45 lines
1.1 KiB
C
45 lines
1.1 KiB
C
#include <linux/module.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/usbdevice_fs.h>
|
|
#include <linux/kprobes.h>
|
|
#include <linux/sched.h>
|
|
|
|
MODULE_LICENSE("GPL");
|
|
MODULE_AUTHOR("Leo");
|
|
MODULE_DESCRIPTION("Hook USBDEVFS_SUBMITURB ioctl on arm64");
|
|
|
|
static struct kprobe kp;
|
|
|
|
static int handler_pre(struct kprobe *p, struct pt_regs *regs)
|
|
{
|
|
unsigned int cmd = 0;
|
|
|
|
cmd = (unsigned int)regs->regs[1]; // ioctl 的第二个参数
|
|
|
|
if (cmd == USBDEVFS_SUBMITURB) {
|
|
pr_info("[usbFilter] process: %s, pid: %d, called USBDEVFS_SUBMITURB ioctl\n", current->comm, current->pid);
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
static int __init usb_hook_init(void)
|
|
{
|
|
kp.symbol_name = "usbdev_do_ioctl";
|
|
kp.pre_handler = handler_pre;
|
|
|
|
if (register_kprobe(&kp) < 0) {
|
|
pr_err("[usbFilter] register_kprobe failed\n");
|
|
return -1;
|
|
}
|
|
pr_info("[usbFilter] kprobe registered for %s\n", kp.symbol_name);
|
|
return 0;
|
|
}
|
|
|
|
static void __exit usb_hook_exit(void)
|
|
{
|
|
unregister_kprobe(&kp);
|
|
pr_info("[usbFilter] kprobe unregistered\n");
|
|
}
|
|
|
|
module_init(usb_hook_init);
|
|
module_exit(usb_hook_exit); |