leo/libusbModule
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

加入了将控制传输数据清0的测试,目前已经注释

Browse Source
This commit is contained in:
kylin_bg 2025-06-07 17:42:56 +08:00
parent 3e4d3d9640
commit 906540dba9
1 changed files with 55 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
libusbMod.c
View File

@ -13,7 +13,8 @@ MODULE_DESCRIPTION("Hook usb_submit_urb() on ARM64 and replace callback");
static struct kprobe kp; static struct kprobe kp;
// 自定义回调上下文,保存原始回调和上下文 // 自定义回调上下文,保存原始回调和上下文
struct urb_context { struct urb_context
{
usb_complete_t original_complete; usb_complete_t original_complete;
void *original_context; void *original_context;
}; };
@ -28,17 +29,20 @@ static void callback_wrapper(struct urb *urb)
urb->status, urb->status,
urb->actual_length); urb->actual_length);
if (urb->transfer_buffer && urb->actual_length > 0) { if (urb->transfer_buffer && urb->actual_length > 0)
{
char hex[3 * 32 + 1] = {0}; char hex[3 * 32 + 1] = {0};
int i, len = min(32, urb->actual_length); int i, len = min(32, urb->actual_length);
unsigned char *data = (unsigned char *)urb->transfer_buffer; unsigned char *data = (unsigned char *)urb->transfer_buffer;
for (i = 0; i < len; ++i) { for (i = 0; i < len; ++i)
{
snprintf(hex + i * 3, sizeof(hex) - i * 3, "%02X ", data[i]); snprintf(hex + i * 3, sizeof(hex) - i * 3, "%02X ", data[i]);
} }
pr_info("[usbFilter] [callback_wrapper] 返回数据(hex): %s\n", hex); pr_info("[usbFilter] [callback_wrapper] 返回数据(hex): %s\n", hex);
} }
if (ctx && ctx->original_complete) { if (ctx && ctx->original_complete)
{
urb->context = ctx->original_context; urb->context = ctx->original_context;
ctx->original_complete(urb); ctx->original_complete(urb);
} }
@ -58,7 +62,8 @@ static int handler_pre(struct kprobe *p, struct pt_regs *regs)
pr_info("[usbFilter] URB: %p, pipe=0x%x, flags=0x%x\n", pr_info("[usbFilter] URB: %p, pipe=0x%x, flags=0x%x\n",
urb_kern, urb_kern->pipe, urb_kern->transfer_flags); urb_kern, urb_kern->pipe, urb_kern->transfer_flags);
if (urb_kern->dev) { if (urb_kern->dev)
{
pr_info("[usbFilter] USB设备: VID=0x%04x, PID=0x%04x\n", pr_info("[usbFilter] USB设备: VID=0x%04x, PID=0x%04x\n",
urb_kern->dev->descriptor.idVendor, urb_kern->dev->descriptor.idVendor,
urb_kern->dev->descriptor.idProduct); urb_kern->dev->descriptor.idProduct);
@ -68,34 +73,60 @@ static int handler_pre(struct kprobe *p, struct pt_regs *regs)
pr_info("[usbFilter] pipe: 端点=%d, 方向=%s, 类型=%s\n", pr_info("[usbFilter] pipe: 端点=%d, 方向=%s, 类型=%s\n",
usb_pipeendpoint(urb_kern->pipe), usb_pipeendpoint(urb_kern->pipe),
usb_pipein(urb_kern->pipe) ? "IN" : "OUT", usb_pipein(urb_kern->pipe) ? "IN" : "OUT",
usb_pipetype(urb_kern->pipe) == PIPE_CONTROL ? "CONTROL" : usb_pipetype(urb_kern->pipe) == PIPE_CONTROL ? "CONTROL" : usb_pipetype(urb_kern->pipe) == PIPE_ISOCHRONOUS ? "ISO"
usb_pipetype(urb_kern->pipe) == PIPE_ISOCHRONOUS ? "ISO" : : usb_pipetype(urb_kern->pipe) == PIPE_BULK ? "BULK"
usb_pipetype(urb_kern->pipe) == PIPE_BULK ? "BULK" : : usb_pipetype(urb_kern->pipe) == PIPE_INTERRUPT ? "INTERRUPT"
usb_pipetype(urb_kern->pipe) == PIPE_INTERRUPT ? "INTERRUPT" : "UNKNOWN"); : "UNKNOWN");
// 打印前 32 字节传输数据 if (usb_pipetype(urb_kern->pipe) == PIPE_CONTROL)
if (urb_kern->transfer_buffer && urb_kern->transfer_buffer_length > 0) { {
unsigned char data[32] = {0}; struct usb_ctrlrequest *setup = (struct usb_ctrlrequest *)urb_kern->setup_packet;
unsigned int to_copy = min(32U, (unsigned int)urb_kern->transfer_buffer_length); if (setup)
memcpy(data, urb_kern->transfer_buffer, to_copy); {
pr_info("[usbFilter] 控制传输Setup包: bRequestType=0x%02x, bRequest=0x%02x, "
char hex[3 * 32 + 1] = {0}; "wValue=0x%04x, wIndex=0x%04x, wLength=%u\n",
int i; setup->bRequestType, setup->bRequest,
for (i = 0; i < to_copy; ++i) { le16_to_cpu(setup->wValue), le16_to_cpu(setup->wIndex),
snprintf(hex + i * 3, sizeof(hex) - i * 3, "%02X ", data[i]); le16_to_cpu(setup->wLength));
}
// //将原有的setup包传输的数据全部设置为0
// if (urb_kern->setup_packet && urb_kern->transfer_buffer_length > 0)
// {
// memset(urb_kern->setup_packet, 0, urb_kern->transfer_buffer_length);
// pr_info("[usbFilter] 已将控制传输的 setup 包数据清零\n");
// }
}
else
{
// 打印前 32 字节传输数据
if (urb_kern->transfer_buffer && urb_kern->transfer_buffer_length > 0)
{
unsigned char data[32] = {0};
unsigned int to_copy = min(32U, (unsigned int)urb_kern->transfer_buffer_length);
memcpy(data, urb_kern->transfer_buffer, to_copy);
char hex[3 * 32 + 1] = {0};
int i;
for (i = 0; i < to_copy; ++i)
{
snprintf(hex + i * 3, sizeof(hex) - i * 3, "%02X ", data[i]);
}
pr_info("[usbFilter] 数据内容(hex): %s\n", hex);
} }
pr_info("[usbFilter] 数据内容(hex): %s\n", hex);
} }
// 是否为目标设备 // 是否为目标设备
if (urb_kern->dev && if (urb_kern->dev &&
urb_kern->dev->descriptor.idVendor == 0x1a86 && urb_kern->dev->descriptor.idVendor == 0x1a86 &&
urb_kern->dev->descriptor.idProduct == 0x55de) { urb_kern->dev->descriptor.idProduct == 0x55de)
{
pr_info("[usbFilter] 命中目标设备,替换 URB 回调\n"); pr_info("[usbFilter] 命中目标设备,替换 URB 回调\n");
struct urb_context *ctx = kmalloc(sizeof(*ctx), GFP_ATOMIC); struct urb_context *ctx = kmalloc(sizeof(*ctx), GFP_ATOMIC);
if (!ctx) { if (!ctx)
{
pr_err("[usbFilter] 分配回调上下文失败\n"); pr_err("[usbFilter] 分配回调上下文失败\n");
return 0; return 0;
} }
@ -109,7 +140,6 @@ static int handler_pre(struct kprobe *p, struct pt_regs *regs)
// 可以选择返回 0让 URB 正常提交;也可以选择模拟成功阻断: // 可以选择返回 0让 URB 正常提交;也可以选择模拟成功阻断:
// regs->regs[0] = 0; // regs->regs[0] = 0;
// return 1; // return 1;
} }
return 0; return 0;
@ -120,7 +150,8 @@ static int __init usb_hook_init(void)
kp.symbol_name = "usb_submit_urb"; kp.symbol_name = "usb_submit_urb";
kp.pre_handler = handler_pre; kp.pre_handler = handler_pre;
if (register_kprobe(&kp) < 0) { if (register_kprobe(&kp) < 0)
{
pr_err("[usbFilter] 无法注册 kprobe\n"); pr_err("[usbFilter] 无法注册 kprobe\n");
return -1; return -1;
} }