支持pre_hook
This commit is contained in:
parent
da1decb12c
commit
edd206a52f
9
Makefile
9
Makefile
|
|
@ -24,6 +24,11 @@ ifeq ($(DEBUG),1)
|
|||
CFLAGS += -DDEBUG -g
|
||||
endif
|
||||
|
||||
# 如果需要开启 hook,只需执行 make HOOK=1
|
||||
ifeq ($(HOOK),1)
|
||||
CFLAGS += -DHOOK
|
||||
endif
|
||||
|
||||
all: $(TARGET) $(HOOK_TARGET)
|
||||
|
||||
$(BUILD_DIR)/%.o: $(SRC_DIR)/%.c
|
||||
|
|
@ -49,4 +54,8 @@ debug:
|
|||
rm -rf $(BUILD_DIR)
|
||||
$(MAKE) DEBUG=1
|
||||
|
||||
hook:
|
||||
rm -rf $(BUILD_DIR)
|
||||
$(MAKE) HOOK=1
|
||||
|
||||
rebuild: clean all
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
|
|
@ -21,10 +21,26 @@ int shm_id = -1;
|
|||
time_t last_modified_time = 0;
|
||||
// int is_initialized = 0;
|
||||
|
||||
#ifdef HOOK
|
||||
// Original pointer
|
||||
orig_execve_type orig_execve = NULL;
|
||||
#endif
|
||||
|
||||
#ifdef HOOK
|
||||
/**
|
||||
* 拦截系统调用execve,
|
||||
* 在真实调用直接检查配置和创建输出
|
||||
*/
|
||||
int execve(const char *filename, char *const argv[], char *const envp[]) {
|
||||
#else
|
||||
/**
|
||||
* 在真实系统调用之前可以调用这个函数,
|
||||
* 主进程会做出和直接调用execve一样的逻辑,
|
||||
* 在此之前检查配置和创建输出
|
||||
*/
|
||||
int pre_hook(const char *filename, char *const argv[], char *const envp[]) {
|
||||
(void)envp;
|
||||
#endif
|
||||
// 去除首尾空格
|
||||
while (*filename && isspace(*filename)) {
|
||||
filename++;
|
||||
|
|
@ -42,6 +58,12 @@ int execve(const char *filename, char *const argv[], char *const envp[]) {
|
|||
// if (!is_initialized) {
|
||||
// initialize();
|
||||
// }
|
||||
|
||||
#ifdef HOOK
|
||||
#endif
|
||||
|
||||
#ifdef HOOK
|
||||
|
||||
DEBUG_LOG("Intercepted execve for: %s", filename);
|
||||
DEBUG_LOG("argv[0] = %s", argv[0]);
|
||||
|
||||
|
|
@ -50,29 +72,42 @@ int execve(const char *filename, char *const argv[], char *const envp[]) {
|
|||
fprintf(stderr, "Error in dlsym(\"execve\"): %s\n", dlerror());
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
#endif
|
||||
|
||||
// Load configuration (only if needed)
|
||||
load_config_if_needed();
|
||||
|
||||
#ifdef HOOK
|
||||
// Intercept only when execve is called from a shell terminal
|
||||
if (!is_terminal_shell()) {
|
||||
DEBUG_LOG("Not a terminal shell, bypassing interception.");
|
||||
return orig_execve(filename, argv, envp);
|
||||
}
|
||||
|
||||
#endif
|
||||
// Current configuration information
|
||||
DEBUG_LOG("Current Config rule count : %d", shared_config->rule_count);
|
||||
|
||||
// If shared memory was not successfully loaded, execute directly
|
||||
if (shared_config == NULL) {
|
||||
DEBUG_LOG("Shared memory not initialized, bypassing interception.");
|
||||
// 这里也是直接执行就行
|
||||
#ifdef HOOK
|
||||
return orig_execve(filename, argv, envp);
|
||||
#else
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
// If the feature is disabled, execute directly
|
||||
if (!shared_config->enabled) {
|
||||
DEBUG_LOG("Not enabled.");
|
||||
// 这里直接执行就行
|
||||
#ifdef HOOK
|
||||
return orig_execve(filename, argv, envp);
|
||||
#else
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
write_log(filename, argv);
|
||||
|
|
@ -85,7 +120,12 @@ int execve(const char *filename, char *const argv[], char *const envp[]) {
|
|||
// Special handling for commands executed via shell.posix
|
||||
// Execute directly, without rule matching and output redirection
|
||||
if (argv[1] != NULL && strcmp(argv[1], "shell.posix") == 0) {
|
||||
// 直接执行
|
||||
#ifdef HOOK
|
||||
return orig_execve(filename, argv, envp);
|
||||
#else
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
for (int i = 0; i < shared_config->rule_count; i++) {
|
||||
|
|
@ -97,7 +137,13 @@ int execve(const char *filename, char *const argv[], char *const envp[]) {
|
|||
if (strcmp(shared_config->rules[i].type, "skip") == 0) {
|
||||
DEBUG_LOG(ANSI_COLOR_BLUE "[Skip] %s" ANSI_COLOR_RESET "\n",
|
||||
shared_config->rules[i].msg);
|
||||
// 直接执行
|
||||
#ifdef HOOK
|
||||
return orig_execve(filename, argv, envp);
|
||||
#else
|
||||
return 0;
|
||||
#endif
|
||||
|
||||
} else if (strcmp(shared_config->rules[i].type, "warn") == 0) {
|
||||
printf(ANSI_COLOR_YELLOW "[Warning] %s\n" ANSI_COLOR_RESET,
|
||||
shared_config->rules[i].msg);
|
||||
|
|
@ -122,6 +168,8 @@ int execve(const char *filename, char *const argv[], char *const envp[]) {
|
|||
// Duplicate stdout and stderr to the log file
|
||||
dupIO();
|
||||
|
||||
#ifdef HOOK
|
||||
|
||||
// 移除LD_PRELOAD
|
||||
|
||||
// 计算原环境变量数量
|
||||
|
|
@ -149,4 +197,7 @@ int execve(const char *filename, char *const argv[], char *const envp[]) {
|
|||
new_envp[i] = NULL;
|
||||
|
||||
return orig_execve(filename, argv, new_envp);
|
||||
#else
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
|
|
@ -3,6 +3,7 @@
|
|||
|
||||
#include "exec_hook.h"
|
||||
|
||||
#ifdef HOOK
|
||||
// Original execve type
|
||||
typedef int (*orig_execve_type)(const char *filename, char *const argv[],
|
||||
char *const envp[]);
|
||||
|
|
@ -11,4 +12,6 @@ extern orig_execve_type orig_execve;
|
|||
|
||||
int execve(const char *filename, char *const argv[], char *const envp[]);
|
||||
|
||||
#endif
|
||||
|
||||
#endif // EXECVE_INTERCEPTOR_H
|
||||
Loading…
Reference in New Issue