initial commit of libusbMod module for hooking USBDEVFS_SUBMITURB ioctl

2025-05-31 16:24:11 +08:00 · 2025-05-31 16:24:11 +08:00 · c77316a0f2
commit c77316a0f2
2 changed files with 55 additions and 0 deletions
--- a/10
+++ b/10
@ -0,0 +1,10 @@
+obj-m += libusbMod.o
+
+KDIR := /lib/modules/$(shell uname -r)/build
+PWD  := $(shell pwd)
+
+all:
+	make -C $(KDIR) M=$(PWD) modules
+
+clean:
+	make -C $(KDIR) M=$(PWD) clean
--- a/libusbMod.c
+++ b/libusbMod.c
@ -0,0 +1,45 @@
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/usbdevice_fs.h>
+#include <linux/kprobes.h>
+#include <linux/sched.h>
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Leo");
+MODULE_DESCRIPTION("Hook USBDEVFS_SUBMITURB ioctl on arm64");
+
+static struct kprobe kp;
+
+static int handler_pre(struct kprobe *p, struct pt_regs *regs)
+{
+    unsigned int cmd = 0;
+
+    cmd = (unsigned int)regs->regs[1]; // ioctl 的第二个参数
+
+    if (cmd == USBDEVFS_SUBMITURB) {
+        pr_info("[usbFilter] process: %s, pid: %d, called USBDEVFS_SUBMITURB ioctl\n", current->comm, current->pid);
+    }
+    return 0;
+}
+
+static int __init usb_hook_init(void)
+{
+    kp.symbol_name = "usbdev_do_ioctl";
+    kp.pre_handler = handler_pre;
+
+    if (register_kprobe(&kp) < 0) {
+        pr_err("[usbFilter] register_kprobe failed\n");
+        return -1;
+    }
+    pr_info("[usbFilter] kprobe registered for %s\n", kp.symbol_name);
+    return 0;
+}
+
+static void __exit usb_hook_exit(void)
+{
+    unregister_kprobe(&kp);
+    pr_info("[usbFilter] kprobe unregistered\n");
+}
+
+module_init(usb_hook_init);
+module_exit(usb_hook_exit);