• Home
  • Categories
  • WIKI
  • LANGUAGE: en
    • [Internal testing communication] 内核hook
    deepin 25 91 views · 1 replies ·
    Tofloor
    poster avatar
    张海松
    deepin
    2 hours ago
    Author

    如何对deepin 25 系统内核下钩子,进行hook,有相关的APi文档吗?类似uos之前提供的

    struct hook_demo_entry {
	int hook_id;
	struct uos_hook_cb_entry cb;
};


struct hook_demo_entry entries[] = {
    {
        .hook_id = UOS_BPRM_CHECK_SECURITY,
        .cb =
            {
                .owner = MODULE_NAME,
                .cb_addr = (unsigned long)ccs_bprm_check_security,
                .ret_type = UOS_HOOK_RET_TY_INT,
                .arg_len = 1,
            },
    },
    //{
    //    .hook_id = UOS_TASK_PRCTL,
    //    .cb =
    //        {
    //            .owner = MODULE_NAME,
    //            .cb_addr = (unsigned long)ccs_task_prctl,
    //            .ret_type = UOS_HOOK_RET_TY_INT,
    //            .arg_len = 5,
    //        },
    //},
    {
        .hook_id = UOS_FILE_OPEN,
        .cb =
            {
                .owner = MODULE_NAME,
                .cb_addr = (unsigned long)ccs_file_open,
                .ret_type = UOS_HOOK_RET_TY_INT,
                .arg_len = 1,
            },
    },
    {
        .hook_id = UOS_SB_MOUNT,
        .cb =
            {
                .owner = MODULE_NAME,
                .cb_addr = (unsigned long)ccs_sb_mount,
                .ret_type = UOS_HOOK_RET_TY_INT,
                .arg_len = 5,
            },
    },
    {
        .hook_id = UOS_INODE_MKDIR,
        .cb =
            {
                .owner = MODULE_NAME,
                .cb_addr = (unsigned long)ccs_inode_mkdir,
                .ret_type = UOS_HOOK_RET_TY_INT,
                .arg_len = 3,
            },
    },
    {
        .hook_id = UOS_INODE_SETATTR,
        .cb =
            {
                .owner = MODULE_NAME,
                .cb_addr = (unsigned long)ccs_inode_setattr,
                .ret_type = UOS_HOOK_RET_TY_INT,
                .arg_len = 2,
            },
    },
    {
        .hook_id = UOS_INODE_RMDIR,
        .cb =
            {
                .owner = MODULE_NAME,
                .cb_addr = (unsigned long)ccs_inode_rmdir,
                .ret_type = UOS_HOOK_RET_TY_INT,
                .arg_len = 2,
            },
    },
    {
        .hook_id = UOS_INODE_UNLINK,
        .cb =
            {
                .owner = MODULE_NAME,
                .cb_addr = (unsigned long)ccs_inode_unlink,
                .ret_type = UOS_HOOK_RET_TY_INT,
                .arg_len = 2,
            },
    },
    {
        .hook_id = UOS_INODE_SYMLINK,
        .cb =
            {
                .owner = MODULE_NAME,
                .cb_addr = (unsigned long)ccs_inode_symlink,
                .ret_type = UOS_HOOK_RET_TY_INT,
                .arg_len = 3,
            },
    },
    {
        .hook_id = UOS_INODE_RENAME,
        .cb =
            {
                .owner = MODULE_NAME,
                .cb_addr = (unsigned long)ccs_inode_rename,
                .ret_type = UOS_HOOK_RET_TY_INT,
                .arg_len = 4,
            },
    },
    {
        .hook_id = UOS_INODE_LINK,
        .cb =
            {
                .owner = MODULE_NAME,
                .cb_addr = (unsigned long)ccs_inode_link,
                .ret_type = UOS_HOOK_RET_TY_INT,
                .arg_len = 3,
            },
    },
    {
        .hook_id = UOS_INODE_CREATE,
        .cb =
            {
                .owner = MODULE_NAME,
                .cb_addr = (unsigned long)ccs_inode_create,
                .ret_type = UOS_HOOK_RET_TY_INT,
                .arg_len = 3,
            },
    },
    {
        .hook_id = UOS_TASK_KILL,
        .cb =
            {
                .owner = MODULE_NAME,
                .cb_addr = (unsigned long)ccs_task_kill,
                .ret_type = UOS_HOOK_RET_TY_INT,
                .arg_len = 4,
            },
    },
    {
        .hook_id = UOS_SETTIME,
        .cb =
            {
                .owner = MODULE_NAME,
                .cb_addr = (unsigned long)ccs_settime,
                .ret_type = UOS_HOOK_RET_TY_INT,
                .arg_len = 2,
            },
    },
    {
        .hook_id = UOS_SOCKET_BIND,
        .cb =
            {
                .owner = MODULE_NAME,
                .cb_addr = (unsigned long)ccs_socket_bind,
                .ret_type = UOS_HOOK_RET_TY_INT,
                .arg_len = 3,
            },
    },
    {
        .hook_id = UOS_HOOK_NONE,
    },
};

static int registe_uos_hook(void)
{
	int i = 0, j = 0;
	int error = 0;

	for (; entries[i].hook_id != UOS_HOOK_NONE; i++) {
		error = uos_hook_register(entries[i].hook_id, &entries[i].cb);
		if (error) {
			DBG(KERN_INFO "Failed to registe hook %d\n", i);
			break;
		}
	}

	if (entries[i].hook_id == UOS_HOOK_NONE)
		return 0;

	for (; j < i; j++) {
		error = uos_hook_cancel(entries[j].hook_id, entries[j].cb.owner);
		if (error)
			DBG(KERN_INFO "Failed to cancel hook %d\n", j);
	}

	return -1;
}

static void cancel_uos_hook(void)
{
	int i = 0;
	int error = 0;

	for (; entries[i].hook_id != UOS_HOOK_NONE; i++) {
		error = uos_hook_cancel(entries[i].hook_id, entries[i].cb.owner);
		if (error)
			DBG(KERN_INFO "Failed to cancel hook %d\n", i);
        }
}
    Reply Favorite View the author
    All Replies
    avatar
    153******35
    deepin
    2 hours ago
    #1

    最好用官方方法,否则风险很大,用官方方法也需要论证和调试。前一段时间,我曾调试编译过内核,有些数据加入内核是很难兼容的,甚至要改造内核原代码…折腾时间可能会比较长…

    祝你顺利!

    Reply View the author