Skip to content

Commit c31da3e

Browse files
AndroidReverser-TestAndroidReverser-Test
committed
增强兼容性
1 parent 0e9b217 commit c31da3e

File tree

1 file changed

+21
-32
lines changed

1 file changed

+21
-32
lines changed

kernel_trace.c

Lines changed: 21 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
#include "kernel_trace.h"
1414

1515
KPM_NAME("kernel_trace");
16-
KPM_VERSION("6.0.0");
16+
KPM_VERSION("6.1.0");
1717
KPM_LICENSE("GPL v2");
1818
KPM_AUTHOR("Test");
1919
KPM_DESCRIPTION("use uprobe trace some fun in kpm");
@@ -27,7 +27,7 @@ void (*path_put)(const struct path *path) = 0;
2727
void (*rcu_read_unlock)(void) = 0;
2828
int (*trace_printk)(unsigned long ip, const char *fmt, ...) = 0;
2929

30-
int (*bpf_probe_read_user)(void *dst, u32 size,const void __user *unsafe_ptr) = 0;
30+
unsigned long (*arch_copy_from_user)(void *to, const void __user *from, unsigned long n) = 0;
3131

3232
unsigned long (*get_unmapped_area)(struct file *file, unsigned long addr, unsigned long len,unsigned long pgoff, unsigned long flags) = 0;
3333

@@ -145,22 +145,18 @@ void before_mincore(hook_fargs3_t *args, void *udata){
145145
}
146146

147147
void* uuprobe_item = (void*)syscall_argn(args, 2);
148-
struct uprobe_item_info *uprobe_item = NULL;
149-
uprobe_item = kmalloc(sizeof(struct uprobe_item_info), GFP_KERNEL);
150-
if(!uprobe_item){
151-
logke("+Test-Log+ Failed to allocate memory with kmalloc\n");
152-
goto error_out;
153-
}
154148

155-
if(bpf_probe_read_user(uprobe_item,sizeof(struct uprobe_item_info),uuprobe_item)<0){
156-
logke("+Test-Log+ bpf_probe_read_user error\n");
149+
struct uprobe_item_info uprobe_item = {};
150+
151+
if(arch_copy_from_user(&uprobe_item,uuprobe_item,sizeof(struct uprobe_item_info))<0){
152+
logke("+Test-Log+ arch_copy_from_user error\n");
157153
goto error_out;
158154
}
159155

160156

161-
unsigned long fun_offset = (unsigned long)uprobe_item->fun_offset;
157+
unsigned long fun_offset = (unsigned long)uprobe_item.fun_offset;
162158
char fun_name[MAX_FUN_NAME];
163-
compat_strncpy_from_user(fun_name,uprobe_item->fun_name,sizeof(fun_name));
159+
compat_strncpy_from_user(fun_name,uprobe_item.fun_name,sizeof(fun_name));
164160

165161
int insert_ret = insert_key_value(&fun_info_tree,fun_offset,fun_name,strlen(fun_name));
166162
if(insert_ret==-1){
@@ -169,10 +165,9 @@ void before_mincore(hook_fargs3_t *args, void *udata){
169165
}
170166
logkd("+Test-Log+ fun_name:%s,fun_offset:%llx\n",fun_name,fun_offset);
171167

172-
unsigned long rfun_offset = uprobe_item->uprobe_offset;
168+
unsigned long rfun_offset = uprobe_item.uprobe_offset;
173169
unsigned int f_idx = fun_offset >> PAGE_SHIFT;
174170
insert_key_value(&fix_idx_tree,rfun_offset >> PAGE_SHIFT,&f_idx,4);
175-
kfree(uprobe_item);
176171

177172
int hret = uprobe_register(inode,rfun_offset,&trace_uc);
178173
if(hret<0){
@@ -189,25 +184,20 @@ void before_mincore(hook_fargs3_t *args, void *udata){
189184

190185
if(trace_flag_num==SET_TRACE_INFO){
191186
void* utrace_info = (void*)syscall_argn(args, 2);
192-
struct trace_init_info *base_info = NULL;
193-
base_info = kmalloc(sizeof(struct trace_init_info), GFP_KERNEL);
194-
if(!base_info){
195-
logke("+Test-Log+ Failed to allocate memory with kmalloc\n");
196-
goto error_out;
197-
}
198-
199-
if(bpf_probe_read_user(base_info,sizeof(struct trace_init_info),utrace_info)<0){
200-
logke("+Test-Log+ bpf_probe_read_user error\n");
187+
struct trace_init_info base_info = {};
188+
int ret = arch_copy_from_user(&base_info,utrace_info,sizeof(struct trace_init_info));
189+
if(ret <0){
190+
logke("+Test-Log+ arch_copy_from_user error:%d\n",ret);
201191
goto error_out;
202192
}
203193

204-
target_uid = (uid_t)base_info->uid;
194+
target_uid = (uid_t)base_info.uid;
205195
logkd("+Test-Log+ set target_uid:%d\n",target_uid);
206196

207-
module_base = (unsigned long)base_info->module_base;
197+
module_base = (unsigned long)base_info.module_base;
208198
logkd("+Test-Log+ set module_base:0x%llx\n",module_base);
209199

210-
compat_strncpy_from_user(file_name,base_info->tfile_name,sizeof(file_name));
200+
compat_strncpy_from_user(file_name,base_info.tfile_name,sizeof(file_name));
211201
logkd("+Test-Log+ set target_file_name:%s\n",file_name);
212202
struct path path;
213203
int fret = kern_path(file_name, LOOKUP_FOLLOW, &path);
@@ -220,7 +210,7 @@ void before_mincore(hook_fargs3_t *args, void *udata){
220210
logkd("+Test-Log+ success set file inode\n");
221211

222212
char fix_file_name[MAX_PATH_LEN];
223-
compat_strncpy_from_user(fix_file_name,base_info->fix_file_name,sizeof(fix_file_name));
213+
compat_strncpy_from_user(fix_file_name,base_info.fix_file_name,sizeof(fix_file_name));
224214
if(strlen(fix_file_name)!=0){
225215
if (fix_file) {
226216
filp_close(fix_file, NULL);
@@ -232,7 +222,6 @@ void before_mincore(hook_fargs3_t *args, void *udata){
232222
}
233223
logkd("+Test-Log+ set fix_file_name:%s\n",fix_file_name);
234224
}
235-
kfree(base_info);
236225

237226
goto success_out;
238227

@@ -337,7 +326,7 @@ static long kernel_trace_init(const char *args, const char *event, void *__user
337326
kfree = (typeof(kfree))kallsyms_lookup_name("kfree");
338327

339328
trace_printk = (typeof(trace_printk))kallsyms_lookup_name("__trace_printk");
340-
bpf_probe_read_user = (typeof(bpf_probe_read_user))kallsyms_lookup_name("bpf_probe_read_user");
329+
arch_copy_from_user = (typeof(arch_copy_from_user))kallsyms_lookup_name("__arch_copy_from_user");
341330

342331
get_unmapped_area = (typeof(get_unmapped_area))kallsyms_lookup_name("get_unmapped_area");
343332
file_path = (typeof(file_path))kallsyms_lookup_name("file_path");
@@ -375,7 +364,7 @@ static long kernel_trace_init(const char *args, const char *event, void *__user
375364
logkd("+Test-Log+ kfree:%llx\n",kfree);
376365

377366
logkd("+Test-Log+ trace_printk:%llx\n",trace_printk);
378-
logkd("+Test-Log+ bpf_probe_read_user:%llx\n",bpf_probe_read_user);
367+
logkd("+Test-Log+ arch_copy_from_user:%llx\n",arch_copy_from_user);
379368

380369
logkd("+Test-Log+ get_unmapped_area:%llx\n",get_unmapped_area);
381370
logkd("+Test-Log+ file_path:%llx\n",file_path);
@@ -398,8 +387,8 @@ static long kernel_trace_init(const char *args, const char *event, void *__user
398387
if(!(mtask_pid_nr_ns && uprobe_register && uprobe_unregister
399388
&& kern_path && igrab && path_put && rcu_read_unlock
400389
&& rb_erase && rb_insert_color && rb_first && trace_printk
401-
&& bpf_probe_read_user && get_unmapped_area && file_path && mkstrdup && filp_open && kernel_read && filp_close && vmalloc && vfree && vmalloc_to_page
402-
&& install_special_mapping_addr && create_xol_area_addr && do_read_cache_page_addr)){
390+
&& get_unmapped_area && file_path && mkstrdup && filp_open && kernel_read && filp_close && vmalloc && vfree && vmalloc_to_page
391+
&& install_special_mapping_addr && create_xol_area_addr && do_read_cache_page_addr && arch_copy_from_user)){
403392
logke("+Test-Log+ can not find some fun addr\n");
404393
return -1;
405394
}

0 commit comments

Comments
 (0)