找回密码
 注册
搜索
热搜: 超星 读书 找书
查看: 1943|回复: 0

[【推荐】] FreeBSD中替换系统调用监视系统文件打开记录

[复制链接]
发表于 2009-8-6 14:32:36 | 显示全部楼层 |阅读模式
FreeBSD 7.1
Makefile

view plaincopy to clipboardprint?
·········10········20········30········40········50········60········70········80········90········100·······110·······120·······130·······140·······150

  1. SRCS = rmdir.c vn_help.c main.c vnode_if.h  
  2. KMOD = fsmon
  3. KO = $(KMOD).ko
  4. KLDMOD = t
  5. WERROR =  
  6.  
  7. .include <bsd.kmod.mk>

SRCS = rmdir.c vn_help.c main.c vnode_if.h KMOD = fsmon KO = $(KMOD).ko KLDMOD = t WERROR = .include <bsd.kmod.mk>



main.c 模块主文件

view plaincopy to clipboardprint?
·········10········20········30········40········50········60········70········80········90········100·······110·······120·······130·······140·······150

  1. #include \"inc.h\"
  2.  
  3. static int
  4. load (struct module *module, int cmd, void *arg)  
  5. {
  6.   int error = 0;
  7.  
  8.   switch( cmd ) {
  9.   case MOD_LOAD:
10.     uprintf( \"%s module was loaded. \\n\", MOD_NAME );
11.     //sysent[SYS_rmdir].sy_call = (sy_call_t *)new_rmdir;
12.  
13.     //sysent[SYS_mkdir].sy_call = (sy_call_t *)new_mkdir;
14.  
15.     sysent[SYS_open].sy_call = (sy_call_t *)new_open;
16.     break;
17.  
18.   case MOD_UNLOAD:
19.     uprintf( \"%s module was unloaded. \\n\", MOD_NAME );
20.     //sysent[SYS_rmdir].sy_call = (sy_call_t *)rmdir;
21.  
22.     //sysent[SYS_mkdir].sy_call = (sy_call_t *)mkdir;
23.  
24.     sysent[SYS_open].sy_call = (sy_call_t *)open;
25.     break;
26.  
27.   default:
28.     error = EINVAL;
29.     break;
30.   }
31.   return error;
32. }
33.  
34. static moduledata_t fsmon_mod = {
35.  \"fsmon\",
36.  load,
37.  NULL
38. };  
39.  
40. DECLARE_MODULE(fsmon, fsmon_mod, SI_SUB_KLD,SI_ORDER_ANY);

#include \"inc.h\" static int load (struct module *module, int cmd, void *arg) { int error = 0; switch( cmd ) { case MOD_LOAD: uprintf( \"%s module was loaded. \\n\", MOD_NAME ); //sysent[SYS_rmdir].sy_call = (sy_call_t *)new_rmdir; //sysent[SYS_mkdir].sy_call = (sy_call_t *)new_mkdir; sysent[SYS_open].sy_call = (sy_call_t *)new_open; break; case MOD_UNLOAD: uprintf( \"%s module was unloaded. \\n\", MOD_NAME ); //sysent[SYS_rmdir].sy_call = (sy_call_t *)rmdir; //sysent[SYS_mkdir].sy_call = (sy_call_t *)mkdir; sysent[SYS_open].sy_call = (sy_call_t *)open; break; default: error = EINVAL; break; } return error; } static moduledata_t fsmon_mod = { \"fsmon\", load, NULL }; DECLARE_MODULE(fsmon, fsmon_mod, SI_SUB_KLD,SI_ORDER_ANY);



open.c 拦截open系统调用


view plaincopy to clipboardprint?
·········10········20········30········40········50········60········70········80········90········100·······110·······120·······130·······140·······150

  1. #include \"inc.h\"
  2.  
  3. static char old_path[MAXPATHLEN];
  4.  
  5. int
  6. new_open(td, uap)
  7.   struct thread *td;
  8.   register struct open_args /* {
  9.     char *path;
10.     int flags;
11.     int mode;
12.   } */ *uap;
13. {
14.  
15.   struct vnode *vp, *dvp = NULL;
16.   int error;
17.   struct nameidata nd, *ndp;
18.   int vfslocked;
19.   char *dlep = NULL;
20.   char *flep = NULL;
21.   char *nameptr = NULL;
22.   char *dirptr = NULL;
23.   int fmode = 0, mpsafe;
24.   int locked = 0;   
25.   
26.   fmode = FFLAGS(uap->flags);
27.   ndp = &nd;   
28.   mpsafe = ndp->ni_cnd.cn_flags & MPSAFE;
29.   
30.   vfslocked = 0;   
31.   NDINIT(ndp, LOOKUP, FOLLOW | AUDITVNODE1 | MPSAFE, UIO_USERSPACE, uap->path, td);
32.   
33.   if (fmode & O_CREAT) {
34.     ndp->ni_cnd.cn_nameiop = CREATE;
35.     ndp->ni_cnd.cn_flags = ISOPEN | LOCKPARENT | LOCKLEAF |
36.       MPSAFE | AUDITVNODE1;
37.     if ((fmode & O_EXCL) == 0 && (fmode & O_NOFOLLOW) == 0)
38.       ndp->ni_cnd.cn_flags |= FOLLOW;
39.     bwillwrite();
40.     if ((error = namei(ndp)) != 0)
41.       return (error);
42.     vfslocked = NDHASGIANT(ndp);
43.     if (!mpsafe)
44.       ndp->ni_cnd.cn_flags &= ~MPSAFE;
45.        
46.     if (ndp->ni_vp == NULL) {
47.       dvp = ndp->ni_dvp;
48.       vp = NULL;
49.       locked = 0;
50.        
51.       vput(ndp->ni_dvp);
52.       VFS_UNLOCK_GIANT(vfslocked);
53.       NDFREE(ndp, NDF_ONLY_PNBUF);
54.     }
55.     else {
56.       if (ndp->ni_dvp == ndp->ni_vp)
57.         vrele(ndp->ni_dvp);
58.       else
59.         vput(ndp->ni_dvp);
60.         
61.       dvp = ndp->ni_dvp;      
62.       vp = ndp->ni_vp;
63.       locked = 1;
64.        
65.       if (fmode & O_EXCL) {
66.         error = EEXIST;
67.         goto bad;
68.       }
69.     }
70.   }
71.   else {
72.     ndp->ni_cnd.cn_nameiop = LOOKUP;
73.     ndp->ni_cnd.cn_flags = ISOPEN |
74.       ((fmode & O_NOFOLLOW) ? NOFOLLOW : FOLLOW) |
75.       LOCKLEAF | MPSAFE | AUDITVNODE1;
76.     if ((error = namei(ndp)) != 0)
77.       return (error);
78.     if (!mpsafe)
79.       ndp->ni_cnd.cn_flags &= ~MPSAFE;
80.     vfslocked = NDHASGIANT(ndp);
81.      
82.     dvp = ndp->ni_dvp;
83.     vp = ndp->ni_vp;
84.     locked = 1;
85.   }
86.   
87.   if ( vp ) {
88.     if (vp->v_type == VLNK) {
89.       error = EMLINK;
90.       goto bad;
91.     }
92.     if (vp->v_type == VSOCK) {
93.       error = EOPNOTSUPP;
94.       goto bad;
95.     }
96.     if (fmode & (FWRITE | O_TRUNC)) {
97.       if (vp->v_type == VDIR) {
98.         error = EISDIR;
99.         goto bad;
100.       }
101.     }
102.   }
103.   if ( dvp ) {
104.     error = vn_fullpath( td, dvp, &dlep, &flep );
105.     if ( !error ) {
106.       //uprintf( \"path = %s\\n\", dlep );
107.  
108.       strncpy( old_path, dlep, MAXPATHLEN );      
109.     }
110.     else {
111.       uprintf( \"%s: vn_fullpath call fail. return %d\\n\", __func__, error );
112.       //uprintf( \"old_path = %s \\n\", old_path );      
113.  
114.     }
115.     //
116.  
117.     dirptr = old_path;     
118.     if ( nd.ni_cnd.cn_namelen ) {
119.       nameptr = nd.ni_cnd.cn_nameptr;
120.     }
121.     else {
122.       nameptr = \"\";
123.     }
124.      
125.     if ( fmode & O_CREAT ) {
126.       uprintf( \"open %s/%s for create\\n\", dirptr, nameptr );
127.     }
128.     else {
129.       if ( fmode & (FWRITE | O_TRUNC | O_APPEND) ) {
130.         uprintf( \"open %s/%s for write\\n\", dirptr, nameptr );
131.       }
132.       else {
133.         uprintf( \"open %s/%s\\n\", dirptr, nameptr );
134.       }
135.     }     
136.      
137.     if ( flep ) {
138.       free( flep, M_TEMP );
139.     }     
140.     error = 0;
141.   }
142.   
143.   if ( locked ) {
144.     NDFREE(ndp, NDF_ONLY_PNBUF);
145.     if ( vp )
146.       vput(vp);
147.     VFS_UNLOCK_GIANT(vfslocked);
148.   }
149.   return kern_open(td, uap->path, UIO_USERSPACE, uap->flags, uap->mode);
150.   
151. bad:
152.   NDFREE(ndp, NDF_ONLY_PNBUF);
153.   if ( vp )
154.     vput(vp);
155.   VFS_UNLOCK_GIANT(vfslocked);
156.   return error;
157. }

#include \"inc.h\" static char old_path[MAXPATHLEN]; int new_open(td, uap) struct thread *td; register struct open_args /* { char *path; int flags; int mode; } */ *uap; { struct vnode *vp, *dvp = NULL; int error; struct nameidata nd, *ndp; int vfslocked; char *dlep = NULL; char *flep = NULL; char *nameptr = NULL; char *dirptr = NULL; int fmode = 0, mpsafe; int locked = 0; fmode = FFLAGS(uap->flags); ndp = &nd; mpsafe = ndp->ni_cnd.cn_flags & MPSAFE; vfslocked = 0; NDINIT(ndp, LOOKUP, FOLLOW | AUDITVNODE1 | MPSAFE, UIO_USERSPACE, uap->path, td); if (fmode & O_CREAT) { ndp->ni_cnd.cn_nameiop = CREATE; ndp->ni_cnd.cn_flags = ISOPEN | LOCKPARENT | LOCKLEAF | MPSAFE | AUDITVNODE1; if ((fmode & O_EXCL) == 0 && (fmode & O_NOFOLLOW) == 0) ndp->ni_cnd.cn_flags |= FOLLOW; bwillwrite(); if ((error = namei(ndp)) != 0) return (error); vfslocked = NDHASGIANT(ndp); if (!mpsafe) ndp->ni_cnd.cn_flags &= ~MPSAFE; if (ndp->ni_vp == NULL) { dvp = ndp->ni_dvp; vp = NULL; locked = 0; vput(ndp->ni_dvp); VFS_UNLOCK_GIANT(vfslocked); NDFREE(ndp, NDF_ONLY_PNBUF); } else { if (ndp->ni_dvp == ndp->ni_vp) vrele(ndp->ni_dvp); else vput(ndp->ni_dvp); dvp = ndp->ni_dvp; vp = ndp->ni_vp; locked = 1; if (fmode & O_EXCL) { error = EEXIST; goto bad; } } } else { ndp->ni_cnd.cn_nameiop = LOOKUP; ndp->ni_cnd.cn_flags = ISOPEN | ((fmode & O_NOFOLLOW) ? NOFOLLOW : FOLLOW) | LOCKLEAF | MPSAFE | AUDITVNODE1; if ((error = namei(ndp)) != 0) return (error); if (!mpsafe) ndp->ni_cnd.cn_flags &= ~MPSAFE; vfslocked = NDHASGIANT(ndp); dvp = ndp->ni_dvp; vp = ndp->ni_vp; locked = 1; } if ( vp ) { if (vp->v_type == VLNK) { error = EMLINK; goto bad; } if (vp->v_type == VSOCK) { error = EOPNOTSUPP; goto bad; } if (fmode & (FWRITE | O_TRUNC)) { if (vp->v_type == VDIR) { error = EISDIR; goto bad; } } } if ( dvp ) { error = vn_fullpath( td, dvp, &dlep, &flep ); if ( !error ) { //uprintf( \"path = %s\\n\", dlep ); strncpy( old_path, dlep, MAXPATHLEN ); } else { uprintf( \"%s: vn_fullpath call fail. return %d\\n\", __func__, error ); //uprintf( \"old_path = %s \\n\", old_path ); } // dirptr = old_path; if ( nd.ni_cnd.cn_namelen ) { nameptr = nd.ni_cnd.cn_nameptr; } else { nameptr = \"\"; } if ( fmode & O_CREAT ) { uprintf( \"open %s/%s for create\\n\", dirptr, nameptr ); } else { if ( fmode & (FWRITE | O_TRUNC | O_APPEND) ) { uprintf( \"open %s/%s for write\\n\", dirptr, nameptr ); } else { uprintf( \"open %s/%s\\n\", dirptr, nameptr ); } } if ( flep ) { free( flep, M_TEMP ); } error = 0; } if ( locked ) { NDFREE(ndp, NDF_ONLY_PNBUF); if ( vp ) vput(vp); VFS_UNLOCK_GIANT(vfslocked); } return kern_open(td, uap->path, UIO_USERSPACE, uap->flags, uap->mode); bad: NDFREE(ndp, NDF_ONLY_PNBUF); if ( vp ) vput(vp); VFS_UNLOCK_GIANT(vfslocked); return error; }

in.h 公共头文件



view plaincopy to clipboardprint?
·········10········20········30········40········50········60········70········80········90········100·······110·······120·······130·······140·······150

  1. #ifndef _INC_H
  2. #define _INC_H
  3.  
  4. #include <sys/cdefs.h>
  5. #include <sys/param.h>
  6. #include <sys/systm.h>
  7. #include <sys/bio.h>
  8. #include <sys/buf.h>
  9. #include <sys/sysent.h>
10. #include <sys/malloc.h>
11. #include <sys/mount.h>
12. #include <sys/mutex.h>
13. #include <sys/sysproto.h>
14. #include <sys/namei.h>
15. #include <sys/filedesc.h>
16. #include <sys/kernel.h>
17. #include <sys/fcntl.h>
18. #include <sys/file.h>
19. #include <sys/filio.h>
20. #include <sys/limits.h>
21. #include <sys/linker.h>
22. #include <sys/stat.h>
23. #include <sys/sx.h>
24. #include <sys/unistd.h>
25. #include <sys/vnode.h>
26. #include <sys/priv.h>
27. #include <sys/proc.h>
28. #include <sys/dirent.h>
29. #include <sys/jail.h>
30. #include <sys/syscallsubr.h>
31. #include <sys/sysctl.h>
32. #ifdef KTRACE
33. #include <sys/ktrace.h>
34. #endif
35.  
36. #include <machine/stdarg.h>
37.  
38. #include <security/audit/audit.h>
39. #include <security/mac/mac_framework.h>
40.  
41. #include <vm/vm.h>
42. #include <vm/vm_object.h>
43. #include <vm/vm_page.h>
44. #include <vm/uma.h>
45.  
46.  
47. #define MOD_NAME  \"fsmon\"
48.  
49.  
50. int  new_open(struct thread *, struct open_args *);
51.  
52. #endif
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

Archiver|手机版|小黑屋|网上读书园地

GMT+8, 2024-11-22 16:23 , Processed in 0.146787 second(s), 18 queries .

Powered by Discuz! X3.5

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表