diff --git a/libusbMod.c b/libusbMod.c index d3e6273..b8324ea 100644 --- a/libusbMod.c +++ b/libusbMod.c @@ -29,55 +29,96 @@ static int handler_pre(struct kprobe *p, struct pt_regs *regs) } // 打印进程信息、PID - pr_info("[usbFilter] process: %s, pid: %d\n", + pr_info("[usbFilter] 进程: %s, pid: %d\n", current->comm, current->pid); - // 获取端点地址、传输长度和 pipe 信息 - pr_info("[usbFilter] urb_kern: %p, pipe: 0x%08x, ep: 0x%x, len: %d\n", - urb_kern, - urb_kern->pipe, // 新增打印 pipe 信息 - urb_kern->ep ? urb_kern->ep->desc.bEndpointAddress : 0, // 检查 urb_kern->ep - urb_kern->transfer_buffer_length); + // 获取并打印 URB 的详细信息 + pr_info("[usbFilter] URB详情: 地址=%p, pipe=0x%08x, 状态=%d, 传输标志=0x%08x\n", + urb_kern, + urb_kern->pipe, + urb_kern->status, + urb_kern->transfer_flags); + // 打印 pipe 的解析信息 + pr_info("[usbFilter] Pipe解析: 设备地址=%d, 端点号=%d, 方向=%s, 类型=%s\n", + usb_pipedevice(urb_kern->pipe), + usb_pipeendpoint(urb_kern->pipe), + usb_pipein(urb_kern->pipe) ? "IN(设备到主机)" : "OUT(主机到设备)", + usb_pipetype(urb_kern->pipe) == PIPE_CONTROL ? "控制传输" : + usb_pipetype(urb_kern->pipe) == PIPE_ISOCHRONOUS ? "等时传输" : + usb_pipetype(urb_kern->pipe) == PIPE_BULK ? "批量传输" : + usb_pipetype(urb_kern->pipe) == PIPE_INTERRUPT ? "中断传输" : "未知"); - if (urb_kern->transfer_buffer && urb_kern->transfer_buffer_length > 0) { - unsigned char data[16] = {0}; // 局部缓冲区,用于存放拷贝的数据 - unsigned int to_copy = min((unsigned int)16, urb_kern->transfer_buffer_length); - bool data_copied_successfully = false; - - // 尝试从用户空间拷贝 - if (copy_from_user(data, urb_kern->transfer_buffer, to_copy) == 0) { // 0 表示成功 - pr_info("[usbFilter] Successfully copied %u bytes using copy_from_user from user buffer at %p.\n", to_copy, urb_kern->transfer_buffer); - data_copied_successfully = true; - } else { - // copy_from_user 失败 - pr_warn("[usbFilter] copy_from_user failed for buffer at %p. Attempting memcpy (assuming buffer is in kernel space).\n", urb_kern->transfer_buffer); - - // 警告:如果 transfer_buffer 不是有效的内核地址,memcpy 可能会导致内核崩溃。 - // 这仅作为调试时的后备尝试。 - memcpy(data, urb_kern->transfer_buffer, to_copy); - // 如果 memcpy 没有导致崩溃,我们假设数据为了打印目的是成功拷贝的。 - pr_info("[usbFilter] memcpy attempted for %u bytes from buffer at %p (assumed kernel space).\n", to_copy, urb_kern->transfer_buffer); - data_copied_successfully = true; // 标记为成功,以便后续打印 - } - - if (data_copied_successfully) { - char hex[3 * 16 + 1] = {0}; // 用于存放十六进制字符串 - int i; - for (i = 0; i < to_copy; ++i) { - // 确保 snprintf 不会溢出 hex 缓冲区 - snprintf(hex + i * 3, sizeof(hex) - (i * 3), "%02X ", data[i]); - } - pr_info("[usbFilter] first %u bytes (hex): %s\n", to_copy, hex); - } + // 端点信息 + if (urb_kern->ep) { + pr_info("[usbFilter] 端点信息: 地址=0x%02x, 属性=0x%02x, 最大包大小=%d, 间隔=%d\n", + urb_kern->ep->desc.bEndpointAddress, + urb_kern->ep->desc.bmAttributes, + urb_kern->ep->desc.wMaxPacketSize, + urb_kern->ep->desc.bInterval); + } else { + pr_info("[usbFilter] 端点信息: urb_kern->ep 为 NULL\n"); + } + + // 打印设备信息(如果可用) + if (urb_kern->dev) { + pr_info("[usbFilter] USB设备: VID=0x%04x, PID=0x%04x\n", + urb_kern->dev->descriptor.idVendor, + urb_kern->dev->descriptor.idProduct); +; + } + + // 传输缓冲区信息 + pr_info("[usbFilter] 传输缓冲区: buffer=%p, length=%d, actual_length=%d\n", + urb_kern->transfer_buffer, + urb_kern->transfer_buffer_length, + urb_kern->actual_length); + + + // 如果是等时传输,打印相关信息 + if (usb_pipetype(urb_kern->pipe) == PIPE_ISOCHRONOUS) { + pr_info("[usbFilter] 等时传输: number_of_packets=%d, start_frame=%d, error_count=%d\n", + urb_kern->number_of_packets, + urb_kern->start_frame, + urb_kern->error_count); + } + + // 如果是控制传输,打印setup包 + if (usb_pipetype(urb_kern->pipe) == PIPE_CONTROL && urb_kern->setup_packet) { + struct usb_ctrlrequest *setup = (struct usb_ctrlrequest *)urb_kern->setup_packet; + pr_info("[usbFilter] 控制传输Setup包: bRequestType=0x%02x, bRequest=0x%02x, wValue=0x%04x, wIndex=0x%04x, wLength=%u\n", + setup->bRequestType, setup->bRequest, + le16_to_cpu(setup->wValue), le16_to_cpu(setup->wIndex), + le16_to_cpu(setup->wLength)); + } + + // 传输数据内容打印 + if (urb_kern->transfer_buffer && urb_kern->transfer_buffer_length > 0) { + unsigned char data[32] = {0}; // 增加到32字节 + unsigned int to_copy = min((unsigned int)32, urb_kern->transfer_buffer_length); + + // 尝试从用户空间拷贝 + if (copy_from_user(data, urb_kern->transfer_buffer, to_copy) != 0) { // 0 表示成功 + memcpy(data, urb_kern->transfer_buffer, to_copy); + } + + char hex[3 * 32 + 1] = {0}; // 修改为适应32字节的大小 + int i; + for (i = 0; i < to_copy; ++i) { + // 确保 snprintf 不会溢出 hex 缓冲区 + snprintf(hex + i * 3, sizeof(hex) - (i * 3), "%02X ", data[i]); + } + pr_info("[usbFilter] 数据内容(hex, %u字节): %s\n", to_copy, hex); + } + + if(urb_kern->dev->descriptor.idVendor == 0x1a86 && urb_kern->dev->descriptor.idProduct == 0x55de) { + pr_info("[usbFilter] 发现目标设备,阻断提交URB\n"); + regs->regs[0] = 0; // 设置 x0 寄存器(返回值)为 0 (成功) + return 1; } - - // 这里一定要设置返回成功,如果不设置返回成功,将会导致一直重复发送; - // regs->regs[0] = 0; // 设置 x0 寄存器(返回值)为 0 (成功) - //这里return 1表示阻断,return 0 表示继续运行 - // return 1; return 0; + } static int __init usb_hook_init(void)