368,15 @@ int execve(const char *filename, char *const argv[], char *const envp[]) { return orig_execve(filename, argv, envp); } - for (int i = 0; i < config.rule_count; i++) { - if (strcmp(basename, config.rules[i].cmd) == 0 && - args_match(argv, &config.rules[i])) { - DEBUG_LOG("Rule matched: %s (type: %s)", config.rules[i].cmd, - config.rules[i].type); - if (strcmp(config.rules[i].type, "warn") == 0) { + for (int i = 0; i < shared_config->rule_count; i++) { + if (strcmp(basename, shared_config->rules[i].cmd) == 0 && + args_match(argv, &shared_config->rules[i])) { + DEBUG_LOG("Rule matched: %s (type: %s)", + shared_config->rules[i].cmd, + shared_config->rules[i].type); + if (strcmp(shared_config->rules[i].type, "warn") == 0) { printf(ANSI_COLOR_YELLOW "[Warning] %s\n" ANSI_COLOR_RESET, - config.rules[i].msg); + shared_config->rules[i].msg); printf("按下 'Y' 继续执行, 或按任意键取消: "); char input = getchar(); if (input != 'Y' && input != 'y') { @@ -335,9 +384,9 @@ int execve(const char *filename, char *const argv[], char *const envp[]) { return -1; } printf("\nContinuing execution...\n"); - } else if (strcmp(config.rules[i].type, "error") == 0) { + } else if (strcmp(shared_config->rules[i].type, "error") == 0) { printf(ANSI_COLOR_RED "[Error] %s" ANSI_COLOR_RESET "\n", - config.rules[i].msg); + shared_config->rules[i].msg); return -1; } break; @@ -349,4 +398,18 @@ int execve(const char *filename, char *const argv[], char *const envp[]) { orig_execve_type orig_execve = (orig_execve_type)dlsym(RTLD_NEXT, "execve"); return orig_execve(filename, argv, envp); -} \ No newline at end of file +} + +// 在库卸载时分离和删除共享内存 +__attribute__((destructor)) static void cleanup_shared_memory() { + DEBUG_LOG("Cleaning up shared memory."); + if (shared_config != NULL) { + if (shmdt(shared_config) == -1) { + perror("shmdt failed"); + } + shared_config = NULL; + } + // 注意:这里不删除共享内存段,因为可能被其他进程使用。 + // 如果需要删除,需要一个明确的机制来判断是否是最后一个使用者。 + // 例如,可以创建一个单独的工具来管理共享内存的生命周期。 +} diff --git a/intercept.so b/intercept.so index 7679da2843f90421c3c61090ce97313a853a6b07..2d551b7387f4069467bf32b742b66d7a1b26598f 100755 GIT binary patch literal 26768 zcmeHQeRx#Gxt|3V5P?JmMG-tID5xw65EYafgvCVx5s4NlZkEl4tYow6ehAoNLqjOr zWh?dpi{9E&MT_l2Z*2YGLljg9wpfE&OIzDUCAcdnG1ZDz-TQmzuE+gVN_h)?@)Ut9s_XSeQf8J&&nzsY&-N7j zAxV{955T0yW{Y%odm(M3g5XfJuV5MFk$zjqKoM$i)GRKu>g|_$RysoJDM~)*xVa-< z^Pl*eBlXr?C+t{hT)<3Ge>?#Ja z-INzqU35K2@|3>p&UoX7H}Co6nduWfzy03oiju!oEJHGvF9RjJl>bqs{VN^D^+yP+ z!0$@@e)Ht&6F=JJUUknOR*n4LpIXL$`{;*vADD1cXXMpGpX~kFWnYZn^4sAMD|);N z^zC>AU?YE*4IZ(< zC)?niHh9FQTqQR7Txw(IEF1hu8+^Ep{nu>dsT~)K+k6}Oh>d*Mro1r24E(IeRW^1m zxAD6a28!kLP8<1mZSd!9>@2a7zrzOKYJ=ZlQ?7+J_$@Yg9~=BKF>jW)CJ+rQ4#whv=)74|>%$F!dA>#U0g+Zb z#p_?@^VS9%eD%S*1FSymtMU574Yk3=-gwv>s|&GM97dz8HWCds#B13dG58EGx+CC^ zduyZN5Om={M`hyTK-?QxR**u_qHwrA;A<$rBZ+tcPjd0)kwUY+Xwo z773&itU1|VERK9HMk%5V{>X9`3WSJwDQx~FUVq&ZZ>=v_&wSCvF>lBh_t%lAKNMk0 zqrrHDbiv(@;vQ}#2Ra{R6E7Kxv* z;J&NKDq|acf+~5%w|NDQLh&)8;21lk;j+u&N$nagUokkI(eTmA2xzBXv z52+SR9}v~05n@!+nIcco$sePt#Wmq-EK5jPHJyb#l}#O2R*Nf=r=L11tHl*zDn^8O zs_86b<*O0r=TvjTZS)hD{QOM~KUKr4HN3xu*J(H!ig`pde4vRkwoJoIG`vy6sjaGG zO|`h9a_P^(bsDZemp5wo8A6qxH)%M%C#YjfwYVbt@)5;>77ZUPMEH4|hM%e7yEXhQ z4d1Wf@=?cA+cbQfCVxo7hiG`ahM%qB84W*2!#g$nTn#^=;lnhX$@`1qpugPo)$q$T zc{LwE^5<#z5KZ3Da6`k-*YHsqPVZjoDAVu@6bO2yhF_@Rl^Q-m!#x^4Qp4wHxa@j( z>Nhp~VoknU!$)a&oraIs@Q8-1u^A;V)9_0)`9=+wLo}YcM#JUMisS1vTn_a#Yu%UK z5$KLUcLcg4&>ey92y{oFI|AJi=#D^l1iB;89f86K{Ig{E=bolxeLX4X!D}#G)Vw?1 zBiH6>da3V=TrgMh4&bib$ag_X&SNBBM=4#|w{yANI?g*df6(MdLM(d75PC%HC=6G{M!C^_e_PY;|RCGI^TN>dH+ny^9nO`axdy0TB0JWbG`{3cHm zGbq2w(}WDlZ}Kz|gYug^O~9c1CQlQ#D8I?m#0tu9@|SYH+~jG31?4w+npi>kO`axH zP=1rA30{={3t4{L4NqN7cf&Ns?+5U&SopmbewT%}>Tk8AKWgD0vhW)$eA>b{Tlf_g zK4IZQ7CvC%7h3o#3qQ-kyDj`=3twU3$5{B07Jit8A8g?VSa_#}|MIHB`ufDee_-J| zEd1Xr{2wj+D;9pQh2Lf2pR({h)g^YAB;!IT@%Hlqd)SMTLcW~KS6o75^jDr_r)STH*Le1v z=;?9n^BnvtJ_rV8NdtXz?X~7ojHGt)mA!Hmyyo|VVwBbleE{|Gj7;#-O102=Wi zsqv(Gjie68lXRab-;KQO!92Am#b%}lJdcieX4<(1{p0q@B$6Kd1|UzmqJv1XbsIpI zS%!`T0lH6MnFokXHt!z{r%k(vu*9{n8@y84T?|RsEhD>?!tQrSIbHEbVPhM&YrxPp z6eX9f#1nO2b32)8b$?8Wp7e%|??Sv!^x%sCrf$uxRXa935%=7kzA^o%fY~b&vUt^ z6V8(6a|-dz5KlI*gS8Yt@2G*3iESk}zL0c(+}gZ`ibihVz}Oj{`f zT-zu|=?z;%#soLuFdm^EQTl%Hg!Gnz^!@qt_tAWizO5jAYd-yVl%8tl_7TNv)HQN& zoabNLWE+qKAhm%SfXDxuC-|C(<@=tM?^7m{ zJzAUBB8{?={Q*uX&Wgq%9P-Ao9zM}H4w0FrT|`*?R^*8T$kPOhTryvEWYe?Jv!}hU zC%NyW2y}X!1_rIF2DB>ePi5m-aGazi_wtLXo5VYU;YqH@c#?^B zNaE+*j_+M?GlRSN3AsrLH*Fa2!p$DtO`PJNa<``%4crUOyA%Dkp;55xuW*uGR`&b+ z`UK8^zM$lz*CQ^n8q(`{$YI0dcp>Hf0&u$jUJ{1gjK{GbdGRE9Wxt24!^J7B?i1XK z(FAi+Wss(V4usx#5)U@5IKdKqco>eJ+vNV(kokZ)`6u4C7zyWP%8mz z@k_2aK@ufTv#W23Imz> zNX^c~bI6l!&LEYl%n5rtVKK*?sgVyFef=VakM}mZfBj~e2TZ$JRvxQ{VN1i$ zlpvqU=FKQqY6G27Pc0z0_tS$%qIAzy!nN6|%gK$9K>8WH^t=@;6Vcj27MgYuVd$Qr z%Chg0fz$?`geHQd=lDY#MVL$GXoN>yIJFQ`PY>QjgJ{tWmqKFSDkmjq0zb_QTmu2L zpj-3WtMiE$h{Q?x#85ubDH4a}6RYxxnU8q)k3OZDXB?UB=#(A!QM_H4=&OWMIniwv zJp0~6LP7LfAY_R?Tvy}nrA{~Pda~u4z!{d=Rq?qEFh0MD$5}&@XHsgla^T zwvv3h;xQT*s$S)hJNXISC>u=LDSTrl*ede37S2DbllZp_pDv67kv*Dc$_o;KtlE) zbm8JCCXGaOWijkTb&W&Uw7o(E^D988u1^PWgF^XXLs@lezY9QH<-!~kn%T#azH3wq${7o zGgjE0I6o|?&ZcA47`vbyBw9Slsx2^o40CAI`=Q~9wlsshOch>om|#WmOLZ@gz#;#$N-III(=1C2H1`$iS4`BG4e>G3f=>_*~vUrakrQDY^zeB-H4PI@lfcu9R zw?-(edO|2vSryDTcJ60Dg*6?oFKG{Q;Phkio8p0QGIM7nUq*X+9&y-C>#5Kf6ZkZO zJFzzpf}CDD8?N!e1`!_ocg&O*6wGvsnFpxnc#p_4{NnqfgliEOXl_19Q=1VG&$w36 zor+uNjVzp|ov-NFZeW>j!|odQ?;BVAet!HsoR?$%DD8YxcE!UWvW@Q7>^tN)?R;G( z^g=>*oyg0Olk&pH9Af?irFf|iR7Kdogc@4eZ79Jz2wY*=Pb$H8_1vDWvU2pcCieln z@i{k<1>S*AbRQ^L`#Rpk@fst_8;3NqyM;P~{H=343X9g)ZfSk(X6w@i5$OL%P^jtI z@-Jj$J1x~gX&&Y;AQk_no?HzDrjxgnvxM3LZW4a!(#Y7T(UXjsSZ;^aX@)SC zi2CBeaDze1>L6ys!$u4%t^zd%R;`7j%h8A7C}w9mmast#3K3s47LfJ~TJ@!@^<#ks zS_@dicwU)5RKxfhyHIQ~U;QR>S=>J56ZS{e7+kq%&Wh!07A>fw0@Ct20}J1{zOghI zuQQN=NhqZ#lufyA#TqU|v)z{DvjvH7)h%ou$yc(y^nCVt^V5e6V zslhFQ;MV(MadZ8mmsVn;#L%v<=|>9^$#5;d2Z$pFg0ZtZm9L5v_eY&CW-JPzO4Ra5 zm;HTa)uTcc=w4>TmISdL6IqT1XfdrcW)qhgs*}LYB^Fy!Xhc+swKv>GcP%JeXiU~_ zoMLjbkuRU2R*Iq*!AjA~j77^MzF3U%W_C{KZjeK{&Xb~5{QjSsh(-eqaok6=GFaTi z{%`^a@`@_3)4N&kz6^?1umN{8Uu#_RH5szAN9B^;7_vP!5sQw+%2VDR(Ibq3gE6(p z7A<2%iCvL!EVztk4yR&qnu~7R;H!QEygxBUQI|;ZAKi~F^+g-l&;{eihZfw5OT>*j z?|wrUl!eIVk+sRg+fv5G^Dj2u+xd(4c5W3n(q+bxHTP56&YeeA-J4zi>yCTxKl1dN zNe1iZMlY7&J-pwC#lrRIj9siBVu~i7plYFd-~uj}i#(Ty7VvwX{E}N9=wjuVN=vHA zLL!37)*cy%5?`;Y-w-k&MV5N=6m2Cm=kx2JrJ^KuOP!UJzu3xSl?bZ)&#ynuH$^{{ zDG|XkXDW|ZJOZKT7~1oyI4Iur*v3QnLnF{Fe--m2+d$jE-}w)`Us3wuT#hEY9`DHI zMuBFJVE7L@46g=tpl8x680dPu7;XW*AMeQfK?9g#$bkMC^Sym(RvHJs(ecA^_gv;! zR_Ykqzfa$Fkin}8JC{SQaM-tJ(uHq4Y&uEuI@2)K<}Qzop8;4u1ETscXK(uM}e8%*P+s% zMEY{Xpc46HX8ILo`Wt{BKx`&}n(0eOTa@Wz(5*=4dn1_oojsI&nxkEv$>sQ-1ZH}| zv_Apqhw;kA_e4eNZbsH#PHGf5cb<*o^?vN7ce&X(UZZk(%Z!e|K#onmJPz+UVl{`VkyIyLhi z*#D^#)64pSk82!{Sa1p($*X=u>0E&e2YQ1oGT-Enj;Z)LaM!8(pMyBvfgjmX{gT3I z%;Ugc(5U`I;Tv#KEdN`${MoEU`c?Pq(;OedHc4FFZ@Z-YHj6xsuN~->+NR?I2fn29 zC+wo9e&$7!hgXrF_I<2XN82(f4BqcK&LaAq{J!Se$2aza?hBuf*visRN}{?N#Ak zj-!;8{-q8$?c}2NnN;%MmUdM8QTX>cj$XQ2A%Z>xyazoEj6(bo;P`NV(($4Ve#8d< z9Jq0k6}(&ZDBOoeiHrtb%&*-(eAPDcciP~qY;f9bshD5dceEJ3(*}RV2G4N(b9^AP?n@W8k#DlW*W2KaN&D7)^`4Wsbzi-gZS1^d zgLm5Cz0h$LYlmk5FBbm`ZSV>k{1%Q6WY&HAp0%l$Y8yK-8~lgTzIC6!pWDc9vcZ32 zgYUJ$-?YIqHu%47@DdD2i|vnify6(k5Ium}*KoANt@|c^19-7|{3e%Iy-1#}0DeK9 zHLo_>$Ukm_KWl@x13%5Qs$KY_@mM@jTZ<1o`E3`y@sJl=1U3X>*kiCJ>|InV62F*+6WQ$WES5C(DTjzt`)!B7b>#{<0!}IU#>JK7Tnbe_76oPu`g> zsOZz@PMPKQx@S-GV(&^SGq9Ri*jtC0T-vg7+Wgs5X3dxi6uT6A-5#mnnKl;?cDGcj z*Uh}~+9@-=H%^~^vwNO*-jr)+x?zwaQ?N@UJ`wOeB`dX^2K8MlDP8VOsf%DAMcOyA zQf+HUdli1&PMhK@P@y<&-&la?ehYT5)IHNikOf*|ugC(3&+Qfru>rkOb5>$bWaXNpl+)DDydpk7o8G2)4N>Vk4&Ps{?9;uFJiL(2k5+Ay;K;Co*d zAa=9V+AKF&4n+#IkWmYI&NF2!b}CW5^!^>CQGr|Qwj&$f%r zKTTzdu&#~fq3fNzF(}`)v_M^KLRtXvtvyWydv@~AXC}a_m499KR(ByjcIsp(+1r-b~S`6ju3Ha*Ea= zo#x~eujb_xZIt?yf09x8moQt33$m^B)jXi0Y93JeSNf{_E2aLm(x94GRJ2hl5}~62t!J5>8o(5twh zxjVWC=}_}%>i@T4l~=r?G~ZQ%pVC+JcAc}xTE4ynmv6sH|2-s7+g1AJ{LgHm(I)dR zyAiYft2l0e7>Ou-wZC)QjY7Xn5c913D%yz@U7uA;(K&){w27b6|IDJV=CwB7B=pVi zA=0eUlPseNR>D;N)qK`wsjvD8C2!U5h5S(#t>skumnua`RdIBx+MX`jCjD1Rhx8rB sz)$&C`J(R|D(|>7kJ8)3JHV!L2JdtIQ#$3xfdpw?VkC~ z`R@7N-*+DO+;f^v$z3Pqruz(P!S?$fh*)8fcv-Q%!Wo%o6OBCE_MbVj|1w&%bSRlc zTLu_~e;`M+15bS$?hg~~K4y_`ObWO(>IhgV&{8E!G%T6)f9WzC1e=-dGR!MD+j08h z!vC@!zJ20cTw}#S+kUsfM|3ji#9#N!ZjO>H_D3%gE(8Au@PGT@OM^QOyBc0R(J=Le zOJDx*zo+L0)}HLW{-3WW-%8)#5K0hQg+H{mG|=JOtvM=DW7I< z0skjFTUk??ku`*kmrwDQ*%&L|CQi1(sIsoGSh<4BML>sBj%TvsWCcnr%L3mxR;W1T zXGlBSJKD&WhmB|LO01m8F|Ec}W*-$R|CP(1Bkgi4%N><3ujc;9oU1P^mYGM#vhE@w zpEX*Q&vA)Dwr_NTY-2}9TirPhM2&J&OW|TPixL3uOz%4m#nFrHi(r;b&|3 zAnI!b{nW z@K>X&3M(tCi=@)$Ybt6>SYyO&_F=@!?3u_0TWL*6iBz(or0BU4skn0e#ww|-q_(KM zu!cpCNnx%r)4~i=7^@m%WiO41x8RxobU2FrW=x`+28vPI2!ClrFU9}h_E#~YM@jV> zu7$T1=|@_7d__gH1esl0yDqLGf`;82Xj75#TcgpaZR~#)Erax?M%SlEI1yF+yS11H zwYkFyz&C05rb6PBq#?Z4?#>r@cq=LF!zimfid~3u+U^r*UI#*W?q?~{R@uQ^(fP8m z<)5R=WI2OHoATvUR%NoXN>dbTGBwylmkAx=nkkz7@hruh&yvkitl3;?n-OAUMF`h4 zHql~b6D(2D%Cd-_b&n#2MvOY`0+x978Z29E7Ea$#2Nv4GP zl61`!|JBvt)K6MwPVP0#QGIjQ%|YgT${GT*25Vzfukz|FJa28UjR^Lc5;l{e-)Rv1 z*_=OfHhW>(1i6YePm51ffRgHx^3?jdk3v*ZJr`=DRPWqB%$6j7#jRk_UmOeuJCt+m zkJIjTt6MHNai+r?fGt+N#;KHL)#DmWYlrn~Gtux$i+s@ou@ZptXuKq~(UPP3Vr~MZ z`Z7mjK~+7Stw2it-QPgDt4~rpU4BAzx&j0c)B)o5bo!gY0sUQS{iZIrRQDvT{Aeaf z+)5*uVCBL@SfMEiD?3Tfmw8r*w~{u0Ch73{$Y<5->QlXWe$^wZp4@OW1F9$6-2VmE zOVyXx3`Cdei|*m#C&+>D+rc0bIvx~vGa<^qCWPsg_HC{{(>t!d`heWfUhCwNAkX^$ zjcpOe_G-q~4jbD8Vd!qSjY$IPUb5HwRWMjTsF=3)yF;*VfYaj&kpInUMf(&J1i-up zU50e|A?(LEs9TME6=0AeU#jQmp(#km5t(O7kwuF95!_*f4e?D7*Zbhkgt8gR>aHSh*-48Ti^g%0m$hop*-wTd!+pTO>GV zb(xkN_51@F>~zswmM)chT}`6rpqTgEyU>lE>&2Ywm1^h1WG|Uq?k4{|-;ph-Z$k2p z_Jym8U4fHwx0ZUIxkcowt4Y4ouWm1oeU_`q)c72xXT7UY#*m)nYBV*z88R;a49ng; zcL1Zg84EK;bGGLcX8tuSCT;5|1HPD_jVF*<9s{7SFAwvK|E-yi;0BA;B(adyD*j0n zyLambICK1WwBqJrNmT1E+f~md=1h)qScLtB-2UH_{pW@KdxZUnQ2Xz(isVXzbC7+S zym`fS>?UX)dh>dPbR}kBn^#DGJ&t>yNJ@0?_uPOlK1^gJznecR^EkZ&3*-#J>9-ED zH&bliTm4t+n+{Trkg%woQax9Zj{Qj*7BxGTiSEtcp=ifz9h3|^9(MrPwU zt8}b#zl2?iSa9b;5^0adoNRkTINpfeGVII_)tLfk4*eXX|424AJaASCrM?cTXKOFU zYW-oVgLUJ)ie1WMO(4nHn{In7V108Yif=k-`wnOYc+V z-*+v8zl2g%?<;-Wq|oi@5cD0_V3hJ>LZ}&BA#%pHrB1ZwhmztnQrva+UTU2DCHpjW zihF=M5D7Sc6-vCyy?9;ow?(JFIy67aplB%FE;QbUXOiCwsi7P?I1lBJzht2FGADBk zI!6NL><|WxZ>|OthP4K`2j8BLd)ThDDe@!iNZLKgIq>vI7Ss&Qkc}ka+j;=+XmrCI z9tmH<+L@A`>E2CbdY}Fq386y--vu+N;Cw5<(b1p~A%vl0nBgD6fH%ey!_vPVCaw|0 z*~7$FhKV^>7jV&u!_-Z~)Ko57cQ@9W{p1yrkunerwo-pz!e(O#YaL+0bgLnLfW>Aw zpNPhun|LpP7jDf%hh4=-hnSs#C_X!Pp_kjjpa>}$1PZhBgxDUmLb>GMMRw@vQXQ5H zyk`|Rdo3f*m7{uN3h;#lgh%KU%hYtz7cTTMp>JQPzUk1XdR=%ODw7=StBiQJEihvB zOucij_+bhxA%tLF-iV(WKI;Jf%HhRqY-cM9IScZoYPUloT!;;~+r0MURq%$2*qB2d<2W zaVg#q*hJN}t8Nd^YKn*fYP&=tBPo=45lV&#<*l*YQ;~xnsD#OO)oVr+U*1m+NJ8`^ zMowFT)~9%pBMZL>72O3LmrsO z1BdWnrtskDP!G;fU-^`|-}a!M{K7tWga>%P(awTAxSRG@UcPTa_W7iCA0b^lkr)Qp zyzotZ%s8%^bL4;lIhw$k>f4cSJ{IxiL)p(VYf|lMeLKDpIBliI%iF$~zG#>g<|LtP zCcNLwvF@P+c90_;{>g!PHk3dND&75+SQa~7Jv2P~Z&P->F>T11*VXf_-KgicFppgr z_rB>1^4_%d1HtbZ$?uklyItdcOmH{+RB*2z$&J0PuZcFhsyBMx9Yo|58$P8J-+7dX z`pe}%QLwAlA46_q`tiv-G9tdehU_1> z5RdE7Wf9jlh(oI7yQFAOP5T_5@~@gTZtUbG7{ga1$GNqy%XfkFKL@4TTpw@V^zq8t z1k@XAZD4E@!v6cf(n@2!|6?-hQ{K@CCJ_3!2uG5>%MqS2U(6d3!NGfJ;XnekDO!&3 zFv9$y6J#vrC^n7S5If#-dd~gEmOe|90jC~gvz#m|D@~4Mv$NvZo~(=+(t^T@%93Jx zZMB^rF%{O9*sDsas%tjdORH<_HFcFG>m#M2s$!{jz(2-D!;m})`51*?d+e(?EL%*w(4g~E6VKUh3oCll$1Pc zuc|JtD6J?dc0{rV=O1Zla2e$>mDPpC`9++OeZF8SGe1(`mhTChQ;DuX(xlY0=uU#? zg24lTS%6)D{e8h;A7JkVyvZ>}`Y#59lz#imnFW?!B(ssc2 zFjM;gsbI^@i~Pf7lDxspOsYlMdj@*hRCV&Q4W9*rSj&bAaj(XIE${)_47W%FSFs#UTM*3WP&H)2aCV4Z3pxeMj~;dTupQ(=%PEUIDp5ao)6dzo zB=EyK(y6yMGTY(=i%O?NDERQENp2DS_JA=b9oDVMYU#R-#W zheAa=Mweo>He%tWmnAMqkoU8NOA?~fG0>^t6RuifmU1gj#p+t*r7z3j`cWYJdG36+ z)L_JMv5{TQonW(TXN5vi!bvI}IgXW4=8ktl=XywZ}DllZKDg@C+k_d^u1k5IVkx z^V_5@!Y{&KPu2f$f>}DCDZ*zbFIP2uw}!_#0x#ca_=_5TG&`T0V54oFj3ej3BO03y z*!jn-g?EE$kW4sT)X@S?;8L-Y-VZu8k>laX(>g}Lbl@>crGREzr@C17a;u!n_AR&C z%D640$*xlctl}sBK3>1Z>!VaFpMc+v+ljm60e%Z%Itiy&!219_B^NUbxcw^WVbnlh3T5X->{>3u`Ks-EABfA^PIRpp!<#>)fO{$86-1w z^3S$Eo*>WW+&`c??J138 zDLlGZUMEp)TY!N?o{qd)Sjl--@OlleH&M+BR)kxIuNy=vc60i#sZKkp>C^5ohORKW zH2larl5=by@_mD3l?jR@-OKxE2HUdIDyzJHl4`{bngz7+%(Cj2?9!@a_Tj1tQRz~C zeresaMfv%TH1^Pw+l_R&!QRieu|GcfA1$q`UyzyW>7;SuG9>GfMGGH#I6vKy?#N`- zPd}d?^75cNkhN@5_nW(}Ll(u%EYTbW&MX8%$)FQ!Yw h_i5`qy%r|2Z_1J)_OBF@J6Kxz48!bvwx)dA{{p=*?o9vy diff --git a/logs/execve.log b/logs/execve.log deleted file mode 100644 index 17d4ad6..0000000 --- a/logs/execve.log +++ /dev/null @@ -1,74 +0,0 @@ - -[Mon Apr 7 13:05:57 2025 -] Command: /usr/bin/lesspipe -arg[0]: lesspipe -[Mon Apr 7 13:05:57 2025 -] Command: /usr/bin/dircolors -arg[0]: dircolors -arg[1]: -b -[Mon Apr 7 13:05:58 2025 -] Command: /usr/bin/ls -arg[0]: ls -arg[1]: --color=auto -[Mon Apr 7 13:06:00 2025 -] Command: /usr/bin/ls -arg[0]: ls -arg[1]: --color=auto -arg[2]: -alF -[Mon Apr 7 13:06:03 2025 -] Command: /usr/lib/command-not-found -arg[0]: /usr/lib/command-not-found -arg[1]: -- -arg[2]: conda -[Mon Apr 7 13:07:03 2025 -] Command: /usr/bin/lesspipe -arg[0]: lesspipe -[Mon Apr 7 13:07:03 2025 -] Command: /usr/bin/dircolors -arg[0]: dircolors -arg[1]: -b -[Mon Apr 7 13:07:04 2025 -] Command: /usr/bin/ls -arg[0]: ls -arg[1]: --color=auto -[Mon Apr 7 13:07:06 2025 -] Command: /usr/bin/ls -arg[0]: ls -arg[1]: --color=auto -arg[2]: -alF -[Mon Apr 7 13:07:07 2025 -] Command: /usr/bin/ls -arg[0]: ls -arg[1]: --color=auto -[Mon Apr 7 13:14:07 2025 -] Command: /usr/bin/lesspipe -arg[0]: lesspipe -[Mon Apr 7 13:14:07 2025 -] Command: /usr/bin/dircolors -arg[0]: dircolors -arg[1]: -b -[Mon Apr 7 13:14:08 2025 -] Command: /usr/bin/ls -arg[0]: ls -arg[1]: --color=auto -[Mon Apr 7 13:14:09 2025 -] Command: /usr/bin/ls -arg[0]: ls -arg[1]: --color=auto -arg[2]: -alF -[Mon Apr 7 13:17:50 2025 -] Command: /usr/bin/lesspipe -arg[0]: lesspipe -[Mon Apr 7 13:17:50 2025 -] Command: /usr/bin/dircolors -arg[0]: dircolors -arg[1]: -b -[Mon Apr 7 13:17:51 2025 -] Command: /usr/bin/ls -arg[0]: ls -arg[1]: --color=auto -[Mon Apr 7 13:17:53 2025 -] Command: /usr/bin/ls -arg[0]: ls -arg[1]: --color=auto -arg[2]: -alF diff --git a/logs/execve_out.log b/logs/execve_out.log deleted file mode 100644 index 68790ec..0000000 --- a/logs/execve_out.log +++ /dev/null @@ -1,83 +0,0 @@ - -export LESSOPEN="| /usr/bin/lesspipe %s"; -export LESSCLOSE="/usr/bin/lesspipe %s %s"; -LS_COLORS='rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:'; -export LS_COLORS -config -execve_intercept.c -intercept.so -logs -Makefile -README.md -test_bash.sh -总计 67 -drwxrwxr-x 6 qcqcqc qcqcqc 11 4月 7 13:05 ./ -drwxrwxr-x 12 qcqcqc qcqcqc 12 3月 20 21:08 ../ -drwxrwxr-x 2 qcqcqc qcqcqc 3 3月 26 09:04 config/ --rw-rw-r-- 1 qcqcqc qcqcqc 11067 4月 7 13:05 execve_intercept.c -drwxrwxr-x 8 qcqcqc qcqcqc 14 4月 7 09:30 .git/ --rwxrwxr-x 1 qcqcqc qcqcqc 26328 4月 7 13:05 intercept.so* -drwxrwxr-x 2 qcqcqc qcqcqc 4 3月 26 16:09 logs/ --rw-rw-r-- 1 qcqcqc qcqcqc 323 4月 7 13:01 Makefile --rw-rw-r-- 1 qcqcqc qcqcqc 4361 4月 3 16:52 README.md --rwxrwxr-x 1 qcqcqc qcqcqc 2390 3月 26 16:49 test_bash.sh* -drwxrwxr-x 2 qcqcqc qcqcqc 3 4月 7 09:16 .vscode/ -conda:未找到命令 -[DEBUG] execve_intercept.c:284:execve(): Intercepted execve for: /usr/bin/basename -[DEBUG] execve_intercept.c:285:execve(): argv[0] = basename -[DEBUG] execve_intercept.c:289:execve(): Not a terminal shell, bypassing interception. -[DEBUG] execve_intercept.c:284:execve(): Intercepted execve for: /usr/bin/dirname -[DEBUG] execve_intercept.c:285:execve(): argv[0] = dirname -[DEBUG] execve_intercept.c:289:execve(): Not a terminal shell, bypassing interception. -export LESSOPEN="| /usr/bin/lesspipe %s"; -export LESSCLOSE="/usr/bin/lesspipe %s %s"; -LS_COLORS='rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:'; -export LS_COLORS -config -execve_intercept.c -intercept.so -logs -Makefile -README.md -test_bash.sh -总计 67 -drwxrwxr-x 6 qcqcqc qcqcqc 11 4月 7 13:14 ./ -drwxrwxr-x 12 qcqcqc qcqcqc 12 3月 20 21:08 ../ -drwxrwxr-x 2 qcqcqc qcqcqc 3 3月 26 09:04 config/ --rw-rw-r-- 1 qcqcqc qcqcqc 11179 4月 7 13:14 execve_intercept.c -drwxrwxr-x 8 qcqcqc qcqcqc 14 4月 7 13:10 .git/ --rwxrwxr-x 1 qcqcqc qcqcqc 26568 4月 7 13:14 intercept.so* -drwxrwxr-x 2 qcqcqc qcqcqc 4 3月 26 16:09 logs/ --rw-rw-r-- 1 qcqcqc qcqcqc 323 4月 7 13:01 Makefile --rw-rw-r-- 1 qcqcqc qcqcqc 4361 4月 3 16:52 README.md --rwxrwxr-x 1 qcqcqc qcqcqc 2390 3月 26 16:49 test_bash.sh* -drwxrwxr-x 2 qcqcqc qcqcqc 3 4月 7 09:16 .vscode/ -[DEBUG] execve_intercept.c:286:execve(): Intercepted execve for: /usr/bin/basename -[DEBUG] execve_intercept.c:287:execve(): argv[0] = basename -[DEBUG] execve_intercept.c:291:execve(): Not a terminal shell, bypassing interception. -[DEBUG] execve_intercept.c:286:execve(): Intercepted execve for: /usr/bin/dirname -[DEBUG] execve_intercept.c:287:execve(): argv[0] = dirname -[DEBUG] execve_intercept.c:291:execve(): Not a terminal shell, bypassing interception. -export LESSOPEN="| /usr/bin/lesspipe %s"; -export LESSCLOSE="/usr/bin/lesspipe %s %s"; -LS_COLORS='rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:'; -export LS_COLORS -config -execve_intercept.c -intercept.so -logs -Makefile -README.md -test_bash.sh -总计 67 -drwxrwxr-x 6 qcqcqc qcqcqc 11 4月 7 13:17 ./ -drwxrwxr-x 12 qcqcqc qcqcqc 12 3月 20 21:08 ../ -drwxrwxr-x 2 qcqcqc qcqcqc 3 3月 26 09:04 config/ --rw-rw-r-- 1 qcqcqc qcqcqc 11235 4月 7 13:17 execve_intercept.c -drwxrwxr-x 8 qcqcqc qcqcqc 14 4月 7 13:10 .git/ --rwxrwxr-x 1 qcqcqc qcqcqc 26568 4月 7 13:17 intercept.so* -drwxrwxr-x 2 qcqcqc qcqcqc 4 3月 26 16:09 logs/ --rw-rw-r-- 1 qcqcqc qcqcqc 323 4月 7 13:01 Makefile --rw-rw-r-- 1 qcqcqc qcqcqc 4361 4月 3 16:52 README.md --rwxrwxr-x 1 qcqcqc qcqcqc 2390 3月 26 16:49 test_bash.sh* -drwxrwxr-x 2 qcqcqc qcqcqc 3 4月 7 09:16 .vscode/ diff --git a/test_bash.sh b/test_bash.sh index 50e515d..0ab6f05 100755 --- a/test_bash.sh +++ b/test_bash.sh @@ -32,5 +32,8 @@ echo -e "${GREEN}愿你在这里畅享计算的乐趣!${RESET}" echo -e "${CYAN}=============================================${RESET}" +HOOK_EXEC_PATH=/tmp/exec_hook/intercept.so -LD_PRELOAD=./intercept.so bash +rm -rf $HOOK_EXEC_PATH +cp ./intercept.so $HOOK_EXEC_PATH +LD_PRELOAD=$HOOK_EXEC_PATH bash