diff --git a/libusbMod.c b/libusbMod.c index afd226d..0a59f1a 100644 --- a/libusbMod.c +++ b/libusbMod.c @@ -13,7 +13,8 @@ MODULE_DESCRIPTION("Hook usb_submit_urb() on ARM64 and replace callback"); static struct kprobe kp; // 自定义回调上下文,保存原始回调和上下文 -struct urb_context { +struct urb_context +{ usb_complete_t original_complete; void *original_context; }; @@ -28,17 +29,20 @@ static void callback_wrapper(struct urb *urb) urb->status, urb->actual_length); - if (urb->transfer_buffer && urb->actual_length > 0) { + if (urb->transfer_buffer && urb->actual_length > 0) + { char hex[3 * 32 + 1] = {0}; int i, len = min(32, urb->actual_length); unsigned char *data = (unsigned char *)urb->transfer_buffer; - for (i = 0; i < len; ++i) { + for (i = 0; i < len; ++i) + { snprintf(hex + i * 3, sizeof(hex) - i * 3, "%02X ", data[i]); } pr_info("[usbFilter] [callback_wrapper] 返回数据(hex): %s\n", hex); } - if (ctx && ctx->original_complete) { + if (ctx && ctx->original_complete) + { urb->context = ctx->original_context; ctx->original_complete(urb); } @@ -58,7 +62,8 @@ static int handler_pre(struct kprobe *p, struct pt_regs *regs) pr_info("[usbFilter] URB: %p, pipe=0x%x, flags=0x%x\n", urb_kern, urb_kern->pipe, urb_kern->transfer_flags); - if (urb_kern->dev) { + if (urb_kern->dev) + { pr_info("[usbFilter] USB设备: VID=0x%04x, PID=0x%04x\n", urb_kern->dev->descriptor.idVendor, urb_kern->dev->descriptor.idProduct); @@ -68,34 +73,60 @@ static int handler_pre(struct kprobe *p, struct pt_regs *regs) pr_info("[usbFilter] pipe: 端点=%d, 方向=%s, 类型=%s\n", usb_pipeendpoint(urb_kern->pipe), usb_pipein(urb_kern->pipe) ? "IN" : "OUT", - usb_pipetype(urb_kern->pipe) == PIPE_CONTROL ? "CONTROL" : - usb_pipetype(urb_kern->pipe) == PIPE_ISOCHRONOUS ? "ISO" : - usb_pipetype(urb_kern->pipe) == PIPE_BULK ? "BULK" : - usb_pipetype(urb_kern->pipe) == PIPE_INTERRUPT ? "INTERRUPT" : "UNKNOWN"); + usb_pipetype(urb_kern->pipe) == PIPE_CONTROL ? "CONTROL" : usb_pipetype(urb_kern->pipe) == PIPE_ISOCHRONOUS ? "ISO" + : usb_pipetype(urb_kern->pipe) == PIPE_BULK ? "BULK" + : usb_pipetype(urb_kern->pipe) == PIPE_INTERRUPT ? "INTERRUPT" + : "UNKNOWN"); - // 打印前 32 字节传输数据 - if (urb_kern->transfer_buffer && urb_kern->transfer_buffer_length > 0) { - unsigned char data[32] = {0}; - unsigned int to_copy = min(32U, (unsigned int)urb_kern->transfer_buffer_length); - memcpy(data, urb_kern->transfer_buffer, to_copy); - - char hex[3 * 32 + 1] = {0}; - int i; - for (i = 0; i < to_copy; ++i) { - snprintf(hex + i * 3, sizeof(hex) - i * 3, "%02X ", data[i]); + if (usb_pipetype(urb_kern->pipe) == PIPE_CONTROL) + { + struct usb_ctrlrequest *setup = (struct usb_ctrlrequest *)urb_kern->setup_packet; + if (setup) + { + pr_info("[usbFilter] 控制传输Setup包: bRequestType=0x%02x, bRequest=0x%02x, " + "wValue=0x%04x, wIndex=0x%04x, wLength=%u\n", + setup->bRequestType, setup->bRequest, + le16_to_cpu(setup->wValue), le16_to_cpu(setup->wIndex), + le16_to_cpu(setup->wLength)); + } + + // //将原有的setup包传输的数据全部设置为0 + // if (urb_kern->setup_packet && urb_kern->transfer_buffer_length > 0) + // { + // memset(urb_kern->setup_packet, 0, urb_kern->transfer_buffer_length); + // pr_info("[usbFilter] 已将控制传输的 setup 包数据清零\n"); + // } + } + else + { + // 打印前 32 字节传输数据 + if (urb_kern->transfer_buffer && urb_kern->transfer_buffer_length > 0) + { + unsigned char data[32] = {0}; + unsigned int to_copy = min(32U, (unsigned int)urb_kern->transfer_buffer_length); + memcpy(data, urb_kern->transfer_buffer, to_copy); + + char hex[3 * 32 + 1] = {0}; + int i; + for (i = 0; i < to_copy; ++i) + { + snprintf(hex + i * 3, sizeof(hex) - i * 3, "%02X ", data[i]); + } + pr_info("[usbFilter] 数据内容(hex): %s\n", hex); } - pr_info("[usbFilter] 数据内容(hex): %s\n", hex); } // 是否为目标设备 if (urb_kern->dev && urb_kern->dev->descriptor.idVendor == 0x1a86 && - urb_kern->dev->descriptor.idProduct == 0x55de) { + urb_kern->dev->descriptor.idProduct == 0x55de) + { pr_info("[usbFilter] 命中目标设备,替换 URB 回调\n"); struct urb_context *ctx = kmalloc(sizeof(*ctx), GFP_ATOMIC); - if (!ctx) { + if (!ctx) + { pr_err("[usbFilter] 分配回调上下文失败\n"); return 0; } @@ -109,7 +140,6 @@ static int handler_pre(struct kprobe *p, struct pt_regs *regs) // 可以选择返回 0,让 URB 正常提交;也可以选择模拟成功阻断: // regs->regs[0] = 0; // return 1; - } return 0; @@ -120,7 +150,8 @@ static int __init usb_hook_init(void) kp.symbol_name = "usb_submit_urb"; kp.pre_handler = handler_pre; - if (register_kprobe(&kp) < 0) { + if (register_kprobe(&kp) < 0) + { pr_err("[usbFilter] 无法注册 kprobe\n"); return -1; }