diff --git a/Makefile b/Makefile index 81cc87f..52381f3 100644 --- a/Makefile +++ b/Makefile @@ -3,25 +3,16 @@ obj-m += libusbMod.o KDIR := /lib/modules/$(shell uname -r)/build PWD := $(shell pwd) -CC := gcc -CFLAGS := -Wall -O2 -LIBS := -lusb-1.0 - -# 默认目标:同时编译内核模块和用户程序 -all: libusbMod.ko main +# 默认目标:只编译内核模块 +all: libusbMod.ko # 编译内核模块 libusbMod.ko: make -C $(KDIR) M=$(PWD) modules -# 编译用户态程序 main -main: main.c - $(CC) $(CFLAGS) -o $@ $< $(LIBS) - # 清理所有生成文件 clean: make -C $(KDIR) M=$(PWD) clean - $(RM) main # 加载模块 load: diff --git a/libusbMod.c b/libusbMod.c index 0a59f1a..ede1752 100644 --- a/libusbMod.c +++ b/libusbMod.c @@ -5,141 +5,77 @@ #include #include #include +#include MODULE_LICENSE("GPL"); MODULE_AUTHOR("Leo"); -MODULE_DESCRIPTION("Hook usb_submit_urb() on ARM64 and replace callback"); +MODULE_DESCRIPTION("Monitor usb_submit_urb() data submission only"); static struct kprobe kp; -// 自定义回调上下文,保存原始回调和上下文 -struct urb_context +// 兼容 x86_64 和 arm64 获取第一个参数 +static struct urb *get_urb_from_regs(struct pt_regs *regs) { - usb_complete_t original_complete; - void *original_context; -}; - -// 包装回调函数 -static void callback_wrapper(struct urb *urb) -{ - struct urb_context *ctx = urb->context; - - pr_info("[usbFilter] [callback_wrapper] URB 完成: endpoint=0x%x, status=%d, actual_length=%d\n", - usb_pipeendpoint(urb->pipe), - urb->status, - urb->actual_length); - - if (urb->transfer_buffer && urb->actual_length > 0) - { - char hex[3 * 32 + 1] = {0}; - int i, len = min(32, urb->actual_length); - unsigned char *data = (unsigned char *)urb->transfer_buffer; - for (i = 0; i < len; ++i) - { - snprintf(hex + i * 3, sizeof(hex) - i * 3, "%02X ", data[i]); - } - pr_info("[usbFilter] [callback_wrapper] 返回数据(hex): %s\n", hex); - } - - if (ctx && ctx->original_complete) - { - urb->context = ctx->original_context; - ctx->original_complete(urb); - } - - kfree(ctx); // 释放上下文 +#if defined(CONFIG_ARM64) + return (struct urb *)regs->regs[0]; +#elif defined(CONFIG_X86_64) + return (struct urb *)regs->di; +#else +#error "Unsupported architecture" +#endif } static int handler_pre(struct kprobe *p, struct pt_regs *regs) { - struct urb *urb_kern = (struct urb *)regs->regs[0]; + struct urb *urb_kern = get_urb_from_regs(regs); if (!urb_kern) return 0; - pr_info("[usbFilter] 提交 URB 的进程: %s (pid: %d)\n", current->comm, current->pid); + pr_info("[usbFilter] 提交URB进程: %s (pid: %d)\n", current->comm, current->pid); - pr_info("[usbFilter] URB: %p, pipe=0x%x, flags=0x%x\n", - urb_kern, urb_kern->pipe, urb_kern->transfer_flags); - - if (urb_kern->dev) - { - pr_info("[usbFilter] USB设备: VID=0x%04x, PID=0x%04x\n", + if (urb_kern->dev) { + pr_info("[usbFilter] USB设备: busnum=%d, devnum=%d, VID=0x%04x, PID=0x%04x\n", + urb_kern->dev->bus->busnum, + urb_kern->dev->devnum, urb_kern->dev->descriptor.idVendor, urb_kern->dev->descriptor.idProduct); } - // 打印传输方向与类型 + pr_info("[usbFilter] URB: %p, pipe=0x%x, flags=0x%x\n", + urb_kern, urb_kern->pipe, urb_kern->transfer_flags); + pr_info("[usbFilter] pipe: 端点=%d, 方向=%s, 类型=%s\n", usb_pipeendpoint(urb_kern->pipe), usb_pipein(urb_kern->pipe) ? "IN" : "OUT", - usb_pipetype(urb_kern->pipe) == PIPE_CONTROL ? "CONTROL" : usb_pipetype(urb_kern->pipe) == PIPE_ISOCHRONOUS ? "ISO" - : usb_pipetype(urb_kern->pipe) == PIPE_BULK ? "BULK" - : usb_pipetype(urb_kern->pipe) == PIPE_INTERRUPT ? "INTERRUPT" - : "UNKNOWN"); + usb_pipetype(urb_kern->pipe) == PIPE_CONTROL ? "CONTROL" : + usb_pipetype(urb_kern->pipe) == PIPE_ISOCHRONOUS ? "ISO" : + usb_pipetype(urb_kern->pipe) == PIPE_BULK ? "BULK" : + usb_pipetype(urb_kern->pipe) == PIPE_INTERRUPT ? "INTERRUPT" : "UNKNOWN"); - if (usb_pipetype(urb_kern->pipe) == PIPE_CONTROL) - { - struct usb_ctrlrequest *setup = (struct usb_ctrlrequest *)urb_kern->setup_packet; - if (setup) - { - pr_info("[usbFilter] 控制传输Setup包: bRequestType=0x%02x, bRequest=0x%02x, " - "wValue=0x%04x, wIndex=0x%04x, wLength=%u\n", - setup->bRequestType, setup->bRequest, - le16_to_cpu(setup->wValue), le16_to_cpu(setup->wIndex), - le16_to_cpu(setup->wLength)); - } - - // //将原有的setup包传输的数据全部设置为0 - // if (urb_kern->setup_packet && urb_kern->transfer_buffer_length > 0) - // { - // memset(urb_kern->setup_packet, 0, urb_kern->transfer_buffer_length); - // pr_info("[usbFilter] 已将控制传输的 setup 包数据清零\n"); - // } - } - else - { - // 打印前 32 字节传输数据 - if (urb_kern->transfer_buffer && urb_kern->transfer_buffer_length > 0) - { - unsigned char data[32] = {0}; - unsigned int to_copy = min(32U, (unsigned int)urb_kern->transfer_buffer_length); - memcpy(data, urb_kern->transfer_buffer, to_copy); - - char hex[3 * 32 + 1] = {0}; - int i; - for (i = 0; i < to_copy; ++i) - { - snprintf(hex + i * 3, sizeof(hex) - i * 3, "%02X ", data[i]); - } - pr_info("[usbFilter] 数据内容(hex): %s\n", hex); + // 打印控制传输的setup包内容 + if (usb_pipetype(urb_kern->pipe) == PIPE_CONTROL && urb_kern->setup_packet) { + char setup_hex[3 * 8 + 1] = {0}; + int i; + unsigned char *setup = (unsigned char *)urb_kern->setup_packet; + for (i = 0; i < 8; ++i) { + snprintf(setup_hex + i * 3, sizeof(setup_hex) - i * 3, "%02X ", setup[i]); } + pr_info("[usbFilter] 控制传输setup包(8字节hex): %s\n", setup_hex); } - // 是否为目标设备 - if (urb_kern->dev && - urb_kern->dev->descriptor.idVendor == 0x1a86 && - urb_kern->dev->descriptor.idProduct == 0x55de) - { + // 打印控制传输的数据内容 + if (urb_kern->transfer_buffer && urb_kern->transfer_buffer_length > 0) { + unsigned int to_copy = min(32U, (unsigned int)urb_kern->transfer_buffer_length); + unsigned char data[32] = {0}; + memcpy(data, urb_kern->transfer_buffer, to_copy); - pr_info("[usbFilter] 命中目标设备,替换 URB 回调\n"); - - struct urb_context *ctx = kmalloc(sizeof(*ctx), GFP_ATOMIC); - if (!ctx) - { - pr_err("[usbFilter] 分配回调上下文失败\n"); - return 0; + char hex[3 * 32 + 1] = {0}; + int i; + for (i = 0; i < to_copy; ++i) { + snprintf(hex + i * 3, sizeof(hex) - i * 3, "%02X ", data[i]); } - - ctx->original_complete = urb_kern->complete; - ctx->original_context = urb_kern->context; - - urb_kern->complete = callback_wrapper; - urb_kern->context = ctx; - - // 可以选择返回 0,让 URB 正常提交;也可以选择模拟成功阻断: - // regs->regs[0] = 0; - // return 1; + pr_info("[usbFilter] 提交数据(前32字节hex): %s\n", hex); } return 0; diff --git a/main.c b/main.c deleted file mode 100644 index d198ba9..0000000 --- a/main.c +++ /dev/null @@ -1,61 +0,0 @@ -#include -#include -#include - -#define VENDOR_ID 0x1a86 // 替换为你的设备 VID -#define PRODUCT_ID 0x55de // 替换为你的设备 PID -#define BULK_EP_OUT 0x06 // OUT端点地址(低位为0表示OUT) -#define INTERFACE_NUMBER 4 // USB接口编号 - -int main(void) { - libusb_device_handle *handle = NULL; - int r; - int transferred; - unsigned char send_data[] = {0x01, 0x02, 0x03, 0x04, 0x05}; // 要发送的数据 - - // 初始化libusb - r = libusb_init(NULL); - if (r < 0) { - fprintf(stderr, "Failed to init libusb: %s\n", libusb_error_name(r)); - return EXIT_FAILURE; - } - - // 打开设备 - handle = libusb_open_device_with_vid_pid(NULL, VENDOR_ID, PRODUCT_ID); - if (!handle) { - fprintf(stderr, "Failed to open device\n"); - libusb_exit(NULL); - return EXIT_FAILURE; - } - - // 获取接口权限(可选,部分系统如Linux必须) - if (libusb_kernel_driver_active(handle, INTERFACE_NUMBER)) { - libusb_detach_kernel_driver(handle, INTERFACE_NUMBER); - } - - r = libusb_claim_interface(handle, INTERFACE_NUMBER); - if (r < 0) { - fprintf(stderr, "Failed to claim interface: %s\n", libusb_error_name(r)); - libusb_close(handle); - libusb_exit(NULL); - return EXIT_FAILURE; - } - - // 发送数据(Bulk OUT) - r = libusb_bulk_transfer(handle, BULK_EP_OUT, send_data, sizeof(send_data), &transferred, 1000); - if (r == 0) { - printf("Sent %d\n", transferred); - if (transferred != sizeof(send_data)) { - fprintf(stderr, "Warning: Only %d of %zu bytes sent\n", transferred, sizeof(send_data)); - } - } else { - fprintf(stderr, "Failed to send data: %s\n", libusb_error_name(r)); - } - - // 释放接口 & 关闭 - libusb_release_interface(handle, INTERFACE_NUMBER); - libusb_close(handle); - libusb_exit(NULL); - - return EXIT_SUCCESS; -}